Medical ID Theft Spreads

  /     /     /  
Publicated : 22/11/2024   Category : security


Medical ID Theft Spreads


1.8 million Americans have been victims of medical identity fraud -- including some from their own family members -- new report finds



Identity theft isnt just credit- and debit-card account or Social Security number theft anymore: Cybercriminals are targeting health insurance and other personal information to peddle or execute medical fraud for surgeries, prescription drugs, and medical equipment. A new report published Thursday shows how quickly this medical identity theft is growing, with 1.84 million Americans falling victim to this form of fraud.
Medical identity theft is costly -- victims paid $12 billion out of pocket last year -- and it can be literally lethal, according to a new report by The Ponemon Group. Medical identity theft is contributing significantly to the high costs of health care, says Robin Slade, development coordinator for the Medical Identity Fraud Alliance, which, along with ID Experts, commissioned the report. With financial fraud, you recover most of the losses incurred. But medical identity theft has the potential to impede medical treatment and to potentially kill you. The fraud causes your medical records to be contaminated by the medical information of the perpetrator. And very few consumers are aware of it.
Some 15 percent of medical ID theft victims say the fraud resulted in a misdiagnosis; 13 percent, an inaccurate treatment; 14 percent, a delay in treatment; and 11 percent, the wrong prescription drugs. Half of those patients say those issues have not been resolved, according to the report.
Some 313,000 new cases of medical ID theft were reported last year, and those were only the ones on record: Security experts say many arent reported. So-called family fraud factors into the equation here as well, says Larry Ponemon, chairman and founder of The Ponemon Institute.
Some 30 percent of the respondents say they have allowed a family member to use their personal IDs to receive medical treatment, health care products, or pharmaceuticals, and more than one-fifth of them dont know how many times they have done so. Nearly half of all medical ID fraud victims say they know who stole their identities but didnt want to report the perpetrators. And many dont realize its illegal.
It might be for a family member or friend suffering and who needs emergency care and is not insured, so they hand it over [their insurance card], and its used to steal [services], Ponemon says. The family fraud issue is a very troubling finding.
The report underlines one of the big problems with medical ID theft: a lack of understanding of just what constitutes fraud, as well as the growing value of medical information. Blue Cross/Blue Shield Association, AARP, the Identity Theft Resource Center, the Consumer Federation of America, the National Healthcare Anti-Fraud Association, and ID Experts last month co-founded the public-private Medical Identity Fraud Alliance to help fight medical identity theft. MIFA aims to unite key players and establish solutions and best practices, as well as educate consumers on how to empower themselves to protect their health information.
[Medical Identity Fraud Alliance debut a sign of the times as attackers set sights on valuable patient insurance and other health records. See
New Consortium Formed To Cure Rise In Medical ID Fraud
.]
Medical ID theft can take several forms: It can be the result of family fraud, a health care providers online data breach, or physical theft of equipment storing the information, such as
the break-in last month
at an administrative office of the largest health system in Illinois, Advocate Medical Group, where thieves stole four unencrypted computers that contained Social Security numbers, health insurance, and other personal information of 4.03 million patients.
Most victims dont know how their medical information was exposed, Ponemon says. A large segment of folks don t know how it happened, he says.
Some 56 percent of the victims say they lost confidence in their health care provider in the wake of the fraud experience, and 57 percent say they would drop their providers if they were unable to protect their medical records. But most consumers dont do much to protect their medical information: Fifty-four percent say they dont check their health records because they dont know how to do so and are relying on their health care provider to take care of it, and 52 percent say they didnt report medical claims that appeared inaccurate.
Dan Nutkis, founder and CEO of the Health Information Trust Alliance (HITRUST), says health care organizations increasingly are being targeted by cybercriminals for both financial and medical information. Theres no question about it: Theres been an uptick in healthcare [providers] being targeted, Nutkis says.
Attackers are placing and selling backdoors or other malware onto health care organizations systems for other bad guys to steal information. They have planted backdoors in health care organizations so they can sell access, Nutkis says.
Alex Balan, head of product management at BullGuard, which offers an online identity protection service for consumers, points to a data dump a few months ago that included victim names, dates of birth, addresses, height, weight, full credit card account information, insurance information, and even the type of cars they drove. There were 20 to 30 columns for each individual [entry], Balan says. It was enough information to begin to assume someones identity.
Social engineering can provide a treasure trove of medical information for fraudsters, he says. If youre trying to get services from a medical institution or a hospital, you need to know the entire scripts on what youre going to be asked, and what credentials [you will need, for example], he says.
The full Ponemon 2013 Survey on Medical Identity Theft is available
here
for download.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Medical ID Theft Spreads