Although 2015 is barely half over, it’s already proving to be a major year for healthcare data breaches. In the past few months, major health insurance companies like Anthem and Premera announced that tens of millions of customer records may have been compromised, putting their members at risk of identity theft.
Together, the Anthem and Premera breaches involved almost 100 million members, who must be even more careful about checking their records for potential identity theft issues.
Now, a new data breach is affecting CareFirst BlueCross BlueShield. Compared to the previously mentioned breaches, the damage is relatively modest — “only” 1.1 million records. But the story highlights how some companies or healthcare organizations may have already been breached — they just don’t know it yet.
Spotting the Hack
Operating in Maryland, Virginia and the District of Columbia, CareFirst has 3.4 million members. The company decided to upgrade its security in the wake of recent data breaches in the industry so that it wouldn’t suffer the same kind of hit. What CareFirst discovered, however, was that it had already been breached last year.
Hackers had gained access to a member database in June 2014. Although social security numbers weren’t involved, other identifying information was exposed, including names, birthdates and subscriber identification numbers.
In an article about the breach, security expert Mark Bower noted that healthcare organizations are the new gold mines for attackers because the data is often unprotected. He said, “Unfortunately, many health care firms do not have modern data-centric protection in place to neutralize breach risks of these kinds of attacks.”
As the attacks at Anthem, Premera and CareFirst demonstrate, healthcare companies are increasingly becoming targets for data breach attempts, mainly because identity thieves see a wealth of identifying information all in one convenient location: your medical file.
News agency Reuters warns that medical information is worth 10 times more than your credit card number on the black market. That’s mainly because a health file can include birthdates, current and former addresses, social security numbers, and names of family members.
Due to the rising number of these data breaches, it’s more important than ever to make sure you’re protecting yourself from medical identity theft. While the industry is trying to implement more security measures, the CareFirst incident demonstrates that it’s possible your information has already been exposed. Taking a proactive stance by tracking medical records and examining medical insurance statements can be helpful for spotting the warning signs of identity theft.
Image courtesy of Flickr user jasleen_kaur.