Medical identity theft proves lucrative in myriad ways
With healthcare breaches becoming routine, there's a thriving black market for medical identity information. And criminals are using the information in a variety of ways, according to a Fortune article.
Basic identify information--names, birth dates and health insurance contract and group numbers--fetches just $20 on the black market, according to researchers at Aberdeen Group. But deluxe, ready-to-use identity theft kits can fetch nearly $1,500. Those kits include Social Security numbers, banking credentials, credit card information and PINs, as well as custom-made physical credentials such as insurance membership cards, Social Security cards, driver's licenses and credit cards.
While thieves traditionally have gone after financial information from medical breaches, they typically don't care about your BMI and cholesterol levels, that's changing, according to the article. Rather than simply using a credit card or Social Security number from a medical file to commit basic financial fraud, they can parse the information out to different buyers.
If a patient has cancer, for instance, beyond the Social Security number and financial details, other data in the record could be sold to data brokers who sell information to marketers, such as pharmacy companies and hospitals that want to target cancer patients.
It's especially worrying as breaches of data grow, like the recent hack of Community Health Systems, which compromised the info of 4.5 million patients.
In more sophisticated schemes, physically identifying information could be used for visas and passports. And information about the physical characteristics of a person with access to high-security systems could help criminals breach them, according to Fortune.
Despite the risk from criminals hacking into electronic systems, more than half of medical identity theft is "friendly fraud," where an uninsured person uses a friend or relative's insurance identification card to obtain healthcare services.
Marita Janiga, J.D., executive director of the national special investigations unit and compliance hotline at California-based Kaiser Permanente, urges providers to ask tough questions when things don't look right, such as height and weight discrepancies with the record or when there's post-natal care, but there's no baby.
To learn more:
- read the article
Expert advice on limiting medical identity theft
Identity theft in healthcare: Why the industry is losing the battle
Medical ID theft: Red flags and opportunities
'Friendly fraud' factors heavily in medical identity theft
Community Health Systems hack compromises info for 4.5 million patients