Medical ID Theft - the Growing Crime
I've spent a fair amount of time the past month or so talking to various thought-leaders in security, risk management, compliance - just trying to get a sense of what they perceive to be the biggest trends and threats of 2010.
One of my conversations was with James VanDyke, founder and president of Javelin Strategy and Research. The topic was threats to banking security, but the discussion quickly changed to medical threats and VanDyke's belief that 2010 is going to be a busy year for healthcare/security leaders:
What about medical identity theft? Now that's a topic about which we don't hear nearly enough.
"With the HITECH Act that went in last year, doctors/medical providers got an incentive for putting more records online, and it is kind of interesting that this law at the same time gave stiffer penalties for medical records that are breached," VanDyke says.
"Well, what we are going to see is a lot more action here by attorneys, by privacy advocates and others, and there will be more outrage as medical records are breached, more and more fines will be extracted from those providers. And these healthcare providers, they are not going to be ready to deal with this. Frankly, doctors are just not good at managing the operations side of their business; they never have been, and I doubt we will ever see them be that way. Financial services institutions are actually in good position from a corporate banking standpoint to offer added-value services to help the healthcare industry, which will have a real spike in need in that area, and across the board we will see more data breach notifications."
I asked VanDyke what he perceived to be the biggest threat to information security, and he was quick to answer: mass exposure of data. "You know when I give blood at the Red Cross, they still prefer to go off of Social Security numbers, and these private records are out there. You could say that the horse is out of the barn, and we still have people carrying checks around in their purses and wallets that have ceased writing checks, and people are giving up private information left and right. So breaches are really just the beginning of the problem, and the biggest issue is there is so much private data around it is impossible to lock it all down, and we sometimes act and even legislate as if though that is the solution, to lock down the data. It just can't happen."
In a separate conversation, I spoke with Jay Foley of the Identity Theft Resource Center about the top threats to consumers in 2010, and he echoed VanDyke's words.
"We are going to see an increase in medical identity theft," Foley says. "A lot more people are having trouble making ends meet, and one of the first things that seems to slip is going to be medical insurance. ' I haven't got medical insurance, so what I do is I go down to the hospital and I give them somebody else's name and Social Security number, and I piggyback on their insurance.' It is becoming more and more of a thing, and it is becoming more and more alarming."
So, my question is: Are you seeing the same medical id theft threats to your organizations? And if so ... then what are you doing about them?