Understanding Medical Data Breaches
Medical data breaches are constantly in the news. According to iHealthBeat.org 1 in 10 U.S. residents have been impacted by a medical data breach. It is highly likely that millions of African-Americans have been the victim of a medical data breach and probably don’t know it. The sad news is that this has become common.
We need to understand a few things about data breaches. First, what is a data breach? What kind of data breaches are there? How many people are affected and how do you fight back if you think your data has been compromised.
Put simply a data breach is an incident where sensitive, protected or confidential information has been exposed, stolen or utilized by unauthorized individuals often to commit some type of crime.
What kind of data breaches are there? Data breaches may expose personal health information (PHI) this is a medical data breach. Personally identifiable information (PII) is information that, on its own or combined with other information can be used to identify, contact, or locate a person, or identify an individual in context. Finally there is a data breach that exposes trade secrets or intellectual property. This usually affects businesses and sometimes falls known as industrial espionage.
Medical data breaches often involve massive numbers of people and personal information records. Here are the largest medical data breaches so far this year. Look carefully, your insurance company may be on the list.
- CareFirst BlueCross BlueShield 1.1 million data records.
- UCLA Health Systems 4.5 million data records.
- Excellus BlueCross Blue Shield 10.5 million data records.
- Premera BlueCross Blue Shield 11.2 million data records.
- Anthem BlueCross BlueShield 80 million data records.
Keep in mind that medical insurance companies are not alone when it comes to data breaches. Hospitals and health service providers are a prime target for medical data hackers. The HIPAA Act covers most medical facilities. HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The law is intended to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information and help the healthcare industry control administrative costs.
According to Datapipe.com these are the largest HIPAA data breaches of 2014.
- Community Health Systems, 198 hospitals in 29 states, 4.5 millions data records compromised.
- Xerox State Healthcare, Medicaid systems management, 2 millon records compromised.
- Sutherland Healthcare Solutions, medical contractor, 342,000 records compromised.
- Touchstone Medical Imaging, diagnostic medical imaging, 300,000 records compormised.
- Indian Health Service, federal health program for native and Alaskan Indians, 200,000 records compromised.
- NRAD Medical Associates, multi-specialty medical practice, 100,000 records compromised.
According to a report released by KPMG 81 percent of health insurance providers and hospitals have had a data breach. The survey revealed,
- 15 percent of healthcare organizations have no one whose sole responsibility is information security.
- 23 percent do not have a security operations center to identify and evaluate threats.
- 55 percent say they have a hard time staffing their organization.
Why is medical data so valuable? Medical records are ten times more valuable to hackers than your credit cards.
Your medical information is a gold mine. You probably have medical information spread over several doctor’s offices, medical services and hospitals including your dentist, pharmacy and physical therapist. These records contain information such as your Social Security number, address and phone number, email, next of kin information, phone numbers, information about your children or spouse, payment information, insurance information, and much more.
Hackers use stolen medical and insurance data to create fake IDs, buy medical equipment or drugs that they can re-sell and file fraudulent claims with insurance providers. Hackers also have more time to use stolen data to commit fraud because medical identity theft is not immediately apparent. And mostly because these records are easy targets. According to the KMPG report hospitals and medical insururance companies are poor protectors of your information. According to the security firm Symantec health care providers saw a 72 percent increase in cyberattacks from 2013 to 2014, Health care companies are required by law to publicly disclose big health data breaches. There were more than 270 such disclosures in the last two years.
So how can African-Americans avoid the theft of their medical information?
- If your wallet is lost or stolen, make sure your insurer(s) are notified along with your financial institutions.
- Carefully examine all medical bills and insurance statements you receive. Look for fees from health care providers you do not recognize or statements describing benefits paid out for services you did not obtain.
- Consider an identity protection service which will help you detect most kinds of identity theft, including medical, much earlier than you might on your own and assist you through the fraud resolution process if your information is stolen.
- Always be alert to strange phone calls or emails from people asking medical questions or insurance questions, especially if you do not know the company.
- Alert your caregivers of any suspicious calls or activity regarding your care.
- Keep a close watch on your credit and banking resources. Alert you financial institutions of any suspicious or fraudulent activity.
- Take full advantage of credit monitoring services if offered.
The loss of medical data can have a devasating personal impact. An unlucky victim may have their medical insurance coverage cancelled or suspended due to fraudulent claims. Insurance premiums may skyrocket. Others may have their identity stolen completely. Changes, intentional or accidental, to medical records could result in mis-diagnosis or mis-treatment of illnesses. Pay attention to data breach notifications. The African American Cyber Report is an excellent source for the latest breach notifications.
Know you know