Different Methods of Health-Related Identity Theft

Sue Marquette Poremba
Slide Show

10 Top Security Policies from the Knowledge Network

Prevent security breaches with a solid security plan.

It's no secret that health data is a big time target for hackers and identity thieves, nor is it news that the information stolen from insurance companies or health care databases make headlines.


Why do they do it? To get rich through identity theft. ZDNet posted an article by Dana Blankenhorn who, interviewing Michael Maloof, CTO of TriGeo Network Security, pointed out that thieves want Social Security numbers, birth dates and addresses so they can get credit or other monetary gains using other people's identities. The article stated:

TriGeo offers an appliance that can sit behind your firewall, track user traffic, and detect problem patterns, even detect when someone is plugging in a USB thumb drive. This not only protects against outside criminals, but disgruntled insiders.

That's all well and good about electronic protection, but Blankenhorn originally linked to a report from the Identity Theft Resource Center as the background for his piece, and while the report is over a year old, I think the information is still relevant. And what Blankenhorn missed was a vital concern of the report: Most laws in place to protect information only focus on electronic data, not paper data. The ITRC report stated:

Unfortunately, more than 25% of the breaches year to date are paper breaches. Paper breaches are often documents with personal information disposed in trash cans or dumpsters, left for the taking by those who didn't take the time to shred them.

Even if the report isn't brand new, this is important food for thought. We worry so much about how to protect data on the computer-as we should-that sometimes the old-fashioned methods of exchanging information gets forgotten. And thieves will grab the information any way they can get it.

Add Comment      Leave a comment on this blog post
Nov 4, 2010 8:17 AM jospino jospino  says:

I know a site that fights identity theft: Stop using your unsecured login and password, use the Digital DNA Technology to access your favorite web sites with http://www.thedigitaldna.com. What do you think ? revolutionary !!!!!

Nov 12, 2010 10:38 AM Rex Davis Rex Davis  says:

Thanks, Sue, for your attention to these unfortunate facts of modern life.  The Identity Theft Resource Center has been involved in creating protocols for mitigating medical identity theft cases for the past year or more, and has recently trained advisors from a large company on these methods.  In medical identity theft, the perpetrator often wants the medical services at no cost, not just the persons information to use for other financial fraud.  What makes this very scary is the possible mixing of medical records due to fraudulent use of the medical "identity", with the attendant risk of harm.  If the case involves patient medical information, then it falls under the HIPAA regulations, which means the original patient may be excluded from access to the records to clear them up, as the medical facility now knows that some of the patient data does not belong to that patient.  Very, very frustrating to fix!

ITRC tracks breaches continuously, reporting each Tuesday on our "Breaches Home Page" at: http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml# .  And yes, the old fasioned paper records are still a factor.   Thanks


Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.