Don’t let chronic (breach) fatigue syndrome get you down
Now is the time to raise and maintain vigilance over the threat of medical identity theft
By Adam Levin, Special to ThirdCertainty
Criminal cyber attacks on health care information repositories have increased 125 percent since 2010. With the announcement of the Excellus breach last week, the total number of big-headline medical information compromises reported in 2015 (such as Anthem, Premera, Carefirst) had crossed the mind-blowing demarcation line of 100 million files.
The Excellus breach exposed the names of clients as well as their dates of birth, Social Security numbers, mailing addresses, telephone numbers, member identification numbers, financial account information and claim information. In terms of the type of information compromised and the amount of it, this most recent mega medical information breach, estimated to affect as many as 10 million consumers, was negligibly smaller than the Premera compromise, which exposed 11 million records. Yet it received nowhere near the same amount of media attention.
The reason is something called breach fatigue. Sure, news of the Excellus breach was a lead story, but if you think about it for a moment, was it the first thing people brought up at the proverbial water cooler the day the news broke? Probably not.
Here’s why the Excellus breach should have had tongues wagging:
• According to the Identity Theft Resource Center, the medical/health care sector accounted for the highest percentage of breaches in 2014 at 42.5 percent.
• As discussed in my forthcoming book, Swiped, medical identity theft can be life-threatening. When your personally identifiable information is used by another person to acquire health care, your medical history is literally contaminated with the PII, and hence the medical information, of another person. If that mingling of data results in the removal of an allergy or a change of blood type, the result could put your life in jeopardy.
• If someone gains unauthorized access to your health insurance, you could find yourself in a quagmire should you suffer from the same ailment as the thief and require a particular treatment or medical procedure. Consider how serious that could be if the procedure you need (and can’t get because it’s already been performed on the imposter) happens to be something like bypass surgery, amputation, cancer treatment or any other major intervention.
While you think back to the day the Excellus news broke—there was the talk about the floods in Japan, refugees in Europe, the U.S. Open, the upcoming third episode of “Fear the Walking Dead”—I’m guessing the number of times that particular breach came up was low to nil. That’s fine. We’re not talking about breach fatigue per se. The real issue is that we need to raise and maintain awareness of the threat.
While you reflect upon the nondiscussions about last week’s Excellus news, consider how a person might reply to a “Howya doing?” greeting at the water cooler after learning that they have become the victim of medical identity theft. Most likely, they would say something about it. And dollars to doughnuts, they would say they were in a waking nightmare.
Been bit by the medical ID theft zombie?
Medical identity theft is hard to detect, and many people still alarmingly do not understand that it’s a real and present danger.
In the first episode of the new AMC show, “Fear the Walking Dead,” it takes a while for Los Angelenos to understand what’s happening, i.e., that the zombie apocalypse has begun. We are in a similar situation with medical identity theft, but in the real-world version, with vigilance on your part, you can better protect yourself.
Here are the telltale signs you’ve been infected
1. There is an error on your medical file. While this can happen in the usual way—even doctors make mistakes—it could signal trouble. TIP: Many doctors provide online access to your medical records. If yours does, take advantage of it and make sure the information there is accurate. If you cannot access your file, ask your doctor to read it to you.
2. You receive phishing emails that refer to your health care provider or billing that require personally identifiable information to learn more. TIP: Always look up and call the main number of any entity that requests personally identifiable information. Only authenticate yourself when you are in control of the virtual or telephonic conversation.
3. You get one-ring phone calls. TIP: If you do not recognize the number, let it go to voicemail. Some fraudsters call your phone number after purchasing your information on the black market to see if your number works (i.e., your file is worth trying to exploit). Never return a one-ring call to ascertain who called, because these also can be scams that trigger a charge on your phone bill.
4. Your Explanation of Benefits lists a doctor visit you didn’t make or a prescription that wasn’t issued to you. TIP: Read all your mail from health care providers, making sure that there is nothing in the correspondence that could point to fraud. If you suspect your information has been used, call your health care provider immediately.
5. You are contacted by a debt collector regarding your failure to pay in a timely manner a doctor, laboratory or medical facility. TIP: Demand that the debt collector provide the details within five days and immediately contact the medical provider and your insurer.
6. Your credit score takes a sudden dive due to a medical collection that mysteriously appears on your credit report. TIP: You can get a free annual credit report from each of the three major credit reporting agencies (or more frequently, depending on the state where you reside). Schedule time to check those reports for any suspicious items, like collection accounts that might not really belong to you. You also can get a free overview of your credit and two free credit scores from Credit.com, updated monthly so you can watch for important changes.
While we may not be looking at a medical identity theft “apocalypse” a la the zombie shows, movies and comics, medical identity theft can definitely feel apocalyptic when you’re the victim. Protect yourself, know the warning signs, and you just might stand a chance.
Full disclosure: IDT911 sponsors ThirdCertainty. This story originated as an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.
Adam Levin is chairman and co-founder of Credit.com and Identity Theft 911. His experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit.