Breach, Threat Management, Data Security

Study: Medical ID theft victims increasingly report spoofed sites and phishing as cause of fraud

As the number of individuals impacted by medical identity theft continues to climb, so does the number of victims fooled by spurious emails and websites designed to purloin their sensitive information, a study finds.

According to the “2013 Survey on Medical Identity Theft,” the number of people who've fallen victim to this type of fraud has increased by 19 percent since last year, accounting for more than 1.8 million victims in 2013.

More than 300,000 new medical identity theft cases cropped up during the one-year period, the study found. The survey was conducted by the Ponemon Institute and sponsored by the Medical Identity Fraud Alliance (MIFA) and data breach prevention firm ID Experts.

The study, in its fourth year, surveyed nearly 800 adults in the U.S. who self-reported that they, or their close family members, were victims of medical identity theft. 

Along with the rise in medical identity fraud, experts also saw a significant uptick in dubious websites being erected by saboteurs and spam emails being sent – all with the intent of tricking individuals into giving up their medical information.

Between 2012 and 2013, the percentage of medical identity theft victims reporting spoofed websites and phishing emails as the likely cause of their troubles doubled. This year, eight percent of respondents cited the cyber schemes as the cause of their issues, while only four percent of victims reported the same in 2012.

In the report, medical identity theft was defined as a person using an individual's name or personal identity “to fraudulently receive medical service, prescription drugs and goods, including attempts to commit fraudulent billing.”

Larry Ponemon, chairman and founder of the Ponemon Institute, told SCMagazine.com earlier this week that in this study, and in other Ponemon studies, the frequency of spear phishing targeting medical identity theft victims has gone up.

Furthermore, spear phishing, attempts to infiltrate an individual's network or steal their data by crafting a targeted ruse they are likely to open via email, is likely under-reported among medical identity theft victims, Ponemon added.

“A lot of people aren't even aware that they have fallen for a phishing scam because they were so sophisticated,” he said. “The ability to record it is difficult because people aren't even aware that it's happened to them.”

In the study, the groups also found that seven percent of medical identity theft victims believed a data breach suffered by their health care provider, insurer or related organizations, was the cause of fraud. Last year, six percent of respondents cited those reasons as the cause.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.