According to the Fifth Annual Study on Medical Identity Theft which was conducted by the Ponemon Institute, a Michigan-based data-privacy research firm, medical identity theft had increased in 2014 by almost 22 percent when compared to 2013.
The survey estimated that approximately 2.3 million Americans have fallen victim to medical identity theft, an increase of almost 500,000 more victims than in 2013. Because the survey was conducted in November, the study didn’t include the recent Anthem breach ‒ the largest healthcare breach in U.S. history which could affect up to 80 million Americans.
There’s a striking difference between medical identity theft and other types of identity theft, such as financial theft. While the financial services industry has made some strides into combating fraud and absorbing costs (for example, financial liability for consumer credit cards is often limited to $50, after which credit card companies will absorb the rest of the costs when a cyber criminal steals your credit card information), the healthcare industry is far behind.
Not only does the healthcare industry not have the proper infrastructure to deal with identity theft, but many times, individuals who are victims of medical cyber crimes are forced to deal with the brunt of the costs.
According to the study, 65 percent of individuals who were victims had to pay to resolve their issue and it costs, on average, $13,450 per person and it took, on average, 200 hours to get the issue resolved. The costs included payments to healthcare providers, insurers, identity service providers, and legal counsel. And upon resolution, only 10 percent of respondents reported that they achieved a completely satisfactory conclusion, according to the study.
Unlike credit card theft, victims who fall victim to medical identity theft typically don’t get alerted by anyone within the healthcare industry when suspicious or potentially fraudulent activity is occurring. According to the study, it took, on average, more than three months for medical identity theft to be discovered.
12 percent reported that they found out about the fraud during an appointment with a provider, 9 percent received breach notifications, and 5 percent received an “alert.” (More than one answer was allowed to be chosen).
However the majority of the respondents stated that they had to discovered the fraud themselves. Nearly 33 percent found errors on their medical invoices, 28 percent found out about the fraud after receiving collection letters, 24 percent saw errors in their insurers’ explanations of benefits, and 14 percent saw incorrect charges on their credit reports.
Coupled with the fact that the healthcare industry, in general, is slow to adopt new technologies and that they aren’t equipped to currently deal with cyber criminals, medical identity theft will most likely continue to be on the rise for the foreseeable future. To reduce medical identity theft risk, consumers will need to have better access to their records and will need to be more vigilant with how they share their records.