Northwell Health, the largest private employer in the state, is attacked unsuccessfully millions of times each month by computer programs and programmers looking for a way into their system, said John Bosco, the company’s senior vice president and chief information officer.

Northwell is hardly unique.

Health systems have for some time been favorite targets for bad actors looking to steal patients’ personal information, and, increasingly, for ransom attacks that offer to restore files only after financial demands are met.

“It’s getting worse all the time,” Bosco said. “[Attacks] are getting more sophisticated and more frequent. Right now, they feel like they are at a peak.”

Click here to read the full article.

April 14, 2016 By Dan Goldberg and Addy Baird, Politico New York

Henry Ford Health System is taking far-reaching steps to block insidious cybersecurity threats against Internet of Things technologies and medical devices.

IoT and medical devices – well known to be soft spots in terms of privacy and security – are particularly tricky because most manufacturers have not yet incorporated robust security features into them.

“Organizations must examine if they have their clinical engineering department positioned correctly,” said chief information privacy and security officer Meredith Phillips. “Do they fit this department with IT or with facilities? We are at the beginning of that journey at Henry Ford. We have taken steps others are just considering.”

The big step started a year and a half ago when Henry Ford realigned internally to move the clinical engineering department – people and all the devices – out of operations and facilities and into the IT shop.

Every medical device has an IT component, and at Henry Ford Health approximately 80 percent of these devices handle or store some kind of health data.

“So we are ensuring medical devices are running across the most secure connection, are updated with patch management, and are part of our IT scope,” Phillips explained.

Click here to read the full article.

April 8, 2016 by Bill Siwicki, Healthcare IT News

Meredith Phillips, chief information privacy & security officer at Henry Ford Health System in Michigan, was presented the PHI Hero Award at the 2016 PHI Protection Network Conference in Philadelphia last week.

Phillips was recognized for building a culture of privacy and security across all departments and developing an innovative approach to data breach response. The first step toward a more nimble response to data breaches was the establishment of a new Information Privacy Office (IPO), which has approximately 60 employees, with an expanded scope to include all confidential data. Rather than individuals at separate facilities managing privacy, the new centralized IPO structure ensures consistency and allows the organization to respond more rapidly to new regulations.

Phillips recently became president of the board at the Medical Identity Fraud Alliance, which provides leadership, education and awareness to drive the development of best-in-class technologies and influences changes to regulation, regarding personally identifiable information and protected health information (PHI). She also became the chair of the Michigan Healthcare Cybersecurity Council, an independent public-private partnership whose mission is to protect the critical healthcare infrastructure in the State of Michigan and to mature and advance the state of cybersecurity preparedness across the healthcare industry in Michigan.

In accepting the award, Phillips described some of the challenges she has faced at Henry Ford and how she has learned from them. She said getting senior-level executives to embrace change is critical.

Click here to read the full article.

March 22, 2016 by David Raths, Healthcare Informatics

PHILADELPHIA — March 3, 2016 — Rising cyber risks and new threats to healthcare data require new approaches to safeguard protected health information (PHI). At the forefront of new privacy and security approaches is Meredith Phillips, CHC, CHPC, HCISPP, ITIL, chief information privacy & security officer at Henry Ford Health System, who will be presented with the PHI Hero Award at the 2016 PHI Protection Network Conference, taking place March 17-18, 2016 in Philadelphia. Attendees will hear from state and federal agencies and practicing security and privacy professionals about what organizations can do to manage the new data threats and address the rise in cyber-crime.

At the fourth annual 2016 PHI Protection Network Conference, Meredith Phillips, CHC, CHPC, HCISPP, ITIL, will be honored for her commitment to and outstanding work in privacy and security at Henry Ford Health System. There, she has built a culture of privacy and security across all departments and is a leading example of how other organizations can do the same. Meredith’s passion for protecting people and their health information spans her 22-year career. As chief information privacy & security officer at Henry Ford Health System, she is a strategic leader with solid processes and goals, an eye for technology and regulatory requirements, an innovative approach to data breach response, and most notably, her work to unify the entire organization and adopt a culture of privacy and security.

Based in Detroit, the Henry Ford Health System is one of Michigan’s anchor institutions and is comprised of hospitals, medical centers, and one of the nation’s largest group practices. Meredith recently became president of the board at the Medical Identity Fraud Alliance (MIFA). MIFA provides leadership, education and awareness to drive the development of best-in-class technologies and influences changes to regulation, policies and law regarding Personally Identifiable Information (PII) and Protected Health Information (PHI). Meredith also became the chair of the Michigan Healthcare Cybersecurity Council (MiHCC). MiHCC is an independent public-private partnership whose mission is to protect the critical healthcare infrastructure in the State of Michigan and to mature and advance the state of cybersecurity preparedness across the healthcare industry in Michigan.

Click here to read the full press announcement.

March 3, 2016 by ID Experts, PHI Protection Network

The 11Alive Investigators discovered it’s up to you to clear those bad medical bills, and that could take months of frustrating work.

“I was just shocked,” Cathy James told 11Alive Chief Investigator Brendan Keefe. “What we thought was going to take a week at most to fix, took five months.”

Cathy James showed Keefe the hospital bill for her husband’s MRI of the spine. But her husband wasn’t at Northside Hospital on that date. He was 40 miles away, and the family was on the hook for the $1500 deductible for a stranger’s MRI.

​“It’s not ours,” James said. “I don’t have $1500 to pay you. I can’t pay you. Somebody needs to fix this and make it right and find out what actually happened.”

She said Northside Hospital insisted her husband had the procedure. The family immediately called the Forsyth County Sheriff’s Office.

The police report says Mr. James “was out of town” and it “appears that his I.D. and insurance information were used to receive a medical procedure” and the hospital “had not taken any I.D.”

“I asked the lady behind the counter, ‘Just out of curiosity do you have to have a photo I.D.? If someone comes in for a procedure and they don’t have a photo I.D., will you still preform the procedure?’ She said yes. They don’t have to have a photo I.D., they don’t have to have an insurance card,” James said.

Northside Hospital told the 11Alive Investigators: “We always ask for identification. However, there are legal requirements that prevent us from refusing patient care on the basis patients have no identification.”

Eighty million Americans were exposed to a massive data breach when Anthem Inc., the nation’s second-largest insurance company, became a victim of a “very sophisticated” cyber attack. And last month, the health information of another 150,000 Georgians was lost by a state contractor that has six missing hard drives. With rising medical costs, there’s a huge incentive for a thief to use someone else’s insurance to bypass paying for co-pays and deductibles.

According to a study published last year by ID Experts, 65 percent of medical identity theft victims has to pay an average of $13,500 to resolve their case. Even if you do avoid becoming a victim of fraud, so called “keystroke errors” are among the top medical mistakes in both treatment and billing.

Click here to watch the news clip and read the full article.

February 29, 2016 By Brendan Keefe, 11Alive Atlanta WXIA NBC

If someone uses your information to make purchases, open new accounts, or get a tax refund, that’s identity theft. Recovering from identity theft often takes time and persistence. New features at IdentityTheft.gov make it easier to report and recover from identity theft.

When you use IdentityTheft.gov to report a problem, you’ll get a personal recovery plan that:

• walks you through each recovery step
• tracks your progress and adapts to your changing situation
• pre-fills letters and forms for you.

Check out this new video to see how it works.

No matter what your specific identity theft situation is, IdentityTheft.gov can help. The website has information — and recovery plans — for more than 30 types of identity theft, including child identity theft and tax-related identity theft.

IdentityTheft.gov is also available in Spanish at RobodeIdentidad.gov.

Click here to read the full article.

January 28, 2016 By Nicole Fleming, Federal Trade Commission

January 28, 2016

For the first time, identity theft victims can now go online and get a free, personalized identity theft recovery plan as a result of significant enhancements to the Federal Trade Commission’s IdentityTheft.gov website.

The new one-stop website is integrated with the FTC’s consumer complaint system, allowing consumers who are victims of identity theft to rapidly file a complaint with the FTC and then get a personalized guide to recovery that helps streamline many of the steps involved.

The upgraded site, which is mobile and tablet accessible, offers an array of easy-to-use tools, that enables identity theft victims to create the documents they need to alert police, the main credit bureaus and the IRS among others.

“Millions of Americans have been victims of identity theft, and until now, there has not been a single site where they can quickly file an official complaint and then get real, personalized help,” said FTC Chairwoman Edith Ramirez. “The FTC’s new IdentityTheft.gov website empowers consumers to fight back faster and more effectively against identity thieves.”

The updated website provides a range of new features designed to make the recovery process as easy as possible for consumers. It now walks consumers through a simplified step-by-step checklist that is tailored to the specific type of identity theft they are facing. The advice consumers receive is not generic, but instead customized for their individual needs.

When a consumer initiates a response plan through IdentityTheft.gov, the site will automatically generate affidavits and pre-fill letters and forms to be sent to credit bureaus, businesses, police, debt collectors and the IRS. Should a consumer’s recovery run into issues, the site will suggest alternative approaches. Once a consumer completes their initial report on the site, they will receive follow up e-mails and can return to their personalized plan online to continue the recovery process.

IdentityTheft.gov is also available in Spanish at RobodeIdentidad.gov, and allows Spanish-speaking consumers to view the automatically generated letters and other documents in Spanish, but print them in English for sending to the relevant recipients.

The FTC has produced a short video explaining how IdentityTheft.gov works for consumers.

Click here to read the full press announcement.

January 28, 2016 By The Federal Trade Commission

IDology, a software vendor enabling providers and insurers to validate the identity of a person not physically present, recently joined the Medical Identity Fraud Alliance, bringing the number of stakeholder and association members to 43 a little more than two years after formation.

John Dancu, CEO at IDology, says he recently became aware of MIFA and wants the company to be part of the collaborative association.

“When you share best practices and fraud trends, it makes the customer stronger,” Dancu notes. Further, making sure a customer is legitimate brings a positive experience to the customer and the healthcare organization, he adds. Idology’s healthcare business has grown quickly in the past three years as the industry awakens to the need for better tools to combat medical identity theft, he says.

Collaboration is the focus of MIFA, says Ann Patterson, senior vice president. “Collaboration and information sharing will be key to moving the industry forward. We need to work together as an industry if we are ever to get ahead of the bad guys. They are good at what they do and we need to get just as good.”

Currently, there remains a general lack of awareness among consumers, providers and policymakers on the threat of medical identity theft, Patterson believes. MIFA does not yet have a lobbying staff but could in the future, she says. But while the association does not push for or against certain policy proposals, it does educate lawmakers and regulators and also has relationships with law enforcement agencies.

Click here to read the full article.

January 21, 2016 By Joseph Goedert, Health Data Management

IDology, a leader in multi-layered identity verification and fraud prevention solutions for the customer-not-present environment, today announced they have joined Medical Identity Fraud Alliance (MIFA) as a member to help build a multi-faceted strategy of awareness, prevention, detection and remediation in the healthcare fraud ecosystem.

Medical identity theft and fraud constitute a major societal problem exerting pressure on our healthcare and financial ecosystems. Membership in MIFA is dedicated to building focused and direct prevention and resolution mechanisms. MIFA manages the impact of medical identity theft through stakeholder-coordinated research, increasing education and awareness, developing focused tools and procedures, promoting best-in-class strategies, technologies and practices and influencing government regulations, policies and laws.

“If there is one thing we guard more than our financial information, it is our healthcare privacy,” said John Dancu, chief executive officer of IDology. “There is a significant increase in value of protected health information (PHI) because of its use by highly-sophisticated fraudsters. By being a member of MIFA, we are able to collaborate with other healthcare industry leaders in efforts to prevent healthcare fraud and financial loss for both our customers in the healthcare industry and their patients and employees,” said Dancu.

“Helping organizations protect against fraud within the healthcare space has been a top priority for IDology,” said Ann Patterson, senior vice president of MIFA. “With this collaboration, we are not only strengthening our member base, but we are building a strategic relationship that helps reduce fraud and medical identity theft while being an advocate for protecting patient privacy. MIFA is dedicated to helping its members better protect their organizations and consumers from medical identity theft and the resulting fraud. By working together with our members and strategic partners, we have the ability to take action on a number of pertinent issues facing the healthcare industry today – from regulatory and compliance matters to legislative affairs. The interaction and sharing of information between members are the strongest tools that will help MIFA to slow the expansion of medical identity fraud,” said Patterson.

For more information about MIFA and/or membership information, visit http://medidfraud.org/.

To learn more about IDology’s identity solutions for the healthcare industry, visit https://www.idology.com/healthcare/identity-for-the-healthcare-industry.

Click here to read the full announcement.

January 16, 2016 By IDology

You’re cautious about protecting debit and credit card information, but what about your health insurance information? If you share details about medical procedures on social media, toss letters from the insurance company in the trash or hand over your Social Security number at the doctor’s office, you could be putting your identity—and your health—at risk.

Fraudsters want your medical information to commit medical identity theft.

Your personal data can be used to receive medical care, purchase goods like diabetes test strips or crutches or access prescription drugs. In some cases, crime rings use insurance information to defraud healthcare organizations.

“There are so many different ways to exploit your medical identity,” says Ann Patterson, program director for the Medical Identity Fraud Alliance, a nonprofit advocacy group working to raise awareness about the crime.

Medical identity theft is the fastest growing form of ID theft. More than 2.3 million Americans were victims in 2014—a number that has more than doubled since 2010.

When your medical identity is stolen, there are both financial and health implications.

While victims of credit card fraud are afforded protections through card issuers, victims of medical identity theft may be liable to healthcare providers and insurers for charges incurred through the fraudulent use of their medical identities (and legal fees to resolve the incident and prevent future fraud). In fact, 65 percent of victims spent an average of $13,500 to resolve the crime.

Medical identity theft can damage your credit or lead to higher insurance premiums and, in extreme cases, loss of insurance coverage. The health risks are even more alarming.

“Medical identity theft creates multiple identities commingled into a single file with your name on it,” Patterson says. “It can lead to misdiagnoses, mistreatment or a delay in care.”

A doctor accessing your electronic medical records could use the fraudster’s medical history, including information about blood type and drug allergies, to coordinate your care.

“The scariest thing about medical identity theft is that it puts your physical health in jeopardy,” says Eva Velasquez, president and CEO of the Identity Theft Resource Center.

Click here to read the full article in the online version of Arrive magazine.

By Jodi Helmer, January/February 2016, Arrive Magazine, Amtrak