A quick overview of data breaches from the healthcare industry in March 2020 reveals 26 security incidents added to the Health Insurance Portability and Accountability Act (HIPAA) Breach Reporting Tool.
The HIPPA Breach notification Rule“requires covered entities to notify patients when their unsecured protected heath information (PHI) is impermissibly used or disclosed—or “breached,”—in a way that compromises the privacy and security of the PHI”.
The portal lists security incidents under investigation that involve the exposure of personal health information (PHI) affecting 500 or more individuals.
Out of the 26 data breaches, 13 are due to hacking or other IT incidents, affecting 338,334 individuals. Other noteworthy data breach causes are theft, loss and unauthorized access or disclosure of information, impacting 44,592 individuals.
What is PHI?
Personal health information can be collected or created by your healthcare provider, employer, healthcare plan provider or other healthcare entities. Basically, any medical record or data entry that can identify an individual is considered PHI. For example:
• Name, physical address, phone number and email address
• Medical Insurance or Social Security number
• Any information about beneficiaries
• Financial details including account number
• Medical devices and serial number of associated devices
• Biometric data such as DNA, retinal, finger or voice prints
• Images that show identifying characteristic
• Any diagnostic images including X-rays
How can criminals capitalize on stolen PHI?
Medical records are highly desired on the dark web, and can sell for as much as $1,000, depending on how much information they provide on victims. Cyber thieves can use stolen healthcare records in a variety of illegal schemes.
• Medical identity theft – criminals can assume a victim’s identity to make fake medical claims, steal their insurance or forge prescriptions and drug labels
• Extortion – using the stolen health information, bad actors can demand payment for not revealing compromising or damaging information
• Tax return fraud and opening new lines of credit – using personal identifiable information such as Social Security numbers, names and address, fraudsters can file tax return sheets in your name and lower your credit score by opening new accounts.
What are the signs of medical identity theft?
The risk of falling victim to medical identity theft might not have crossed your mind until now. We know that criminals are in search of fast ways to profit from stolen data. However, it’s crucial to remember that your medical records include more than your lab work and test results.
Nobody wants to be denied medical assistance or have legal problems due to fraudulent schemes. Here’s a list of the most common signs of medical identity theft:
• You’re not receiving your medical bills
• Debt collectors are contacting you for medical bills you allegedly owe
• You receive a notice from your health plan provider stating that you have reached your benefits limit
• Medical records show a condition you do not have or you are denied insurance
• You’re denied a new line of credit
Always read your medical insurance statement thoroughly and pay attention to any mismatch. Notify your health care provider of any mistakes and report any fraudulent charges to your local authorities immediately.