It was not very long ago that information shared with your doctor was sacrosanct. That may no longer be the case — and the fallout could be life-threatening.
Unless you are living in a log cabin on Loon Lake and are off the grid, you have probably heard about the mega-breaches responsible for this paradigm shift. Unfortunately the likelihood is that the dark days of lax or nonexistent data security practices are by no means behind us.
If you doubt that, consider for a moment that it was only a year ago the media sirens alerted the world to what would become the biggest mega-breach involving health care information. Although it took a while for the whole story to emerge, we learned that more than 80 million customers of Anthem were exposed in a giant breach that included Social Security numbers (SSNs) and other kinds of sensitive personally identifiable information. A scant three months later, in March 2015, Premera began notifying 11 million members that personal information (this time including Social Security numbers and medical records) somehow found its way into enemy territory.
The revelation that medical histories had been exposed was serious. The potential damage that could be wrought by evil-doing third parties using Social Security numbers was no small thing. The victims of both the Anthem and Premera breaches will be looking over their shoulders for the rest of their lives — forever exposed to the possibility of crimes ranging from credit card account take-overs to tax refund fraud based on the compromise of their SSNs. (If you have reason to believe your SSN was compromised, you may want to keep an eye on your credit as unexpected changes can signal potential identity theft. You can do so by pulling your credit reports for free each year on AnnualCreditReport.com and viewing your credit scores for free each month on Credit.com.)
With the addition of medical records in the mix, there was the potential for new and more terrifying kinds of attacks — extortion using the threat of leaking embarrassing, private medical information and theft of health care services, which could cause a person to be denied timely health care, not to mention all those other crimes you can’t even imagine until they are announced on the nightly news.
As if that weren’t enough, last June the Office of Personnel Management — the human resources department of the U.S. (including its spies) — announced perhaps the most devastating breach of all. Somewhere between 18 and 32 million records were floating in the wind (possibly higher, but most often pegged at 22 million). More accurately, those incredibly sensitive records were in the possession of a hostile third party. The OPM hack included millions of the most intimate details revealed (or uncovered) during security clearance evaluation background checks for present and former government employees, contractors, family members of candidates, their friends and even employees of airlines.
The latest news from the OPM breach is that the information leaked could lead to espionage for any number of reasons.
The counterintelligence campaign currently underway is specifically designed to warn current and former government employees and contractors whose information was exposed by the breach that their information could be used by an operative to strike up a conversation. Armed with personal details, this operative could quickly form a bond by talking about mutual interests or life experiences. It’s creepy, and the threat is very real.
But What Does That Have to Do With Health Care?
Two of the above breaches include medical histories. The secrets and most personal details of the people affected are no longer secure, and the repercussions could be life-threatening.
Will people hesitate to see a doctor about a complaint that they would not want a third party to know about? Let’s say someone contracts a sexually communicated disease, and they decide rather than have that on their personal record—and risk exposure—they will purchase the antibiotics mentioned in an online article about the treatment of this or that disease. And let’s say that person is allergic to that prescription. Another scenario could well be a mental health crisis, where a person in dire need of help forgoes treatment for fear of exposure to hackers. That second scenario could not only result in the individual hurting his or herself, it could also endanger the lives of others.
While it is fair to counter that the above is incendiary and dire, it is not beyond the realm of the possible as breaches go from a regular occurrence to the third certainty in life. Now more than ever, it is time for the health care community to rise to the challenges that we face and close the gates because the cyber barbarians are everywhere.
Levin is chairman and co-founder of Credit.com and IDT911. His experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit. His new book, "SWIPED: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves" was released last year.
Any opinions expressed in this column are solely those of the author.