A Guide to Medical Identity Theft Prevention

With the arrival of COVID-19, the healthcare industry drew a lot of attention, not just from governments, media, and the public, but also from criminals. This increased prominence has led to a rising trend of data breaches.

The year 2020 saw an overwhelming number of cyberattacks targeting the industry. From healthcare providers to insurers and pharmaceutical giants, many have faced the voluminous effects of data theft. The ransomware attack on the top healthcare provider Magellan Health, for instance, reportedly affected nearly 1.7 million individuals. These attacks on data could leave the medical sector with costly and time-consuming consequences, having to deal with compensation, fines, and expensive updates to their IT systems.

Now, the impact of these medical data breaches on individuals could lead to even more alarming repercussions. And the effects of a single breach can last for years. One of the most common occurrences resulting from such a data breach is medical identity theft. Although prevalent, it still hasn’t drawn much media attention, leaving many individuals with little knowledge of protecting themselves from its threats. So, in this guide, we’ll address some of the most common questions that crop up about this unique type of identity theft.

What is medical identity theft?

This is when a criminal uses your personal information to get some form of medical service that only you are entitled to benefit from. For instance, it could include medical treatments, tests, prescribed medication, or even a medical insurance claim.

Can someone access my medical records without my permission?

While healthcare providers, both public and private, take strict measures to protect patient records, there are many ways your medical data could leak without your knowledge. For example, a hacking attack on a healthcare database could leak medical records together with other identifiable information. Health Share of Oregon, Florida Orthopaedic Institute, and BJC Health System have all faced security breaches that compromised the data of hundreds of thousands of patients during 2020.

But that’s not all, even insider attacks could leave your medical records at risk. For instance, some healthcare employees with access to patient databases could copy and sell them on the dark web. They could even file fraudulent medical insurance claims using your personal records.

What other types of information could place me at risk of medical identity theft?

This type of theft mainly stems from breached personal identifiable information, better known as PII. These can include your full name, date of birth, and social security number.

But nowadays, criminals are increasingly creative and can make use of various forms of data to commit medical identity theft. Recently, taking selfies with COVID-19 vaccine cards and posting on Instagram became a growing concern for lawmakers and enforcers because of the potential threats it could pose. Vaccine cards could reveal your name, date of birth, and other important medical details, which a fraudster could use for various purposes. So, even an innocent post on social media might provide them with enough ammunition to target you for medical identity theft.

How can medical identity theft affect me?

Often, a criminal could use up your medical benefits, leaving you to pay out of your pocket for treatments you require in the future. But the financial impact of medical identity theft could be even more damaging. For instance, you could be left with unpaid medical bills under your name, which could cause a dent in your credit report once they reach a collection agency. Identifying and reversing these could take significant time and effort.

And when a criminal uses your name to seek medical treatments, their records will also appear under your name. This could cause severe confusion when it comes to treating you for a critical health condition one day.

How could I know whether I’ve become a victim?

Although not always easy to identify, several telltale signs of medical identity theft could raise a red flag. You could often find an unusual medical bill arriving by post or appearing on the statement sent by your medical insurance provider. Or you might receive a call from a healthcare provider or even a collection agency about an overdue medical payment.

Sometimes, your medical insurer might refuse a benefit or inform you that you’ve reached the annual benefit limit. All these are common signs that you’ve become a victim of medical identity fraud.

How can I protect myself from medical identity theft?

Protecting your data is the single most critical strategy to avoid medical identity theft. Now, bear in mind that there’s nothing much you can do about a data breach at your healthcare provider or insurer. But there are plenty of steps you can take to secure the data within your control. Some essential preventative measures include:

  • Setting up a reputed virus guard for personal devices like laptops and smartphones.
  • Keeping your medical records and government-issued identification documents in a safe location.
  • Adopting strict data sharing practices both online and in-person.
  • Protecting social media accounts by removing consent for data collection.
  • Avoid storing digital files containing personal data on your regular devices.

What should I do if I become a victim?

The best course of action will depend on the scale and type of impact. But regardless, you need to keep the Federal Trade Commission (FTC) informed. They will issue an identity theft report, which you can submit to the police when lodging a complaint. The FTC will also provide a personal recovery plan to help you recover from the impact of the theft.

Contact the respective healthcare provider and medical insurer and request additional details and support for the investigation. If you suspect the medical identity theft has the potential to affect your credit standing, it’s best to inform the 3 major credit bureaus, too.

The consequences of medical identity theft are compelling and demand urgent attention. But by combining sound knowledge with a proactive approach, you can eliminate many of the obvious risks.

Enthusiastic Cybersecurity Journalist, A creative team leader, editor of privacycrypts.com.

Leave a Reply