What To Do if Your Medical Records Are Stolen?
Table of Contents
- By Rita
- May 06, 2022
Despite the healthcare industry's continuous efforts to minimize cybercriminal activity, cyber-attacks continue to plague it. For a long time, medical records have been a popular target for cybercriminals. This is because they contain a lot of sensitive data.
If hackers steal your medical records it could result in serious financial fraud. When cybercriminals breach medical systems, they can use the stolen information to get prescriptions and medical services in your name, open new credit accounts, or blackmail you for further gain.
What Is a Healthcare Data Breach? Medical Identity Theft Definition
A healthcare data breach is when cybercriminals hack into the computer network of a doctor's office, clinic, hospital, medical lab, insurer, or other medical providers. If you're wondering, “how does medical identity theft happen?” there are a few methods cybercriminals use to get your medical information:
- Phishing - You may get an email, text, or call from what appears to be a reliable source, like your healthcare provider asking you to confirm certain information about yourself. In reality, it’s a cybercriminal trying to get you to give up your medical info.
- Stolen Cards - If you lose your wallet, it's natural to think of your credit and debit cards first. However, Cybercriminals can also use your health insurance card or other medical information like prescriptions or medical receipts to commit medical identity fraud.
- Black Market - Cybercriminals don’t have to go through the hassle of trying to steal a card or breach a company’s systems. They just have to purchase your personal information from someone on the black market who’s already done the work for them.
- Hacking - With a lot of online information, a hacker can compromise your accounts and steal your information without you knowing. This includes email accounts, medical accounts, social media accounts, and more.
- Data Breaches - Healthcare data breaches don’t all occur due to phishing. Others occur due to lax office procedures and security, theft by medical workers, hacking, and more.
All a scammer needs to commit medical identity theft is your name, health insurance number, and in some cases, a social security number too. Most people think identity theft affects insurance companies only. However, the victims also suffer harsh consequences, as we discuss below.
How Can Medical Identity Theft Affect You?
What happens when thieves use your medical identity? Any of the following consequences can happen:
- Bad Credit - After a fraudster uses your information to get expensive medical treatment that your insurance provider doesn't cover, you could get large bills in your name. These could go to collection agencies, and you would only find out after creditors contact you.
- Inability To Access Healthcare - If a medical identity thief maxes out your benefits, you could find yourself unable to access healthcare coverage.
- Incorrect Medical Records - When a medical identity thief receives medical care under your name, their medical information will be mixed up with yours. Considering future treatment sometimes depends on medical history, it could place you at risk.
- Problems With the Law - Medical identity theft can be part of a larger scheme of drug trafficking and sale and can even involve organized crime groups. If your name pops up, you may find yourself a suspect of a crime, and you could even end up in jail.
- Increased Insurance Costs - Medical identity theft can lead to sky-high medical insurance premiums. You may even end up losing coverage altogether.
What Information May Be Stolen?
Cybercriminals look for information that they can use to impersonate you to get medical treatment or drugs. This is the basis of the description of medical identity theft. They can also use the information for other nefarious reasons. The information that hackers can steal during a healthcare breach includes:
- Your billing and payment info, including credit card and bank account details.
- Your personally-identifying information (PII) such as your social security number, birth date, name, phone, and other details.
- Your Medicare or insurance policy numbers.
- Yours and your family's medical history, including the history of treatments and prescriptions.
Hackers use personal information for many purposes, not just for medical gain. They can open new accounts in your name, charge products and services on your credit cards, and even steal your funds if they get into your bank account.
Signs of Medical Identity Theft
What is medical identity theft? To know the signs, we need to answer this question. It refers to when a cybercriminal uses another person's name or insurance information to get medical treatment, prescription drugs, or surgery.
The Federal Trade Commission (FTC) explains that the first sign of medical identity theft might be that you receive a bill or statement from your doctor or insurer with charges you do not recognize. If you're wondering, “how do you prove medical identity theft?” the FTC advises you to look out for the following:
- Denial or revocation of insurance because your medical records indicate a condition you don't have.
- Anything on your credit report that you don’t recognize.
- Contact from a debt collector about a medical debt that is not yours.
- You receive notice that you have reached your medical plan limits.
- A bill or statement of benefits that shows medical services you never received.
It would be best if you also looked out for:
- Notices from your medical insurance provider.
- Accounts you do not recognize.
- Notices of changes to your accounts.
- Bogus credit card charges.
- Bounced checks.
- Inquiries about your medical accounts.
- Notice of a password change.
- A “you have been locked out of your account” alert.
What To Do After Medical Identity Theft
If you suspect you’re a victim of medical identity theft, here are the main steps to take, in no particular order:
File a Police Report
Even if it seems impossible that law enforcement will catch the perpetrator, it's crucial to file a police report. You will receive a report number that will show in the future that the medical identity theft happened.
File a Report With the Federal Trade Commission
If you fall victim to medical identity theft, file a report with the FTC online or at 877-438-4338.
Inform Your Insurer
Notify your insurance provider of the fraud and find out if they have a specific protocol for these situations. If the attack is Medicare-related, alert the U.S. Department of Health and Human Services Officer or Inspector General (online), or contact 800-447-8477.
Get Copies of Your Medical Records
Contact your doctors and insurance company to get copies of your current medical records. Get copies for anyone in your family who is a victim. Review them for any medical items, prescriptions, or services you don’t recognize.
Confirm that your personal information within the records is accurate. Verify they have your correct address and blood type.
If an identity thief changes your medical records to reflect their treatment, you could receive treatment that puts your life at risk.
Be sure to check all your medical records with each of your doctors, clinics, and healthcare providers that you use. Don’t forget to get copies from your pharmacy too.
Note that you may have to pay for copies of records from various providers.
Notify All Three Credit Bureaus
If you haven't checked your credit report, check it immediately and send a copy of your police report and identity theft report to Equifax, Experian, and TransUnion. You may also want to place a security freeze or fraud alert on your credit reports.
Ask for Corrections
After reviewing your health records, report any errors and ask for corrections in writing. Keep the original records and make copies to send to your providers. Keep detailed notes of your process.
Ask the healthcare provider to correct any inaccuracies. Send your request by mail and ask for a "return receipt," which will prove what the provider received. Include a copy of the police report and identity theft report filed with FTC.
How To Protect Your Information Going Forward
Here are several tips on how you can protect your information moving forward so you can avoid a healthcare data breach:
- Use a Firewall - Windows and macOS have in-built firewalls. This software creates a barrier between your information and the outside world. They prevent unauthorized access to your accounts and devices and alert you in case of any intrusion attempts. Ensure the firewall is enabled before you go online.
- Install Antivirus Software - Computer viruses and malware are everywhere. With an antivirus program like Kaspersky, Bitdefender, and Avast, you can protect all your sensitive medical information if a hacker tries to use unauthorized code or software to infiltrate your operating system.
- Use Complex Passwords for Your Accounts - Using secure passwords for all your accounts effectively prevents healthcare breaches. The more secure your password is, the harder it is for hackers to invade your system. Use a password with at least eight characters, a combination of uppercase and lowercase letters, and computer symbols.
- Keep Your OS, Apps, and Browser Up to Date - New updates to your operating systems will usually include security fixes that prevent hackers from accessing and exploiting your information. This, too, goes for apps and browsers. Review your browser's security settings as well.
- Ignore Spam Messages - Be wary of any emails from unknown entities and avoid clicking on links or attachments that accompany them. Inbox spam filters are now quite good at catching conspicuous spam.
- Secure Your Wi-Fi Network and Avoid Using Public Wi-Fi - Routers don’t come with the best security settings enabled. Log in to your router and set a password using a secure and encrypted setup.
This will prevent hackers from infiltrating your network and messing with your settings. You should also avoid using public Wi-Fi networks because they’re usually vulnerable to hacker attacks.
The above are just tips on how to prevent medical identity theft from a medical data breach. Doing these things will mean nothing if your doctor, clinic, hospital, medical lab, insurer, or other medical provider doesn't take steps to protect their network from breaches. So, it's also essential to pick a trustworthy medical provider.