Incident Response, Network Security, TDR

Medical ID theft on the rise, says new study

Even though nearly 1.5 million Americans were victims of medical identity theft last year, many are doing little to protect their health records, according to a second annual study released Tuesday by The Ponemon Institute.

The report, which sampled nearly 1,700 consumers to determine how pervasive medical identity theft is in the United States and how it has affected American consumers, was sponsored by credit bureau Experian's ProtectMyID, an identity theft protection service.

Despite consumers' desire that their medical records remain private and frequent headlines of data breaches, a large number of respondents to the survey are not taking steps to ensure the safety of their health records, the survey found.

And, at a time when costs related to identity theft are on the rise, this is a big problem.

According to a survey released in February by Javelin Strategy & Research, while identity theft fraud fell 34 percent in 2010 to $37 billion, out-of-pocket costs to victims rose to $631 from $387 in 2009.

Further, the biggest complaint received by the Federal Trade Commission, for the 11th year in a row, was identity theft. It accounted for 19 percent of all complaints received, and impostor scams, including instances where an identity is assumed to receive medical services, are among the fastest growing categories, according to the FTC.

The reason for consumers' indifference, the Ponemon study found, is a failure to comprehend the effects of a data breach.

To begin, 91 percent of respondents are unfamiliar with the concept of medical identity theft, which Ponemon defines as someone assuming another's identity to receive medical services, prescription drugs and/or goods.

"Part of the problem when it comes to medical identity theft is that people have yet to grasp the correlation to medical records and money," Larry Whiteside, CISO of Visiting Nurse Service of New York, told on Wednesday. "It is difficult to understand that if your medical records are exposed, how someone could then begin stealing your money."

Identity theft is much easier for consumers to understand if bank or credit information is exposed, he added.

Consequently, half of those surveyed by Ponemon who suffered identity theft said they did not report the incident to law enforcement, up from 46 percent in the 2010 study.

“Our study shows that the risk and high cost of medical identity theft are not resonating with the public, revealing a serious need for greater education and awareness,” said Larry Ponemon, chairman and founder of The Ponemon Institute.

His view jives with the 55 percent of survey respondents who said they are not familiar with state or federal privacy policies, while 79 percent are unaware of a proposal to create a database of Americans' health information.

This proposal, called the Health Claims Data Warehouse, is buried within recent health reform legislation, and would, in fact, collect data from insurance claims filed by eight million federal workers to help researchers study ways to lower costs, fight fraud and improve services.

In another example of the disconnect, the Ponemon study found a high rate (36 percent) of medical identity theft among family members, making it the most common category. And slightly more than half of these victims chose not to report the breach because they knew the thief.

The rise in medical identity theft is an extension of traditional identity theft. A study released in January from PandaLabs, Panda Security's research arm, detailed a network selling data on underground forums. The report concludes that where once thieves were only interested in such personally identifiable information as Social Security numbers and credit card details, the market has now diversified.

Further, a glance at the chart of reported data breaches in the United States that Privacy Rights Clearinghouse maintains shows that health care facilities and providers are among the top targets for breaches each month.

The upside, though, is that there is room for improvement.

"We see a lot of opportunity to understand the implications of data breaches on finances and health,” Jennifer Leuer, general manager of ProtectMyID, told on Tuesday.

Leuer said consumers can take numerous steps to protect themselves. The first precaution is to open one's mail.

"People are not seeing information," she said. "It is vital to see what was done in your name."

She added: "Keep all personally identifiable information in a safe place. Medical identity is valuable."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.