MEDICAL RECORDS HACKING IS SICKENING
Yes, believe it or not, your medical records are worth 10 times what your banking information is in the black market part of cyberspace. How do I know? I could tell you but I’d have to kill you. Just kidding.At first, it just doesn’t sound right. After all, people have been robbing banks for as long as banks have existed. Who would want to steal your medical records?
“The only reason to buy that data is so they can fraudulently bill,” Marc Probst, chief information officer of Intermountain Healthcare in Salt Lake City, told Reuters.
You see, when hackers have your bank account information, they can (and do) siphon funds out of your accounts, and they can take out loans in your name. It can run to the tens thousands. With false medical billing, it can approach the millions. One of the main reasons? Bank fraud is spotted much more quickly. Many whose medical records are hacked don’t notice for months. That means that unlike a bank that will cancel a card at the drop of a hat, medical information has a longer shelf life.
“The kind of identity theft that is on the table here is qualitatively and quantitatively different than what is typically possible when you lose your credit card or Social Security number,” said Pam Dixon, executive director of the World Privacy Forum.
With your medical records, cyberthieves can bill insurers for expensive treatments that never happen, they can get access to prescription drugs, and they can purchase medical equipment for resale without footing the bill themselves. The Medical Identity Fraud Alliance figures fraud cost America’s medical program for the elderly and disabled more than $6 billion in the last two years.
In a rather typical 2013 case, a patient learned that his records at a major hospital chain were compromised after he started receiving bills related to a heart procedure he had not undergone. His credentials were also used to buy a mobility scooter and several pieces of medical equipment, racking up tens of thousands of dollars in total fraud. It can cost as much as $13,500 to fix things.
Worse, healthcare computer systems are among the easiest to break into. “Healthcare providers and hospitals are just some of the easiest networks to break into,” said Jeff Horne, vice president at cybersecurity firm Accuvant, which is majority-owned by private equity firm Blackstone Group. “When I’ve looked at hospitals, and when I’ve talked to other people inside of a breach, they are using very old legacy systems — Windows systems that are 10 plus years old that have not seen a patch.”
Well, if you were a hospital administrator, how would you spend the money? A new computer network or two new kidney machines?
But the real scary part of this comes when you are in a medical crisis and you get to the emergency room only to discover that loads of prescription drugs you don’t take have been prescribed for you. In the middle of a heart attack, are you going to argue with the ER doctor that you don’t take X, Y and Z? And if you do, is he going to risk his license by listening to you? If you are a teetotaler and need a new liver, how will the organ donor committee view a prescription for Antabuse, which is given to alcoholics to make them sick when they drink booze as a deterrent, that turned up in your history?
James Christiansen, vice president of Accuvant, suggested a few things you can to do protect yourself: “Review your medical records and Explanation of Benefits frequently for anomalies. Look for billing errors and signs of prescriptions or tests that you never had. To assist in identifying bogus charges, request copies of your medical records from your doctor or hospital. If you notice any problems, alert your healthcare provider and insurance company. Keep an eye on your credit report, because unpaid medical bills can affect your credit rating, even if they resulted from someone else using your medical information.”