Growing incidence of medical identity fraud puts healthcare organizations on red alert

The recent and highly publicized Anthem health insurance breach has brought cybersecurity concerns to the forefront of the medical, hospital and insurance sphere.

Potentially 80 million individual data points – from names and addresses (physical and email) to birthdays, Social Security numbers and even medical identification numbers – were compromised. And unlike Home Depot and other retailer breaches, Anthem’s cyber thieves harvested a wealth of information that put the health insurance company’s employees and customers at grave risk of identity theft.

Consider that an estimated 2 million Americans fell victim to medical identity theft last year alone, accounting for about 43 percent of all identity crimes. More troubling is the fact that medical identity theft is now the fastest-growing form of all identity fraud and it occurs often selectively in high-risk pools.

Medical identity theft is pervasive because the information is inherently valuable to cyber thieves and is accessible from vulnerable networks. With someone else’s medical credentials in hand, cybercriminals visit the doctor, purchase prescription drugs and submit fraudulent health insurance and Medicare claims.

The total cost of medical identity theft to a victim is $22,346, which is six times greater than the cost of financial identity theft. What’s more, those affected by medical identity theft spend $13,500 on average in out-of-pocket costs to rectify the damage, according to Ponemon Institute’s fifth annual study on medical identity theft.

All told, these figures represent a real threat to hospitals and insurers, as well as their patients and employees.

How the Anthem recent breach unfolds in terms of the use of the acquired information remains to be seen. One potential issue is patient fraud perpetration, which begins with a cybercriminal assuming the identity of an insurance organization’s members. In this case, a false claim for care is submitted by the medical provider, and in many existing payment processes approve the claim without significant verification or risk assessment.

Fortunately, new technologies are combatting false claim submissions. This includes real-time HIPPA- compliant messaging with patients, along with personal health insurance surveillance across thousands of compromised networks in the underground Internet where much of the Anthem data is already showing up.

But what is the learning from the Anthem breach for the larger healthcare industry?

It’s simply this: By embracing security innovation protocols, organizations can more effectively protect their proprietary information while safeguarding their stakeholders. Technology innovation and integration into a hospital or insurer’s IT infrastructure is critical, as the volume of medical data sitting on enterprise systems or in the cloud continues to rise as electronic health data becomes more prevalent.

Unlike financial privacy theft, which has risk to credit and assets, the greatest concern with medical identity fraud is that it can fundamentally impact the outcome of life-or-death situations, including misdiagnosis, prescription errors or a healthcare practitioner’s treatment directives.

The Anthem breach exposed a leading insurer’s current and former customers, as well as its employees, to the ongoing threat of cyberattacks and the increasing impacts of medical identity fraud. This new reality requires the medical community to constantly be on alert, be nimble and use the newest technologies to assume an offensive rather than a defensive posture to thwarting cybercrime.


Drew Smith is founder and CEO of InfoArmor, which helps thousands of companies and employees nationwide detect and manage emerging fraud.  

 

 

The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker's Hospital Review/Becker's Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.

© Copyright ASC COMMUNICATIONS 2018. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months