Criminals are stealing health records to obtain prescriptions or treatment in victims’ names.

WHEN PAULA KOTZEN learned at her doctor’s office that hacker s had at tacked medical records in Marin County, it was like déjà vu. “This would probably be the third kind of privacy breach I’ve experienced this year,” says the retired small business owner, who lives in Marin’s Santa Venetia neighborhood.

In prior incidents, Kotzen has received notices that her debit or credit card numbers were stolen by hackers. Strangers have used her credit card numbers to make purchases. But last summer’s attack — in which hackers froze and demanded ransom for the systems of a service provider of Marin General Hospital and other local medical offices — was the first she’d heard about the growing problem of medical record security breaches. It worries her.

“My medications are in there. My correspondence with physicians,” she says. “I certainly don’t want to get in a snafu with Medicare, which might take me a hundred years to unravel.”

In other attacks all over the United States, criminals are stealing health records to obtain prescriptions or treatment in victims’ names, sometimes resulting in unfamiliar bills landing in victims’ mailboxes. Consequences for those affected can range from inconvenience to criminal charges — for example, people have been charged with drug crimes when others used their identity to obtain large amounts of prescription painkillers. Medical ID theft can even endanger someone’s life if it leads to the alteration of medical records: for instance, removing a penicillin allergy from the file.

One reason that medical records are increasingly being targeted is that retailers and banks have been shoring up security, making it harder for criminals to steal and use credit card numbers. Nowadays, if a thief tries to use your credit card number, your bank is likely to send you a real-time alert, nipping any damage in the bud. No such centralized tracking system exists for medical visits, meaning that you might not know until years later if someone has been receiving medical treatment under your name, says Ann Patterson, program director of the Medical Identity Fraud Alliance. At the same time, more medical records are moving online, providing hackers with a new treasure trove to target.

There are a few things patients can do to prevent medical ID theft, whether their providers have been breached or not:

  • Read all mail from medical providers carefully.
  • Periodically check your medical records for accuracy.
  • Protect medical documents as you do financial documents — shred before recycling.
  • Beware of over-sharing, such as posting online about an upcoming surgery or a prescription or even entering personal information into health websites or apps.

Click here to read the full article.

By Carrie Kirby, Marin Magazine, February 2017 issue