by Brian Thompson | Jul 20, 2022 | Breach, healthcare, Identity Theft
Do healthcare breaches and Medical ID Theft go hand in hand?
I first want to refer back to an article from about two years ago titled Telehealth Creates Creates Cyber Risks. In the article, I stated that “the COVID-19 pandemic has increased consumer risks through cyber scams and medical identity theft.”
Fast forward one year to August 4, 2021 article titled Healthcare Data Breaches Most-Common Threats to Date in 2021. The article states, “the healthcare sector is once again in the top position as the most breached economic sector” and “healthcare has been at or near the top of the (data breach) chart since at least 2017.”
And again this year, we have seen the trend continue. Hackers hit health companies, insurers with increasing regularity – Inside
But Why Medical Records?
A primary reason ID theft criminals and cyber thieves target healthcare providers is the Electronic Health Record or EHR. EHR is the collection of patient information into a digital record. EHRs significantly improve administrative efficiency and medical proficiency through shared networks and exchanges.
A typical EHR includes
- medical history,
- medications,
- allergies,
- immunizations,
- laboratory test results,
- and radiology images.
Your EHR also includes your
- billing information such as personal information (e.g. date of birth, home address, and Social Security Number),
- insurance information,
- and financial information (e.g. credit card number).
Unfortunately, ID theft criminals and cyber thieves are mostly interested in your personal, insurance, and billing information. For this fact alone, healthcare data breaches continue to be “in the top position as the most breached economic sector.”
Things to Think About
Every health insurance plan you have ever had has your and your family’s Social Security Number (SSN). Almost every healthcare provider (such as a doctor of medicine or osteopathy, podiatrist, dentist, chiropractor, clinical psychologist, optometrist, nurse practitioner, nurse-midwife, or clinical social worker) that you or a family member have been to has your Social Security Number.
So back to the title of this article – Do healthcare breaches and Medical ID Theft go hand in hand? – the answer is a resounding YES based on the Personal Health Information or PHI that is collected, stored, and transferred through your Electronic Health Record.
To make matters worse, this article titled Organization Wide PHI Access is Commonplace at Most Healthcare Orgs reported that “nearly 20 percent of (PHI) files were open to every employee at a given healthcare organization starting on their first day of employment, pointing to troubling data security issues and poor PHI access controls.”
Based on the fact that cyber thieves are stealing healthcare data and are finding new ways to monetize phishing (fraudulent emails), vishing (fraudulent phone calls and voice mail messages) and smishing (fraudulent text messages), consumers need to pay attention to data breach news in general and healthcare data breach news in particular.
To conclude, consumers can also reduce their risk of medical identity theft by safeguarding their health insurance cards, and regularly reviewing credit reports, medical benefit explanations, medical bills, and prescription bills.
by Brian Thompson | Jun 29, 2022 | Breach, Identity Theft
Whether you are a consumer or a small-business owner Identity Theft should be top of mind. Protect yourself and your business by using these 10 tips to reduce your risk of identity theft.
First, what is Breach Fatigue or Alarm Fatigue?
Alarm fatigue is when we get desensitized to safety alerts and as a result, ignore or fail to respond appropriately to warnings. Breach Fatigue however is more specific. It’s when small business owners and consumers start to ignore the headlines of identity theft and data breaches. Fatigue desensitizes both business owners and consumers to be less likely to proactively protect themselves against the risks of identity theft.
Be proactive and prepared with these 10 Tips
Being proactive and prepared can reduce your exposure to the risks of identity theft.
Personal privacy
- Be more vigilant and hands-on with your personal-privacy settings. Also, be aware that most apps lack basic security defenses and create some sort of privacy issue.
- Stop ignoring terms and conditions. Read, understand, and use privacy settings and be diligent about your social networking. Beware of fake accounts unless you want to be a partner in your own identity theft.
- Protect your vehicle documents as if they were cash and regularly check for unusual activities after purchasing a vehicle.
- Read and understand the privacy policies of every organization you have a relationship with. Know how your information is protected, saved, analyzed, sold, and/or disclosed.
Identity theft
- Synthetic identity theft and fraud is an emerging threat. Check your credit-bureau report quarterly at no cost through annualcreditreport.com.
- No password is “unbreakable”. Do not make it easy for identity theft criminals by using weak passwords, or the same passwords.
- The best defense against phishing is to be aware that it happens every day. Assume you are being “phished” until you verify the source of an unexpected e-mail or call.
Cybersecurity
- Businesses need to understand that a data breach is inevitable. Your business profits, brand, and reputation depend on your data-breach response plan.
- Create a data breach response plan to safeguard your business against insider threats. Conduct pre-employment background screening, regularly test your business and information-security access controls, and regularly review your data retention policy.
- Cyber insurance may be a good option to help your business minimize today’s cyber-risks. Work with your insurance broker to determine your cyber-risks and the best coverage for your organization.
“the best defense is a good offense”. This strategic principle used in business, sports, and military combat for years and is very relevant for this discussion.
Protect yourself and your business by using these 10 tips to reduce your risk of identity theft. Because being proactive instead of having a passive attitude (e.g., breach fatigue) will help both small business owners and consumers be better prepared against everyday threats.
By Mark Pribish
Practice Leader, Identity Theft and Data Breach Services
by Brian Thompson | Jun 23, 2022 | Identity Theft
Here is a story of a stolen check – ID Theft, how they found out about it, and what they did.
Sally and her husband were living in student housing in Chicago. She was supporting both of them at the time when a personal check was stolen. Because they were living in an apartment run by the university, all rent payments had to come out of her husband’s bank account. This led to a complicated financial situation. At the time money transfers were more complicated so Sally would have to write her husband a check through the bank and have it sent to them by mail. But, this time the check included rent and a portion of their tax return and it never got to them.
How Sally Found Out
Sally followed up with the bank to cancel her check. The bank indicated that they couldn’t do it because it had already been cashed. The bank provided an image of the check and someone else had signed her husband’s name to the check.
What She Did About It
To be able to afford their monthly rent payment while sorting out the stolen money situation, Sally opened a credit card through her bank and borrowed cash from her credit line. To recover the stolen cash, she filed a police report with her local precinct.
Sally told them everything that happened, but because it was clear that the check had been stolen from a mailbox, they said it wasn’t under their jurisdiction — and they had to fill out a report with the postal police instead. They filled out multiple reports with the postal police, but they never got back to us. Luckily, the bank accepted my screenshots of the report. As long as it was documented with legal authority, they felt it was fine. About a month later, the funds were restored to Sally’s bank account.
Sally and her husband are lucky, this scenario rarely ever works out for the victim without the guidance of a trained recovery advocate.
Stay safe, click carefully and watch for scams because a Stolen Check – Identity Theft incident is a horrible experience.
by Brian Thompson | Jun 15, 2022 | Uncategorized
All identity theft is illegal, YES, but what do they mean when they say Employee Criminal identity theft? Unfortunately, it is not just some fictional story played out in the movie “Identity Thief”. If you have not seen this movie, I highly recommend it. Jason Bateman has his identity stolen by Melissa McCarthy and as you can imagine the comedic duo battle throughout the movie…very funny!
What is employee criminal identity theft?
Employee Criminal identity Theft typically occurs when an identity thief gives an employee’s name or personal information during an arrest or investigation. They may use a stolen driver’s license or other identification in the employee’s name or simply use the name and information of a friend or relative without showing any identification. The employee’s data is then added to the state’s criminal database and potentially the national database.
Most victims don’t even know about it until much later until something else happens. Most will find out when a job or loan applications involves a background check, or they get pulled over and find out they have a bench warrant.
Unfortunately it is difficult to prevent and difficult to fix. As an employee, it is their responsibility to clear their name. Employees will need to with law enforcement and court personnel to correct the false reporting on the local, state, and federal level.
Warning signs
An employee may be a victim of criminal identity theft if:
- They get arrested and don’t know why
- Are denied for promotion after background check
- Get fired after background check
- They don’t get hired after background check
- Receive a ticket for a car or property they don’t own or in unfamiliar places
What if it happens to you as an employee?
Here are three tips to follow if it happens to you:
- Talk to law enforcement. If any of the above warning signs apply to you it is time to contact the authorities. You should ask your employer or loan officer about the areas of concern and where they occurred. You can file a report about the incident and offer any personal information that would help clear your name/identity in comparison to the criminal.
- Keep Documentation. Once you have proven your innocence, ask law enforcement to provide you with a “certificate of release”. Keep this letter with you in the event you need it in the future. Not all databases are updated immediately and this will help to clear you in any unfortunate future situations.
- States Attorney General. Contact your state and determine if they offer special help for identity theft. This can be useful if your state has addressed identity theft in the court system.
Although criminal identity theft is less prevalent than other types of fraud it is certainly something we all need to be aware of. So next time someone asks, What is Criminal Identity Theft, we can help explain.
Lower employee risk of Criminal Identity Theft with our defend-id services – and get a dedicated recovery expert if your identity ever becomes compromised. defend-id monitors criminal data records for employee reporting and will alert your employee as soon as it is detected.
Stay safe, click carefully and protect your data!
by Brian Thompson | Jun 8, 2022 | Identity Theft
