Criminal cyber-attacks on healthcare information repositories have increased 125 percent since 2010, according to a recent study funded by data security firm, ID Experts. With the announcement of the Excellus breach last week, the total number of big-headline medical information compromises reported in 2015 (such as Anthem, Premera, Carefirst) had crossed the mind-blowing demarcation line of 100 million files.
The Excellus breach may have exposed the names of clients as well as their dates of birth, Social Security numbers, mailing addresses, telephone numbers, member identification numbers, financial account information and claim information. In terms of the type of information compromised and the amount of it, this most recent mega medical information breach, estimated to affect as many as 10 million consumers, was negligibly smaller than the Premera compromise, which may have exposed 11 million records. Yet it received nowhere near the same amount of media attention.
The reason is something called breach fatigue. Sure, news of the Excellus breach was a lead story, but if you think about it for a moment, was it the first thing people brought up at the proverbial water cooler the day the news broke? Probably not.
Here’s why the Excellus breach should have had tongues wagging:
- According to a report from the Identity Theft Resource Center and sponsored by the data security firm, IDT911, the medical/healthcare sector accounted for the highest percentage of breaches in 2014 at 42.5 percent.
- As discussed in my forthcoming book, Swiped, medical identity theft can be life-threatening. When your personally identifiable information is used by another person to acquire healthcare, your medical history is literally contaminated with the PII, and hence the medical information, of another person. If that mingling of data results in the removal of an allergy or a change of blood type, the result could put your life in jeopardy.
- If someone gains unauthorized access to your health insurance, you could find yourself in a quagmire should you suffer from the same ailment as the thief and require a particular treatment or medical procedure. Consider how serious that could be if the procedure you need (and can’t get because it’s already been performed on the imposter) happens to be something like bypass surgery, amputation, cancer treatment or any other major intervention.
While you think back to the day the Excellus news broke—there was the talk about the floods in Japan, refugees in Europe, the U.S. Open, the upcoming third episode of “Fear the Walking Dead”—I’m guessing the number of times that particular breach came up was low to nil. That’s fine. We’re not talking about breach fatigue per se. The real issue is that we need to raise and maintain awareness of the threat.
While you reflect upon the non-discussions about last week’s Excellus news, consider how a person might reply to a “Howya doing?” greeting at the water cooler after learning that they have become the victim of medical identity theft. Most likely, they would say something about it. And dollars to donuts, they would say they were in a waking nightmare.
How to Tell If You’ve Been Bit by the Medical ID Theft Zombie
Medical identity theft is hard to detect, and many people still alarmingly do not understand that it’s a real and present danger.
In the first episode of the new AMC show, “Fear the Walking Dead,” it takes a while for Los Angelenos to understand what’s happening, i.e., that the zombie apocalypse has begun. We are in a similar situation with medical identity theft, but in the real-world version, with vigilance on your part, you can better protect yourself.
Here are the telltale signs you’ve been infected.
More From Credit.com: 3 Dumb Things You Can Do With Email
More From Credit.com: Understanding Your Debt Collection Rights
More From Credit.com: Who Are the 3 Major Credit Reporting Agencies
While we may not be looking at a medical identity theft “apocalypse” a la the zombie shows, movies and comics, medical identity theft can definitely feel apocalyptic when you’re the victim. Protect yourself, know the warning signs and you just might stand a chance.
Any opinions expressed in this column are solely those of the author.
Adam Levin is chairman and co-founder of Credit.com and IDT911. His experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit. His new book, "SWIPED: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves" will be released this fall.