In 2014 medical institutions and healthcare providers made up nearly a third of all data breaches, according to records from the Privacy Rights Clearinghouse.
While attacks on financial services are slightly more prevalent, consumers should be much more concerned with getting their medical insurance or health records ripped off.
In the first place, banks tend to cover consumers in instances of fraud. Someone nabs your Visa card number and uses it to buy a round-trip ticket to Kazakhstan, and you’ll easily get those charges reversed — plus the bank will issue you a new card. But even in the worst case scenario, your personal well being isn’t threatened.
Not so with medical fraud.
As the Medical Identity Fraud alliance points out in its report on medical fraud, the patient often doesn’t find out their identity has been stolen until they notice a discrepancy in their own records. For instance, a man goes into to a hospital to get treated for a back injury. Upon being X-rayed the doctor also notices that the man has a swollen lymph node, for which he prescribes penicillin. The man says he’s allergic to penicillin. The doctor asks, then why did you come into this hospital a week ago for penicillin? The man says, I didn’t come into the hospital a week ago for penicillin … you get the drift.
Now imagine that same scenario except the patient is unconscious and his/her record has been altered to remove the reference to his penicillin allergy. Now we’re talking about a scenario where the patient’s life is potentially in danger.
In addition, it can be really hard to prove that you didn’t receive the medical services indicated on your record, which can also lead to costly insurance charges.
Hot medical identities can sell for as little as $50 (.pdf), according to a report issued earlier this year by the FBI. With more and more hospitals moving to electronic health records and healthcare breaches on the rise, its hard to see how this problem won’t become more widespread in the coming year.