How does this kind of fraud happen?
As is the case with other goods purchased using a stolen card or identity, it’s fairly easy for thieves to charge unauthorized medical services to you once your personal information has been compromised. This can happen in a variety of ways, including stolen cards, personal information gleaned off the Internet or “digital pickpocketing” of information from cards using wireless technology. Once thieves have access to your social security number, address or credit card, they may be able to buy virtually anything, whether online or in person. Hospitals, online health supply providers and pharmacies are no exception. Reported charges include huge bills for medicines, copays, lab tests and even doctor and emergency room visits.

Medical identity theft is on the rise
Medical identity theft in particular is on the rise in the U.S. In fact, in its fifth annual study, the Medical Identity Theft Alliance (MIFA) reports that the number of people affected by medical identity theft increased by nearly 22% in 2014 alone. As many as 500,000 Americans find themselves in this predicament each year, and many fail to realize what has happened until too late. According to Forbes, it often takes much longer to determine that an identity has been stolen when unauthorized funds are used to purchase medical services: “medical identity victims typically learn of the fraudulent activity more than three months after a crime has been committed and 30% do not know when they became a victim.”

Medical fraud is also much more difficult to resolve than other forms of theft. For while other charges can be mitigated by working with credit card companies and banks, the medical field is very cautious regarding payments and patient information–even if you are trying to access bills under your own name incurred by somebody else. Because medical services and the resulting paperwork are safeguarded under Patient Privacy laws, it can be an enormous challenge to identify and contest unauthorized medical charges.

Click here to read the full article.

June 3, 2016 By The Identity Theft Resource Center

The crime is largely new and uncharted territory and happens when someone steals an individual’s personal information to obtain health care.

Medical Identity theft is a lot like credit card theft with one major difference.

A victim can cancel a card and freeze their credit, but they can’t cancel their medical history.

Especially in cases of a medical emergency, experts warn a compromised medical identity could be deadly.

Important information like prescription medications, pre-existing conditions and allergies, all used by doctors to make determinations about an individual’s care, can be compromised by a medical identity thief leaving victims vulnerable.

What’s worse, many victims complain the federal law intended to protect privacy known as HIPAA has made it harder for victims to get their identities back.

The federal law was designed to protect an individual’s privacy. The law also claims to reduce fraud by requiring that health care providers keep a patient’s medical records confidential.

“It is a bit of the wild west in the health care industry,” said Ann Patterson, SVP of MIFA. She works to reduce instances of medical fraud.

Patterson says hospitals and doctor’s offices are misinterpreting the law.

“Victims are entitled to their own medical records in full even if it is corrupted and has information about the thief, but there is confusion around that,” Patterson said.

Now Washington Senator Patty Murray is taking on that confusion, supporting a bill to increase education about HIPAA.

Click here to watch the full newscast and read the article.

May 27, 2016 By Danielle Leigh, NBC KING5 News

When it comes to protecting your organization’s most sensitive data, it can be easy to focus on the role of technology.

While technical controls are indeed essential, they by no means should be your only approach to ensuring data privacy. This is especially true when it comes to “visual” privacy, which is the protection of sensitive and private information shown on your display and paper form.

Threats to visual privacy are plentiful as companies’ information has become more vulnerable than ever. For starters, employees more frequently use mobile devices to access and share data. A growing number of these workers access sensitive information in public places, often in full view of others, using laptops, tablets and smartphones. There’s increased risk of data exposure inside the office too. The trend toward open-office floor plans removes physical barriers that traditionally helped shield computer screens.

Raising Awareness
Ultimately, assuring visual privacy of your data assets shown on your display is in the hands of your employees. Just dictating policies and best practices is not enough. Your employees have to understand the purpose, and it has to mean something to them personally. That’s why training programs should first aim to increase awareness among employees about the risks and ramifications of visual privacy breaches.

Specifically, companies should provide workplace-relevant examples and illustrate the potential business and human consequences that could result from a successful visual hack.

Improving Behaviors
Best practices for protecting visual privacy are too often relegated to a brief mention or bullet point during new-employee training, if they’re included at all. However, it’s important that visual privacy training be thorough enough to ensure employees understand the threats and take the appropriate actions.

For example, workers should be trained to always be aware of their surroundings. Those who work in heavy-traffic areas like emergency departments, public lobbies and guest-service desks should know to look for suspicious behaviors, such as identifying a visitor who is pointing a smartphone toward a computer screen. Workers located in restricted or employee-only areas should be mindful of the people around them exhibiting odd behaviors, whether it’s coming from a delivery person, cleaning crew member or even a fellow employee.

Keeping Visual Privacy on the Radar
A visual hacker may take one piece of information and, when added to other easily obtained information, steal someone’s identity; carry out medical or financial fraud; or even initiate a large-scale data breach. That’s why training and awareness should be ongoing priorities—not a one-time activity for new employees.

Click here to read the full article.

May 13, 2016 by Kate Borten, Healthcare Informatics

COLUMBUS, GA (WXTX)

In a February study by the Ponemon Institute – which conducts independent research on information security – 2.3 million adults had someone fraudulently using their personal health information for medical services in 2014.

That’s up 21 percent from the year before.

Think it can’t happen in Georgia or South Carolina? A woman in the Atlanta area of Kennesaw fell victim.

She did not want to go on camera. She did tell the Wall Street Journal someone used her social security number to get treatment. She found out from a collection agency.

“Once they get something like a date of birth and social security number that’s golden,” said Ann Patterson, program director of the Medical Identity Fraud Alliance or MIFA. “That lives on forever. They can perpetrate fraud forever and forever.”

MIFA is composed of companies working to prevent this type of fraud.

Patterson says personal health information or PHI sells more on the black market than traditional financial identities such as your credit card or bank account numbers, which you can close if you have to.

That’s not the case with a birthdate, social security number or your medical history.

“I can’t call the hospital and close my birthdate and get a new one. I can’t close my medical record and get a new one. My medical history is my medical history, that’s in perpetuity. My birthdate lives on forever. All of these are converging together and the criminals know this.”

Click here to watch the newscast and read the full article.

April 28, 2016 by WXTX Fox 54 News

Bryan Laskin joined 5 EYEWITNESS NEWS’ Tom Durian to talk about ways to prevent becoming a victim of the largest growing form of identity theft.

Click here to watch the newscast.

April 16, 2016 by KSTP 5 News ABC

Northwell Health, the largest private employer in the state, is attacked unsuccessfully millions of times each month by computer programs and programmers looking for a way into their system, said John Bosco, the company’s senior vice president and chief information officer.

Northwell is hardly unique.

Health systems have for some time been favorite targets for bad actors looking to steal patients’ personal information, and, increasingly, for ransom attacks that offer to restore files only after financial demands are met.

“It’s getting worse all the time,” Bosco said. “[Attacks] are getting more sophisticated and more frequent. Right now, they feel like they are at a peak.”

Click here to read the full article.

April 14, 2016 By Dan Goldberg and Addy Baird, Politico New York

Henry Ford Health System is taking far-reaching steps to block insidious cybersecurity threats against Internet of Things technologies and medical devices.

IoT and medical devices – well known to be soft spots in terms of privacy and security – are particularly tricky because most manufacturers have not yet incorporated robust security features into them.

“Organizations must examine if they have their clinical engineering department positioned correctly,” said chief information privacy and security officer Meredith Phillips. “Do they fit this department with IT or with facilities? We are at the beginning of that journey at Henry Ford. We have taken steps others are just considering.”

The big step started a year and a half ago when Henry Ford realigned internally to move the clinical engineering department – people and all the devices – out of operations and facilities and into the IT shop.

Every medical device has an IT component, and at Henry Ford Health approximately 80 percent of these devices handle or store some kind of health data.

“So we are ensuring medical devices are running across the most secure connection, are updated with patch management, and are part of our IT scope,” Phillips explained.

Click here to read the full article.

April 8, 2016 by Bill Siwicki, Healthcare IT News

Your medical records and insurance information are each made up of important details about your identity and thieves are looking for ways to get to it.

“Medical ID theft is absolutely huge because there’s so many ways you can take patient ID information and use it to get prescription drugs, they use it to commit insurance fraud so they’ll feign some type of injury or something like that and try to pocket as much money as they can,” said Dave Carattini, President of AZ Tech Works.

The Federal Trade Commission says once a thief’s information is mixed with yours, it can impact your treatment insurance records and your credit report.

Click here to read the full article and watch the newscast report.

April 4, 2016 by Stacia Naquin, KPNX NBC 12News

Recent studies show the following:

• Out of five industry categories, the medical/healthcare industry had the most data breaches in 2014 — for the third year in a row — totaling 41.5% of all security breaches last year.
• Medical identity theft has nearly doubled in the past five years, according to a 2014 study by the Medical Identity Fraud Alliance (MIFA).
• The MIFA study also found there were almost 500,000 more victims of medical identity theft in 2014 than in 2013.

Why are your dental records so valuable to data thieves? Because just one patient record contains a treasure trove of identity information that hackers can exploit, including the following:

• Full name and birth date
• Social Security and Medicare numbers
• Home and email addresses
• Names of parents and other family members
• Work and home phone numbers
• Photos, prescriptions, and more

Some dental records also include payment information, such as driver’s license, credit card, and bank account numbers. These records bring top dollar on the black market. Just one Medicare number can sell for close to $500.

6 steps

To protect your practice from hackers and avoid data theft, follow these steps:

1. Educate your staff

2. Protect mobile devices

3. Extend security policies to your business associates

4. Be wary of email

5. Keep your system software and antivirus programs up to date

6. Protect your network server

Click here to read the full article and details on protecting your patient data.

April 1, 2016 by Jonny Brennan, MD, DMD, MPH, DrBicuspid.com

Meredith Phillips, chief information privacy & security officer at Henry Ford Health System in Michigan, was presented the PHI Hero Award at the 2016 PHI Protection Network Conference in Philadelphia last week.

Phillips was recognized for building a culture of privacy and security across all departments and developing an innovative approach to data breach response. The first step toward a more nimble response to data breaches was the establishment of a new Information Privacy Office (IPO), which has approximately 60 employees, with an expanded scope to include all confidential data. Rather than individuals at separate facilities managing privacy, the new centralized IPO structure ensures consistency and allows the organization to respond more rapidly to new regulations.

Phillips recently became president of the board at the Medical Identity Fraud Alliance, which provides leadership, education and awareness to drive the development of best-in-class technologies and influences changes to regulation, regarding personally identifiable information and protected health information (PHI). She also became the chair of the Michigan Healthcare Cybersecurity Council, an independent public-private partnership whose mission is to protect the critical healthcare infrastructure in the State of Michigan and to mature and advance the state of cybersecurity preparedness across the healthcare industry in Michigan.

In accepting the award, Phillips described some of the challenges she has faced at Henry Ford and how she has learned from them. She said getting senior-level executives to embrace change is critical.

Click here to read the full article.

March 22, 2016 by David Raths, Healthcare Informatics