Don’t let chronic (breach) fatigue syndrome get you down

Now is the time to raise and maintain vigilance over the threat of medical identity theft

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Crim­i­nal cyber attacks on health care infor­ma­tion repos­i­to­ries have increased 125 per­cent since 2010. With the announce­ment of the Excel­lus breach last week, the total num­ber of big-head­line med­ical infor­ma­tion com­pro­mis­es report­ed in 2015 (such as Anthem, Pre­mera, Care­first) had crossed the mind-blow­ing demar­ca­tion line of 100 mil­lion files.

Adam Levin, chairman and co-founder of and IDT911
Adam Levin, chair­man and co-founder of and IDT911

The Excel­lus breach exposed the names of clients as well as their dates of birth, Social Secu­ri­ty num­bers, mail­ing address­es, tele­phone num­bers, mem­ber iden­ti­fi­ca­tion num­bers, finan­cial account infor­ma­tion and claim infor­ma­tion. In terms of the type of infor­ma­tion com­pro­mised and the amount of it, this most recent mega med­ical infor­ma­tion breach, esti­mat­ed to affect as many as 10 mil­lion con­sumers, was neg­li­gi­bly small­er than the Pre­mera com­pro­mise, which exposed 11 mil­lion records. Yet it received nowhere near the same amount of media attention.

The rea­son is some­thing called breach fatigue. Sure, news of the Excel­lus breach was a lead sto­ry, but if you think about it for a moment, was it the first thing peo­ple brought up at the prover­bial water cool­er the day the news broke? Prob­a­bly not.

Here’s why the Excel­lus breach should have had tongues wagging:

• Accord­ing to the Iden­ti­ty Theft Resource Cen­ter, the medical/health care sec­tor account­ed for the high­est per­cent­age of breach­es in 2014 at 42.5 percent.

• As dis­cussed in my forth­com­ing book, Swiped, med­ical iden­ti­ty theft can be life-threat­en­ing. When your per­son­al­ly iden­ti­fi­able infor­ma­tion is used by anoth­er per­son to acquire health care, your med­ical his­to­ry is lit­er­al­ly con­t­a­m­i­nat­ed with the PII, and hence the med­ical infor­ma­tion, of anoth­er per­son. If that min­gling of data results in the removal of an aller­gy or a change of blood type, the result could put your life in jeopardy.

• If some­one gains unau­tho­rized access to your health insur­ance, you could find your­self in a quag­mire should you suf­fer from the same ail­ment as the thief and require a par­tic­u­lar treat­ment or med­ical pro­ce­dure. Con­sid­er how seri­ous that could be if the pro­ce­dure you need (and can’t get because it’s already been per­formed on the imposter) hap­pens to be some­thing like bypass surgery, ampu­ta­tion, can­cer treat­ment or any oth­er major intervention.

While you think back to the day the Excel­lus news broke—there was the talk about the floods in Japan, refugees in Europe, the U.S. Open, the upcom­ing third episode of “Fear the Walk­ing Dead”—I’m guess­ing the num­ber of times that par­tic­u­lar breach came up was low to nil. That’s fine. We’re not talk­ing about breach fatigue per se. The real issue is that we need to raise and main­tain aware­ness of the threat.

While you reflect upon the nondis­cus­sions about last week’s Excel­lus news, con­sid­er how a per­son might reply to a “Howya doing?” greet­ing at the water cool­er after learn­ing that they have become the vic­tim of med­ical iden­ti­ty theft. Most like­ly, they would say some­thing about it. And dol­lars to dough­nuts, they would say they were in a wak­ing nightmare.

Been bit by the med­ical ID theft zombie?

Med­ical iden­ti­ty theft is hard to detect, and many peo­ple still alarm­ing­ly do not under­stand that it’s a real and present danger.

In the first episode of the new AMC show, “Fear the Walk­ing Dead,” it takes a while for Los Ange­lenos to under­stand what’s hap­pen­ing, i.e., that the zom­bie apoc­a­lypse has begun. We are in a sim­i­lar sit­u­a­tion with med­ical iden­ti­ty theft, but in the real-world ver­sion, with vig­i­lance on your part, you can bet­ter pro­tect yourself.

Here are the tell­tale signs you’ve been infected

1. There is an error on your med­ical file. While this can hap­pen in the usu­al way—even doc­tors make mistakes—it could sig­nal trou­ble. TIP: Many doc­tors pro­vide online access to your med­ical records. If yours does, take advan­tage of it and make sure the infor­ma­tion there is accu­rate. If you can­not access your file, ask your doc­tor to read it to you.

sh_medical files_7502. You receive phish­ing emails that refer to your health care provider or billing that require per­son­al­ly iden­ti­fi­able infor­ma­tion to learn more. TIP: Always look up and call the main num­ber of any enti­ty that requests per­son­al­ly iden­ti­fi­able infor­ma­tion. Only authen­ti­cate your­self when you are in con­trol of the vir­tu­al or tele­phon­ic conversation.

3. You get one-ring phone calls. TIP: If you do not rec­og­nize the num­ber, let it go to voice­mail. Some fraud­sters call your phone num­ber after pur­chas­ing your infor­ma­tion on the black mar­ket to see if your num­ber works (i.e., your file is worth try­ing to exploit). Nev­er return a one-ring call to ascer­tain who called, because these also can be scams that trig­ger a charge on your phone bill.

4. Your Expla­na­tion of Ben­e­fits lists a doc­tor vis­it you didn’t make or a pre­scrip­tion that wasn’t issued to you. TIP: Read all your mail from health care providers, mak­ing sure that there is noth­ing in the cor­re­spon­dence that could point to fraud. If you sus­pect your infor­ma­tion has been used, call your health care provider immediately.

5. You are con­tact­ed by a debt col­lec­tor regard­ing your fail­ure to pay in a time­ly man­ner a doc­tor, lab­o­ra­to­ry or med­ical facil­i­ty. TIP: Demand that the debt col­lec­tor pro­vide the details with­in five days and imme­di­ate­ly con­tact the med­ical provider and your insurer.

6. Your cred­it score takes a sud­den dive due to a med­ical col­lec­tion that mys­te­ri­ous­ly appears on your cred­it report. TIP: You can get a free annu­al cred­it report from each of the three major cred­it report­ing agen­cies (or more fre­quent­ly, depend­ing on the state where you reside). Sched­ule time to check those reports for any sus­pi­cious items, like col­lec­tion accounts that might not real­ly belong to you. You also can get a free overview of your cred­it and two free cred­it scores from, updat­ed month­ly so you can watch for impor­tant changes.

While we may not be look­ing at a med­ical iden­ti­ty theft “apoc­a­lypse” a la the zom­bie shows, movies and comics, med­ical iden­ti­ty theft can def­i­nite­ly feel apoc­a­lyp­tic when you’re the vic­tim. Pro­tect your­self, know the warn­ing signs, and you just might stand a chance.

Full dis­clo­sure: IDT911 spon­sors Third­Cer­tain­ty. This sto­ry orig­i­nat­ed as an Op/Ed con­tri­bu­tion to and does not nec­es­sar­i­ly rep­re­sent the views of the com­pa­ny or its partners.

Adam Levin is chair­man and co-founder of and Iden­ti­ty Theft 911. His expe­ri­ence as for­mer direc­tor of the New Jer­sey Divi­sion of Con­sumer Affairs gives him unique insight into con­sumer pri­va­cy, leg­is­la­tion and finan­cial advo­ca­cy. He is a nation­al­ly rec­og­nized expert on iden­ti­ty theft and credit.

More on iden­ti­ty theft:
Iden­ti­ty Theft: What You Need to Know
3 Dumb Things You Can Do With Email
How Can You Tell If Your Iden­ti­ty Has Been Stolen?