This week, the Medical Identity Fraud Alliance (“MIFA”) released its 2014 Fifth Annual Study on Medical Identity Theft, finding that in the last year, medical identity theft incidents increased by 21.7% from 2013. The study is annually conducted to determine the pervasiveness of medical identity theft in the United States, how it affects the lives of victims, and what steps should be taken by consumers, healthcare providers, and governments to reduce the incidence of this crime. Medical identity theft is defined by the report as occuring “when someone uses an individual’s name and personal identity to fraudulently receive medical services, prescription drugs and/or goods, including attempts to commit fraudulent billing.” In this study, medical identity theft also is deemed to occur when an individual shares his or her health insurance credentials with others.
Key takeaways from the research include:
Costly to Consumers
- 65% of medical identity theft victims had to pay an average of $13,500 to resolve an incident.
Resolution is Complicated and Time Consuming
- Victims learn about the theft of their information, on average, more than three months following the crime.
- 30% do not know when they became a victim.
- 54% found an error in their Explanation of Benefits.
- 10% reported a completely satisfactory conclusion of the incident.
- Those successful spent more than 200 hours to resolve an incident.
Possibility of Negative Reputational Impact
- 45% say medical identity theft affected their reputation mainly because of embarrassment from disclosure of sensitive personal health information, affecting 89%.
- 19% believe the theft caused missed career opportunities.
Consumers Have Expectations
- 79% feel it is important that healthcare providers ensure health record privacy, although many are not confident in their healthcare provider’s security practices.
- 48% would consider switching providers if medical records went missing.
- 40% believe prompt notification by the organization responsible for safeguarding personal information is important in the event of a breach.
The report concluded that, while of course it is not possible entirely to prevent medical identity theft, consumers and healthcare providers can mitigate its progression. On this point, the report recommends first that consumers be informed about prevention steps, including protecting their credentials, monitoring their healthcare records, and scrutinizing insurance claims for indications that identity has been compromised. Likewise, the report notes that healthcare providers and governments also must protect the personal data they collect and ensure security in order to prevent unauthorized access to medical records. The full MIFA report can be read here.
MIFA’s report only adds to a series of updates from last year, dubbed “The Year of the Data Breach,” showing that identity theft and data breaches are on the rise. Also this week, Hewlett-Packard released its 2015 Cyber Risk Report, which provides a broad view of the 2014 threat landscape and determines the following key themes: (1) attackers continue to leverage well-known techniques to compromise systems and networks; (2) server misconfiguration still is the number-one issue across all analyzed applications in this category; (3) with newer technologies come emerging attack surfaces and security challenges, such as mobile malware; (4) attackers use both old and new vulnerabilities to maintain access to systems and penetrate traditional defenses; (5) cyber-security legislation is on the horizon in both the U.S. and EU; (6) the primary causes of commonly exploited software vulnerabilities consistently are defects, bugs, and logic flaws; and (7) enterprises most successful in securing their environment use complementary protection technologies. The full Hewlett-Packard report can be accessed here.