Due to major breaches at health insurance companies Anthem and Premera this year, nearly 100 million customer records have been compromised. And it seems healthcare hacks won’t be slowing down any time soon.
In September 2015, Excellus BlueCross BlueShield announced that more than 10 million records were exposed in a data breach. While the CEO said the company is now taking aggressive steps to remediate its IT system, the question experts are asking is: Who’s next?
Most importantly to consumers, how can you know your records are safe?
When these data breaches occur, those affected are usually told to obtain identity theft protection services and to monitor their accounts more closely. While that’s good advice, it implies that attackers have just broken into the systems and could use the information in the future. In fact, they may already have had the data for months or even years.
For example, the Excellus breach was detected on August 5, 2015, but an investigation revealed that the initial attack occurred on December 23, 2013. Attackers may have gained unauthorized access to information that included names, dates of birth, Social Security numbers, and financial account information — data hackers could have been using for over a year and a half.
Excellus aren’t the only ones who seem to be taking a while to identify cyberattacks. A recent breach at CareFirst showed hackers had gained access to a member database a year before the breach was detected. In that case, CareFirst only discovered the hack because it was updating its security in the wake of breaches at other companies.
As this ongoing parade of breaches shows us, medical identity theft is now part of our past, present and, most likely, our future.
With healthcare information becoming increasingly digitized and tied to financial data — an insurer can link to bank accounts for automatic withdrawal, for example — these records are soaring in value on the black market. Some security experts have estimated that medical information and insurer data are worth 10 times more than your credit card number.
Another incentive for thieves is that medical records can include data on an entire family. Consider the rise of child identity theft, scams against senior citizens, and increased targeting of college students. Insurer and medical records often contain enough information not only to steal medical services under an assumed name but also to perpetrate other types of identity theft, like opening new credit accounts.
Because of the rising number of these data breaches, it’s more important than ever to make sure you’re protecting yourself from medical identity theft. Although companies like Excellus take immediate steps to lock down their security after a breach, it’s impossible to know what other breaches are in progress right now, putting your information at risk. Take proactive measures by employing identity theft protection and looking carefully over medical insurance statements, credit reports, and financial transactions.
Image courtesy of Flickr user Connor Tarter.