Friday, June 15, 2012

Nationwide Study on Medical Identity Theft


I read an article today about a study commissioned by Nationwide Insurance and conducted by Harris Interactive.  The topic of the study was the question of medical identity theft. The results only confirm what I have seen for the past 10 years or so. The public still does not understand that Identity theft in the medical field occurs.

The survey conducted by telephone, of only of people with health insurance, showed that 1 out of 6 (15%) respondents stated that they knew about Medical identity theft. When asked only 38%, of those who said they knew what medical identity theft was, were able to define it.

The depth of medical identity theft is growing each year. In 2010 there were 1.5 million persons victimized to a tune of $30 Billion dollars. The damage is clearly felt in the higher costs of medical services and insurance. The worse news is that there is no real solution in sight.

The various forms of medical identity theft manifest different problems and concerns. We have all heard the warning about what will happen should someone receives the wrong blood because of mixed files. So how about the victim who is denied medical equipment because his or her information was used by imposter to scam Medicare. There is the victim who has to defend himself in a court of law because of collection actions resulting from medical services provided to the thief. There is the problem of the medical issues of the imposter affecting the livelihood of the victim. There certain medical conditions that when reported make the wheels spin regardless of any other information. Imagine losing your pilot license when you are a flight school owner and training instructor.

I don’t want to be the voice in the wilderness calling out the danger but how much more will the medical system take before it collapses under the barrage of fraud?




Cyber Data Breaches What Is Coming

The news for the last few days has talked about the Linked-in and the E-harmony password breaches as though it was a super threat. In the realm of data breaches you need to understand the issue. What is breached and what information is exposed. If I have your password I can get into your account right? What if I don’t know your login ID? If all I have is your password I may not be able to do much unless there is a way to identify you or the account. If I can identify you, I can contact you to scam you out of additional information to commit my crimes. If I can identify the account then I can login and take over the account. The type of account will determine the damage that I can create.

When there is a breach of date the concern is three fold.

1.       Was the information enough to supply me with the data I need to create new accounts?

2.       Was there enough information to allow me to sucker you into giving up more information?

3.       Was it enough for me to take over the account and drain it, max it out or use it to scam others?

When a company has a data breach and does not clearly indicate what was exposed it leaves the recipients to try and guess what to do. It also leaves the company somewhat exposed to legal reprisals. The time frame in a breach should be discovery, investigation, informed notice, and then proceed with your business. The investigation should involve law enforcement and they should be called before any repair or system fixes are started. The notice needs to be clear and concise and complete. The better these steps are done the better for all involved.