• Politics
  • Diversity, equity and inclusion
  • Financial Decision Making
  • Telehealth
  • Patient Experience
  • Leadership
  • Point of Care Tools
  • Product Solutions
  • Management
  • Technology
  • Healthcare Transformation
  • Data + Technology
  • Safer Hospitals
  • Business
  • Providers in Practice
  • Mergers and Acquisitions
  • AI & Data Analytics
  • Cybersecurity
  • Interoperability & EHRs
  • Medical Devices
  • Pop Health Tech
  • Precision Medicine
  • Virtual Care
  • Health equity

Data Breaches on the Rise: How Healthcare Organizations Can Protect Against Medical Identity Theft

Article

Fraud can jeopardize patient safety.

prevent medical identity theft,safeguard medical records,healthcare identity theft,hca news,healthcare analytics news

Data breaches are almost becoming commonplace. Last year, the number of U.S. data breach incidents hit a new record high of 1,579, exposing nearly 158 million Social Security numbers. More than 27% targeted healthcare, according to the Identity Theft Resource Center (ITRC). While the rise in healthcare organizations experiencing data breaches hasn’t been proven to have directly caused the spike in medical identity theft, the correlation in these statistics’ growth certainly indicates a trend.

>> LISTEN: A New Kind of Warfare

The payout for criminals ensures that medical identity theft will not go away anytime soon. Medical information is worth 10 times more than a credit card number on the black market, and unfortunately health system cybersecurity is, like in many other industries, inadequate. Moreover, medical identity theft takes one of the longest amounts of time to detect compared to other types of fraud. Many people do not realize they have fallen victim to medical identity fraud until a collection agency starts calling them or the default appears on their credit reports.

The effects of medical identity theft can be damaging. The most common issue victims experience is being billed by a medical provider for services the fraudster received. If left uncaught, the financial impact can be significant. According to the Ponemon Institute, out-of-pocket cost to victims is $13,500 on average; though, for some medical identity fraud victims, expenses can be even more significant as there are currently no legal or regulatory consumer protections in place that limit the financial liabilities for this specific type of fraud.

Other common outcomes include being denied health insurance or benefits and discovering another person’s information mixed in with the victim’s legitimate records. This last outcome is arguably the most dangerous because inaccurate health records, such as allergies, blood type, or health conditions can lead to a patient receiving the wrong type of medical care. For example, if an individual’s medical record showed a person had a different blood type than they actually did, the results could be deadly.

Given the potential damage to patients’ finances and health, it is critical that healthcare organizations implement cybersecurity best practices, including training their employees on identifying phishing attempts and data protection processes. Often, organizations spend a lot of time and money on technology safeguards but neglect to invest equally in their biggest potential vulnerability: their employees. In addition to training employees on recognizing potential scam emails, it is critical to train them on protecting patients’ health information including:

  • Keeping digital files instead of physical ones whenever possible
  • Safeguarding paper files with as much vigilance as digital ones
  • Collecting only the information they need
  • Shredding any physical documents they no longer need

Additionally, with the rise in data breaches, it is important for healthcare organizations to take preventative steps to help mitigate the fallout if their patients do fall victim to medical identity theft. The most helpful resource healthcare organizations could have available to them is full-service medical identity theft and fraud resolution. Research shows that on average, it takes a victim of identity theft anywhere from 7 to 40 hours to resolve their case. The complexity of their cases can cause that amount of time to be even longer. Furthermore, if the case isn’t resolved properly, the results could be devastating. For this reason, it’s critical patients have access to dedicated experts who can help them resolve this major issue, with compassion and patience.

A full-service medical identity theft and fraud resolution would help not only lessen the impact to the patient affected, but also hopefully lessen any negative impacts on customer retention for the organization, should a breach cause the fraud. Offering to help customers in their hour of need can help build loyalty between a healthcare organization and its customers. Full-service medical identity theft and fraud resolution should include services that address prevention, monitoring, alerts, and resolution—all critical elements of identity protection best practice.

While today’s cyberworld is fraught with danger, there are steps that healthcare organizations can take to prevent medical identity theft. Simple tactics from safeguarding paper and digital files to installing a more comprehensive medical identity protection service can be effective tools in the continued fight against medical identity theft.

Paige Schaffer is president and chief operating officer of Generali Global Assistance’s Identity and Digital Protection Services Global Unit. She is an expert in cybersecurity, data breaches, and all related issues.

Get the best insights in healthcare analytics directly to your inbox.

Related

WannaCry, NotPetya, and Cyberwarfare's Threat to Healthcare

3 Things That Healthcare Must Understand About Cybersecurity

Is Blockchain the Answer to Healthcare's Cybersecurity Concerns?

Related Videos
Image: Ron Southwick, Chief Healthcare Executive
John Glaser
Shereef Elnahal, MD
Related Content
Image credit: ©Lightfield Studios - stock.adobe.com

Change Healthcare cyberattack: Many Americans could be affected, hospitals still hurting

April 24th 2024
Article

UnitedHealth Group says it could take months to identify all those impacted. The data breach is posing headaches for hospitals.

The rise of third party cyberattacks in healthcare | Data Book podcast

The rise of third party cyberattacks in healthcare | Data Book podcast

March 11th 2024
Podcast

Dan Dodson, the CEO of Fortified Health Security, talks about the risks to hospitals, AI in attacks and defense, and what health systems can do to protect themselves.

Image credit: ©Pierrette Guertin

Lawmakers express frustrations over Change Healthcare cyberattack

April 17th 2024
Article

At a hearing in Washington, House members posed many questions in the attack that has hurt hospitals, physician practices and providers of all kinds.

Assessing progress toward interoperability in healthcare | Data Book podcast

Assessing progress toward interoperability in healthcare | Data Book podcast

February 6th 2024
Podcast

John Blair, CEO of MedAllies, talks about the strides that have been made, the work that must be done, and the hopes for TEFCA to make interoperability a reality.

Image credit: ©Framestock - stock.adobe.com

Change Healthcare cyberattack continues to affect doctors: ‘Practices will close’

April 15th 2024
Article

Physician practices, along with hospitals and health systems, have taken a serious financial hit from the Change Healthcare cyberattack.

Image: Ron Southwick, Chief Healthcare Executive

Change Healthcare cyberattack: Lawsuits emerge, and more are coming

April 5th 2024
Article

Several suits have already been filed and others are expected due to the ransomware attack that has affected hospitals and providers nationwide.

© 2024 MJH Life Sciences

All rights reserved.