Medical Identity Theft in the New Age of Virtual Healthcare

Medical identity theft is a serious concern in the healthcare industry and the risks have never been greater than they are right now. Cyber attacks against healthcare organizations have steadily increased since the pandemic began, and as we embrace all the conveniences that digital healthcare has to offer, medical identity theft has also accelerated. But the impact of this criminal activity isn’t only felt by the victim. Both individuals and healthcare providers suffer when thieves make fraudulent medical claims. Studies in previous years have estimated that medical identity theft costs the healthcare industry $30 billion a year, and an average of $13,500 for each victim to resolve the issue.

Valued at 20 to 50 times more than financial identities on the black market, confidential records with sensitive health data and personal identifying information are prime targets for criminals. Today, the industry stands at a crossroads as we continue into the digital future of healthcare – will we succeed in mounting a strategic defense against these attacks, or will we always remain one step behind?

The risks of medical identity theft

When an unauthorized individual uses another person’s stolen information to receive medical treatment, fill prescriptions, or obtain health services, it’s a case of medical identity theft. Criminals may also attempt to submit fraudulent claims to health insurance companies to receive payouts. If someone uses stolen data to access healthcare benefits, your patients are at risk of a number of extremely unpleasant consequences ranging from unexpected out-of-pocket expenses to being arrested for crimes they did not commit. This type of crime can wreak havoc on a victims’ life for many years.

Providers too are left with quite the mess, as they have to help manage upset customers, unpaid bills, fraudulent claims, and, possibly, corrupted medical data. In the latter case, if the wrong medical information from an impersonator has corrupted a patient’s file, this bad intelligence could impact the care provided to them, potentially leading to disastrous results.

Medical identity theft can impact your customers in several ways:

1. Being billed for treatments or services they didn’t receive Fraudulent medical claims can cause major headaches for customers fighting charges for care they did not receive. Providers then need to divert significant resources to untangling the mess of these false claims. Healthcare organizations can assist their customers with unexpected charges on their medical explanations of benefits (medical EOBs) by walking them through charges and making sure they stay up-to-date on their billings.
2. Delays in receiving care Digitalization of patient records means that it’s easier than ever to focus on the needs of each individual, but when bad data gets into the system, it can impact the framework of their care. Victims of medical identity theft report delays in receiving medications and services due to false data in their files.
3. Stolen benefits Illegitimate prescriptions and procedures can devastate a victim’s medical benefits, forcing them past thresholds in their insurance coverage and rendering you unable to provide them the best possible care.
4. Criminal charges It’s hard to believe that a victim of identity theft could be arrested for the misdeed, but in fact, it happens nearly every day. In an exposé from Consumer Reports, a stolen purse led to one woman’s false arrest after a thief used her health insurance card to obtain prescription painkillers. Another woman had a run-in with CPS when a pregnant woman used her identity at a hospital and gave birth to an infant with drugs in her system.
5. Misdiagnosis or mistreatment It’s every doctor’s nightmare to misdiagnose or mistreat a patient by acting on the wrong information in an individual’s records. Unfortunately, this can happen if a thief’s medical information is inserted into their victim’s files after they’ve been treated under the victim’s name. Things like drug allergies or blood types can get switched around – with deadly results. In 2012, Ponemon Institute’s Third Annual Survey on Medical Identity Theft found that 20 percent of medical identity theft victims said their records were accessed or modified—a number that has likely to have dramatically increased in more recent years.
6. Escalating attacks on medical records In the past year, hackers have become brazen in their attacks on the healthcare industry, obtaining patients' personal identifying information, medical diagnoses, and a frightening level of detail about their health, including things like whether they've had a colonoscopy and photos of their ailments. If ransomware attacks are unsuccessful and hospitals don't pay, the criminals may try to sell the data on the dark web or simply dump it there for anyone to acquire. Earlier this year, cybercriminals posted tens of thousands of files with sensitive medical records from two hospitals to the dark web for no apparent reason. In the second half of 2020 alone, hackers were able to steal 21.3 million healthcare records.

   These cybersecurity breaches come at a high cost, not just for patients but also for healthcare organizations and the economy. In 2020, data breaches in the healthcare sector cost an estimated $13 billion. More specifically, estimates from 2012 put the economic burden of medical identity theft itself at $41 billion.

How to protect your patients

It’s important to remember that, despite the rise in medical identity theft, all hope is not lost. Providers and their patients can work together to step up cybersecurity efforts and take back control of their medical data. Installing protection measures will help in the fight against medical identity theft. Educate your patients about the steps they can take to determine if their identity has been stolen, like reviewing their medical EOBs. Support them in employing tools like CyberScan and MIDAS to determine if their personal information is for sale on the Dark Web.