It’s bad enough that last week, Larry Ponemon of the Ponemon Institute and Rick Kam of ID Experts wrote an op-ed going so far as to suggest that these “escalating cyberattacks threaten U.S. healthcare systems. … Imagine a hostile nation-state with your psychiatric records. Or an organized crime ring with your child’s medical file. Or a disgruntled employee with your medical insurance information.”
Indeed, if you’re an American, there’s a 1 in 3 chance your health records have already been hacked – and remember that Anthem, Premera and CareFirst almost certainly are not the only health-insurance providers to have been hacked, merely the only ones to have discovered and admitted this so far.
From a thieving hacker’s perspective, stolen medical records are much more valuable than financial records. Jim Trainor, from the FBI’s cyber security division, said this about the black-market value of various types of stolen data bought and sold by identity thieves: “Credit cards can be say five dollars or more, where [protected health information] records can go from 20 say up to — we’ve even seen $60 or $70.”
And from a victim’s perspective, medical identity theft is probably the worst kind of all. In February, when the Medical Identity Fraud Alliance (MIFA) released its Fifth Annual Study on Medical Identity Theft, the study reached some sobering conclusions: In 2014, there were more than 2 million victims of medical identity theft in the United States, almost half a million more than in 2013.
What’s worse is that, compared to other forms of identity theft, victims of medical identity theft are more likely to suffer personal financial consequences as a result.
Victims of credit card or similar forms of financial fraud are not expected to pay out of pocket to resolve the problem – but victims of medical identity theft often have to. MIFA’s report said that 65% of medical identity theft victims paid more than $13,000 to fix it, including payments to legal counsel, healthcare or health insurance providers, and identity-protection services. That’s in addition to the average of 200 hours of time the typical victim had to spend on the issue.
And today, Politico published a report explaining how the healthcare industry is finally starting to address such problems: “After spending billions to install computerized documents in hospitals and networks, it now must spend billions more to make them secure.” …