Wednesday, 19 November 2014

Protect your medical data from identity theft

By Constance Gustke, Marketwatch

Your doctor’s files could be bad for your financial health.

Hackers, notorious for stealing credit and debit-card information from stores, and other thieves are increasingly targeting medical records, which can be more valuable because they include such coveted data as Social Security numbers, birth dates, driver’s license numbers and checking-account numbers, experts say.

Medical-record data offer identity thieves one-stop shopping, says Al Pascual, senior analyst of fraud and security at Javelin Strategy & Research, a research and consulting firm in Pleasanton, Calif.

“There’s so much information that can be used in a variety of ways after it’s stolen,” he says, “such as opening a new checking account, filing fraudulent tax returns or getting a new consumer loan.”

Or even medical-identity hijacking, in which personal information is sold and used to get medical care. The theft can mean canceled insurance plans, damaged credit, misdiagnosed illnesses and unwarranted medical charges that can take over a year to fix.

Medical records typically sell on the black market for about $50 each, says Pascual. The thieves, often hackers from overseas, are rarely caught, and medical clinics and hospitals compound the problem by having poor record security and holding personal data for long periods.

This widespread problem of medical-record theft, which often targets children and the elderly, shows no signs of slowing.

The number of medical identity victims was up nearly 20% last year from 2012, the most recent data available, according to the Ponemon Institute, a research firm based in Traverse City, Mich. About 1.8 million Americans were victimized in 2013, at a cost of $12.3 billion.

One major factor behind the problem: the increasing digitization of medical records.

“Digitized records are much easier to steal than paper ones,” says Deborah Peel, a physician and founder of Patient Privacy Rights, a nonprofit advocacy group in Austin, Texas. “Once you needed a convoy to haul away records. Now all you need is a thumb drive.”

Digitized medical records can now also be stashed in millions of databases, she says, making them harder to correct because they’re in so many different locations if fraud does occur.

This summer, Community Health Systems , a hospital chain in 29 states, had its records hacked by a Chinese group that stole Social Security numbers and other data from 4.5 million patients, according to U.S. Department of Health and Human Services records.