Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Health data breaches could be expensive and deadly

Maria Korolov | Feb. 11, 2015
Health-related data breaches could be expensive and life-threatening.

doctor holding scalpel 78805804

Healthcare-related data breaches could not only be expensive, but also life-threatening, experts say, and traditional credit monitoring provides little protection.

"Credit monitoring for a breach of your identity data, medical or not, is like handing out umbrellas in a tornado," said Alisdair Faulkner, chief products officer at San Jose, Calif.-based ThreatMetrix.

"If I'm a criminal, I can either try to apply for a credit card with a limit of a few thousand dollars, or I can use your identity to access or bill for healthcare worth hundreds of thousands of dollars. How long until we see people being bankrupt by procedures they didn't have, or doctors making the wrong call in a medical emergency due to false medical history?"

According to a 2013 Ponemon study, the most recent available, 1.8 million Americans or their close family members fell victim to medical identity theft, and 36 percent of them faced significant out-of-pocket expenses as a result.

For example, some wound up having to pay full price for medical services or medicines because their medical insurance lapsed, or pay for costs incurred by fraudsters. The average cost? $18,660.

But that's not even the worst thing that could happen.

"If someone gets your medical identity, and uses that to get medical goods, services, prescriptions -- everything they do goes on your personal health record," said Bob Gregg, CEO at Portland, Ore.-based ID Experts, which provides medical identity monitoring services.

Then, the next time you're unconscious in the emergency room, the doctor won't just see your medical history, but that of the fraudsters as well.

"Suddenly, all your preexisting conditions are incorrect," he said. "Allergies, drug interactions."

Claudia Gere, an author consultant based in Massachusetts, was one of the 80 million affected by the recent Anthem breach. She said that learning of the breach made her feel vulnerable and scared.

"When I need to get medication in an emergency and I find that my account has been closed for lack of payment or whatever reason... I think I would be able to dispute the charges," she said.

If it took three months to sort things out, she said, she'd be able to cover her current medications out-of-pocket.

"But for a lot of people, it could be more than an inconvenience," she said. "It could be life threatening."

According to Anthem, the data stolen includes names, dates of birth, member ID and social security numbers, addresses, phone numbers, email addresses and employment information.

"That data could definitely be used for billing fraud," said Andrew Hicks, healthcare practice Lead at Denver-based Coalfire Labs.

In fact, medical identity information is significantly more valuable than credit card numbers or social security numbers alone. According to the World Privacy Forum, the former has a street value of around $50 -- compared to a street value of $1 for the latter.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.