Modern Medical Identity Theft: What It Is, and How to Prevent It

Today, much of the healthcare industry is shifting with increasing speed towards electronic health record systems (EHR). Streamlining healthcare management for millions of patient records by simplifying access as well as version control, there are still threats for medical identity theft to nevertheless look out for.

Whether from a malicious attacker hiding behind a computer screen hundreds of miles away, or by an inside job carried out by a medical practice’s own staff, medical identity theft is an imminent and trending concern—and one which seen a dramatic rise over a relatively short period of time.

Opposed to a paper-based world where paper records were stored in a single room, online connectivity provides countless doors leading into an organization’s vaults of sensitive information.

To help you now navigate this seemingly complex new threat of identity theft and data breach, here we’ve outlined not only what medical identity theft is and what these thieves target, but also a series of time-tested practices we’ve provided for preventing similar incidents.

The Very Real Threat of Medical Identity Theft: Case In Point

Since 2010, medical ID theft incidents have come close to now doubling—and with the current trend, the attacks on personal information don’t seem to be ending anytime soon.

Further adding salt in the already-painful wound, not only have medical data breaches numbers grown since 2010, the number of victims paying out-of-pocket cleanup costs also doubled—not just making these medical identity theft cases tiresome and time-consuming, but also costly to boot.

Take for instance the indictment filed in July of 2016, against three employees in the Tampa office of Pediatric Gastroenterology, Hepatology & Nutrition of Florida.

According to the investigation, the conspirators stole personally identifiable information (PII) from the practice’s vast collection of sensitive patient information stored in an electronic health system (EHR). Among others, a few of the top PII targets for these identity thieves and potential hackers include:

  • Full Names
  • Date of Birth
  • Home Address
  • Phone Number
  • Social Security Number
  • Email
  • Credit Card and Debit Card Numbers

Using this information, scope and scale of damage can extend far beyond someone using your checking account number to make small withdrawals over time. In the Tampa data breach, the identity thieves used the PII to submit electronic applications for credit cards and credit lines from various financial services—something which instead leaves a disastrous and longstanding impact.

So How Do You Avoid a Similar Fate?

With the growing wealth of personal information available online today, an increasingly large hacker crosshair is now also landing on the healthcare industry, making it critical for companies to proactively prepare their defenses prior to the moment disaster strikes.

In the case of the medical identity theft and data breach in the Tampa office of Pediatric Gastroenterology, Hepatology & Nutrition of Florida, for example, the cause for the misused personal information stemmed from within the organization.

In order to address such concerns, one of the key strategies for companies to implement into EHR systems involves the incorporation of varied levels of access to consequently limit the access to confidential protected health information (PHI).

While a simple background check prior to hiring will likely help to raise some red employment flags, practices also are recommended to regularly review and retrain staff of current HIPAA policies to prevent accidental breaches or identity theft as well.

Besides reinforcing the interior of your organization’s home base, however, there are other strategies to actively employ in an effort to stay a step-ahead of the next potential medical identity theft.

With a healthcare-specific EHR system for managing their electronic records, it may be easier to access files for employees and staff, but this makes it easier for an unauthorized user to access information.

In order to fluster the attempts of medical identity thieves, IT experts across the board strongly urge organizations of all shapes and sizes to implement password-protected encryption systems, which renders sensitive patient health information in the system illegible to an unauthorized user.

Finally, while you may cover all your forward-looking bases, ensure you also protect and cover up your tracks to prevent a medical identity thief slipping in the door of opportunity before it closes behind you with the help of one last tactic in the toolbelt: hard drive and electronic media destruction.

Computer hard drives and electronic media which store digital files and records are not just limited to a traditional computer—from scanners, printers, and fax machines, to thumb drives, CDs, and mobile devices, the variety of places one can find readily-accessible information is far-reaching.

Although most companies will protect and secure these systems and devices while they are currently being used, unfortunately not all organizations are aware of proper electronics disposal practices, as all too often companies will simply delete information and dispose the device once they’re done with it.

What they don’t realize however, is that using sophisticated softwares hackers and medical identity thieves are nevertheless able to recover the deleted and now disposed information—virtually undoing even the best protection efforts by organizations who fall into this unpleasant trap.

As a result, the key to preventing medical identity theft begins with organizations not just looking at their interior defensive strategies, but also evaluating external securities like EHR encryption systems and eventual processes for securely shredding and destroying old hard drives and electronics prior to disposal as well.

Searching for Medical Identity Theft Protections? Get a No-Obligation Quote on Solutions and Services Today!

With a growing shift towards adoption of electronic document management systems across the business landscape, the healthcare industry’s EHR systems are potentially among the most vulnerable to medical identity theft given the scale of the system’s information on top of the already massive number of different devices and users on the network.

At Record Nations, we partner with a network of the top providers in numerous security solutions and services ranging from EHRs and electronics destruction to encrypted document management systems in order to best suit your storage and security needs.

To learn more or request a free estimate on any of our available services and systems, just give us a call today at (866) 385-3706, or simply fill out a form to the right of your screen to get free medical identity theft solution and service quotes today!

Additional Resources

In the Hacker’s Crosshairs: Protecting Vulnerable Personal Information

Throughout this in-depth white paper, we take a closer look at how the online world looks through the lens of hackers—exploring not only which information hackers target and their strategies for stealing it, but the best practices for ensuring personal information and documents are securely managed and protected as well.

How the Internet Can Expose Your Identity

Online accounts contain vast amounts of personal information, and unfortunately, online is often where the average user is most vulnerable. Get an overview of some of the specific places hackers and data thieves will look first along with a few tips for keeping yourself secure here.

Record Nations Wizard

Get a Free Quote in Minutes!

Fill out our form below and we'll contact you with a free quote within 30 minutes during normal business hours or by the following business day if it's after hours.