Over 140,000,000 Americans’ Health Information Disclosed in Data Breaches

Rick Kam | ID Experts | August 10, 2015

Almost half of Americans’ sensitive health information have been disclosed in data breaches increasing their risk of medical identity theft and medical fraud. Medical identity theft is the worst possible outcome for consumers affected by a breach of health information according to an article in the Wall Street Journal this weekend.  Over the past four years, there have been a number of high profile data breaches in the healthcare sector that disclosed sensitive personal information - SSNs, Date of Birth, Account numbers, etc.  Almost all of these incidents also included health insurance information and patient medical data - protected health information (PHI).  This year Nevada, Oregon, Rhode Island, and Connecticut recently updated their consumer notification laws to expand their definition of sensitive personal data to include PHI...

Credit monitoring has become the de facto consumer remedy, regardless of the type of data disclosed.  There is a big problem with this “one size fits all” remedy.  Credit monitoring is designed to help consumers detect changes to their credit file.  It can indicate that an identity thief opened new credit cards, bank accounts, loans, or is using the victim’s identity to get a job.  Credit monitoring doesn’t do a good job of detecting medical identity theft - a thief using your health insurance information to obtain prescriptions, medical services, or selling it to cyber criminals who commit Medicaid or Medicare fraud.  In fact, in a recent settlement this year with the states Attorneys General, the three credit bureaus agreed to delay adding medical bills to a consumer file for 180 days, making credit monitoring even less effective as an early detection tool for medical identity theft...