The cyber attack on Mountlake Terrace-based health insurer Premera Blue Cross exposed not just the personal and financial information of 11 million people, but also claims histories and clinical information as well.
Data breaches are differentiated by more than just size. The kinds of information that are released matters as much — if not more — than the amount. While Premera’s breach involved fewer individuals than the 80 million exposed earlier at Anthem, this latest incident included some of the most personal and closely held information an insurance company can possess.
Virtually all data breaches put consumers at risk for some version of identity theft, which can lead to bank account fraud, credit card fraud, tax fraud and other financial impacts. But breaches involving medical identity information can truly put your life or health at risk.
For Premera’s victims, the major risk now is medical identity theft. This can happen a number of different ways, but the two most common are:
Someone uses your medical identity to obtain medical goods, services and prescriptions pretending to be you, or
An individual (often involved in organized crime) uses your medical identity to bill your insurance, Medicare or Medicaid for medical goods, services and prescriptions without your knowledge.
Just last week, an Oregon man pleaded guilty to using a false identity at Providence Willamette Falls Medical Center to receive free surgery. Far from being a victimless crime, this type of fraud can cause huge problems for the impersonated victim the next time they go to a doctor or emergency room.
The provider will start by pulling up an electronic health record that now includes services provided to someone who wasn’t actually the patient. Their preexisting conditions, allergies, drug interactions — possibly even their blood type — may be wrong or conflicting. In the future, that could lead to a misdiagnosis based on a condition you don’t have, a prescription mistake with a medication to which you’re allergic, and other dangerous or inappropriate medical treatment. It is not an exaggeration to say that medical identity fraud can literally kill you.
For the 11 million victims of this breach, Premera says it will provide two years of free credit monitoring. Unfortunately, these services don’t go beyond financial accounts to provide visibility into consumers’ actual health care transactions and medical identity.
A study released earlier this year by the Medical Industry Fraud Alliance showed medical identity theft to be the fastest-growing identity crime in the country, affecting more than 2.3 million Americans. In the five years MIFA has been studying the issue, the occurrence of medical identity theft incidents has doubled, while the number of victims having to pay out-of-pocket costs rose significantly as well.
It’s time consumers and policymakers demand solutions that actually protect victims from the worst consequences of fraud that go far beyond financial misfortune.
Bob Gregg is CEO of ID Experts, whose business helps companies and consumers recover from data breaches and identity fraud.
Talk to us
> Give us your news tips.
> Send us a letter to the editor.
> More Herald contact information.