Why Medical Records Are Tempting Targets for Cyber Crooks
The information that is collected and stored by healthcare providers and by health insurance companies includes incrdibly detailed information about our lives. In the U.S., insured patients are identified by social security numbers and birthdates, as well as full names. Our records include our current phone numbers, mailing addresses, physical addresses, email addresses, and all the same contact information for our next of kin and our closest friends and family members. This information also includes specifics about our current employer and how long we have been employed and on that employer’s insurance plan. These records also include our insurance member IDs. All of this information is sufficient for a crook to steal someone’s identity, to gain access to their accounts, to apply for and gain credit using our names, to begin piling up bills, to damage credit ratings, and to make our lives hell. Identity theft is much more difficult, costly, and time-consuming to combat than credit card fraud or than having a single bank account compromised.
This wealth of personal information also makes it incredibly easy for crooks impersonating healthcare services providers to bill insurers, including large federal payers, for medical and ancillary services (transportation, therapy, medical appliances) that were probably never provided, collecting millions of dollars in reimbursement before they’re ever found out. Medicare and Medicaid fraud is already a multi-billion criminal enterprise. The Economist called it “the $272 billion swindle” in May, 2014: