Last year, medical identity theft increased 22% as more U.S. patient health data becomes electronic. While it is easier for doctors and other medical professionals to readily access patient data, the process is also making it easier for cyber criminals to hack into doctors’ offices, hospitals, and insurance companies for personal information.
Medical Identity Theft
In 2014, more than 500,000 people were victimized by medical identity theft frauds and hacks. Those who gained access to the data then proceeded to use it for insurance fraud, free medical care, and other health-related illegal activities. According to the Ponemon Institute, resolving each incident of fraud costs around $13,500 in expenses. In almost twenty percent of the cases, the victims found additional or erroneous medical information added to their records by an imposter. Things like positive drug tests and other damaging information cost some victims job opportunities and caused other significant issues.
As healthcare hacking continues, the number of victims of medical identity theft are expected to rise. Already this year, insurance company Anthem, Inc. had their systems hacked and as many as 80 million clients had their medical information stolen. Medical data has become an incredibly popular target for cyber criminals because it will sell ten times as fast on the black market.
Electronic Medical Files
The Ponemon Institute saw an increase in the number of medical identity theft cases after the use of electronic medical records became more commonplace in 2012. In many cases of medical identity theft, a person’s medical history and records can be purchased for around $50 to $100. This is usually purchased by a person who does not have medical insurance and needs care. The records almost always include the name, social security number, birthdate, and other important medical information that is needed to get treated by a medical professional.
The bill from the fraudulent care is then sent to the victim’s insurance company, and the victim is on the hook for any unpaid expenses, deductibles, or services that were not covered by the insurance. In other cases, the criminals set up a fraudulent company and bill the insurance companies for services that were never provided to the person with the stolen identity.
Cost of Medical Identity Theft
Not only does it cost thousands of dollars per case to settle issues of medical identity theft, but on average it takes around 200 hours to resolve each case. Another issue is that the healthcare industry is less savvy about how to deal with cyber criminals, unlike the financial industry that has been fighting identity thieves for years. “The industry is aware of cyber threats and vulnerabilities but it is a little bit newer to them compared to retail or financial services.” As a result, researchers agree that medical identity theft will continue to increase in frequency as well as severity as more companies and medical care facilities place their clients’ and patients’ medical records in digital form.