Medical healthcare data is a precious commodity for hackers. It contains one person’s entire life from a name, date of birth, home address, medical history, social security number, and financial information. This commodity is either used for hacker’s personal purposes or sold on the black market, with million others. According to IBM Security, the average global cost of the data breach in medical identity theft is 9.8$ million. Regardless of the price, there are numerous and some life threatening risks of patient health information (PHI) being stolen.
Medical records abuse on the rise
Identity theft has become a lucrative job for hackers, and the fact that business sector is first on the list of a total number of data breaches, followed by health care medical industry with 22,6% is proof enough. Medical identity theft had a steady increase since the last year. Protenus (patient privacy monitoring company) has warned that a number of hacking medical institutions devices will continue to rise. They have discovered that only in July this year there were 36 breaches in the US and that 575,142 patient records were put at risk. Nearly half of the data breaches are done by hacking.
Patient health information contains numerous amounts of data, which are infinite gold mine waiting to be exploited for years to come. This data contains the name, date of birth, medical history records, social security number, and even a financial information. Under the assumption that victim’s records are clean and eligible, the hacker can use it numerous ways. Sell the data separately in the black market, or use it by himself.
The victims of the growing crime
Health insurance had one case where the thief abused medical card score for expensive treatments, leaving a victim with a huge amount of bills. But that’s not the only problem since victim who wants the situation resolved and their name cleared, they pay in average 13,500$ to stop the fraud.
There were testimonies of medical health care victims being accused of drug usage, being cured of the illnesses they never had, which adds another layer of troubles on top of financial problems, and that is public humiliation.
“This is a financial crime with violent crime consequences because it can affect your physical health,” says Eva Velazquez. As president and CEO of the nonprofit Identity Theft Resource Center said, abuse of victim’s medical health care can have life threatening consequences. The unsuspecting victim, unaware of having identity stolen, could be treated for an illness he or she never had. This action could have fatal ending depending on the health of the victim. Medical Identity Fraud Alliance (MIFA) has reported that 20% of the victims of medical health care identity theft have been exposed to life-threatening situations due to the wrong diagnosis.
Completely removing medical identity theft as cybercrime is impossible, health care has little to no trained staff to handle cybersecurity and identity theft risks. Doctors cannot be cyber guards of the records. Once stored data in locked-up cabinets and rooms, now should be encrypted and handled with care. Using software that is designed specifically to prevent identity theft, as well as professional staff is a one way closer to thwart the attempts of cybercriminals.
In a victim’s survey conducted by MIFA, patients claim they have been exposed to emotional exhaustion and embarrassment during the fraudulent use of their records. Most of the victims claim it took them 200 hours just to resolve the problem of medical identity theft. And 3% have announced that they lost the job and career since the theft damaged their reputation. With little invested in cyber security health care industry makes it easy for the cybercriminals to abuse sensitive data of the patients.