Having your records stolen in a healthcare data breach can be can be a prescription for financial disaster. If scam artists break into healthcare networks and grab your medical information, they can impersonate you to get medical services, use your data open credit accounts, break into your bank accounts, obtain drugs illegally, and even blackmail you with sensitive personal details.
ID theft victims often have to spend money to fix problems related to having their data stolen, which averages $600 according to the FTC. But security research firm Ponemon Institute found that healthcare identity theft victims spend nearly $13,500 dealing with their hassles, which can include the cost of paying off fraudulent medical bills.
Victims of healthcard data breaches may also find themselves being denied care, coverage or reimbursement by their medical insurers, having their policies canceled or having to pay to reinstate their insurance, along with suffering damage to their credit ratings and scores. In the worst cases, they’ve been threatened with losing custody of their children, been charged with drug trafficking, found it hard to get hired for a job, or even been fired by their employers.
What is a healthcare data breach?
Healthcare data breaches occur when hackers infiltrate the computer network of a doctor’s office, clinic, hospital, medical lab, insurer or other medical provider. In many cases, medical information is stolen by medical workers or accidentally exposed through lax office procedures and security.
Medical data is a big target for fraudsters because it’s often much more valuable than other commonly available personal data. While a stolen credit card number might be sold for just a few cents, medical files can be worth as much as $1,000 each, according to Mariya Yao, Chief Technology Officer and Head of Research & Design at TOPBOTS, an artificial intelligence research firm.
Signs that you’re the victim of medical identity theft
Your first clue that your medical data may have been hacked might come in a statement, bill or notice from your insurer, your doctor or another medical provider, warns the Federal Trade Commission.
According to the commission you should be on the lookout for:
• A bill or statement of benefits showing medical services you didn’t receive
• A call from a debt collector about a medical debt you don’t owe
• One or more medical collection notices on your credit report that you don’t recognize
• A notice from your health plan or insurer saying you reached your benefit limit
• A denial of insurance because your medical records show a condition you don’t have
How to get things back on track after a healthcare breach
If you do get the sinking realization that your medical information has been stolen, here are three steps you can take to protect yourself and minimize the damage.
1. Gather documents and file reports
• After checking your credit report and collecting any statements or paperwork, you’ll want to file an Identity Theft Report with the Federal Trade Commission.
• If it’s your Medicare or Medicaid information that’s been nabbed, report that online or call 800-HHS-TIPS.
• Additionally, if there are medical collections appearing on your credit report, you’ll want to contact Experian or the other credit bureaus and to get the fraudulent information removed.
2. Collect current copies of medical records
Get current copies of all your medical records from your doctors and all other healthcare providers, along with your medical insurer, plus the records of any family members who also may be affected. Go through the reports, looking for any treatments, procedures or prescriptions that weren’t authorized for you and your family. In some cases, a scam artist may have maxed out your benefits for the year or done something else that might threaten your coverage and eligibility for treatment.
You’ll want to check that all your personal information is correct, from your mailing and billing address to your blood-type. If your medical records have been changed to reflect treatment for an imposter, they could contain dangerous errors, such as listing incorrect allergic reactions to some medications, a chronic condition such as diabetes, conflicting medication lists, or even an incorrect blood type. If you’re in an accident and brought into an emergency room, that kind of falsified information could prompt a dangerous or even fatal medical mistake.
3. Ask for corrections
Once you’ve reviewed your health records, report any wrong information and request corrections in writing. You can copy the records and highlight or circle any wrong entries to be deleted, and write out additions or corrections. Make copies of everything you send, keep the originals and make a record of what was sent, where and when.
Ask the provider to correct or delete each error. Send your letter by certified mail, and ask for a “return receipt,” so you have proof of what the plan or provider received. Include a copy of the police report and the Identity Theft Report filed with the FTC.
The healthcare provider is required to correct your records and alert any laboratory or other provider that may have received incorrect information. The FTC advises that if a provider won’t make corrections, you should ask that a statement of your dispute and corrections be included with your medical records.
Brian O'Connell is a personal finance journalist, the founding managing editor of Bankrate.com. For more information on medical ID theft, visit the Experian Blog.