Credit cards + banks = security worries.
Face up to reality and understand that equation – which most of us think sums up the present reality of our insecurities – is horribly false.
We have gigantic security worries. It’s just not banks that are the problem.
Big financial institutions, big online retailers, big bricks and mortar retailers have all invested heavily – and are still investing – in upgraded security. They are not winning the war against cybercriminals. But they are holding their own.
Not so healthcare. Physicians, hospitals, insurers, miscellaneous providers are an unmitigated disaster when it comes to security – and hackers, increasingly, know the lowest hanging fruit is in the healthcare sector.
It is tasty fruit indeed. Patient files are a treasure trove with ample info to perpetrate identity theft. Even better, there are millions of files on children that can be cashed in a few years from now. Credit files generally give out only a scant, predictable array of information. Medical and insurance files give it all away.
It also is information with long shelf life. A credit card number may only be good for a year. A health insurer ID may be good for several years. A Social Security number, for all practical purposes, is good forever. Steal credit card info from a hotel and it has to be put to work fast. Steal hundreds of thousands of records from a regional hospital and a hacker can be deliberate – methodical – in putting the files to work over five years.
Hackers know. Last year alone, well over 100 million Americans had personal info stolen in healthcare breaches. That is one in three.
IBM has called 2015 “the year of the healthcare security breach.” Every indication is that 2016 will be worse.
A reason: healthcare has erected few barriers to keep hackers out. A recent survey by the Healthcare Information and Management Systems Society said that healthcare providers are averaging less than 6% of their IT budget expenditures on security. Finance and banking average 12 to 15%.
Experts also said attacks on healthcare are up 125% over the past five years – as more criminals realize how easy these pickings are.
We are paying the price for this industrywide laxness.
Increasingly there are cases of medical false identity where a patient who isn’t you pretends to be and gets pricey treatment. Not only may this ding your credit history – you may be dunned for co-pays for services never received – but it can seriously taint your health records, introducing confusions about everything from your blood type to what medicines you are allergic to.
Medical identity theft now is so prevalent the US Federal Trade Commission has a web page devoted to the problem.
What can you do to better protect yourself?
Advice from multiple security experts is put your healthcare providers on an information diet. Only give them what they genuinely need. Many experts told us they now are flatly declining to give their Social Security number – commonly requested by doctors but they do not need it.
Give out just about no info over the phone. A common criminal scam is to call up victims, pretending to be in accounts at a major hospital or insurer, and asking for info. “Hi, this is Suzy Q from Blue Cross blah blah. We had a computer outage and need to update your records.” Our advice: hang up. If they really need your records updated they will find other ways to contact you (such as via a secure website).
Don’t just shrug off small bills – co-pays – that show up in your mail. Always follow up. And challenge any co-pays that aren’t right.
What about charges paid by your insurer? Start looking them over, too. Many of us ignore that sheet when it is asking us for no money. Pay attention to it. If there are doctor visits and hospital procedures that aren’t yours, follow up. You do not want bogus info contaminating your records.
Keep continually aware of your credit profile. Medical records thieves often parlay that data into new credit cards taken out in your name. Check your credit report annually and, nowadays, it is easy to get free FICO scores from many credit issuers. Check that monthly – if there are significant changes that’s an early warning sign that your credit may have been hijacked.
Today’s reality: keeping your medical info safe is on you. There’s no trusting the providers – they have proven their inadequacy and there are no signs they are toughing up. So do it yourself. You’ll thank us later for the advice.