Tag Archives: criminal

Cyber Threats to Watch This Year

2015 was a year in which cyber criminals continued to innovate and expand their activities. As 2016 commences, look for insider threats to take center stage and for leading companies to respond. Meanwhile, cybersecurity and privacy issues will continue to reverberate globally. Here are a few predictions for the coming year:

Ed note_Edward Stroz

Cyber threats and elections– Threat actors targeted the websites and emails of presidential candidates in 2008 and 2012. Campaign websites continue to be used to raise money, making them targets for hacktivists and cyber criminals alike. Expect to see U.S. primary frontrunners and eventual nominees successfully targeted and to see at least one campaign undermined by a data breach.

IoT spurs new rules– This will be the year consumers awaken to security and privacy concerns attendant to the Internet of Things. A major physical disruption — through the breach of a connected car or medical device or weak security in a connected toy — will spur regulators and consumers to demand action. Expect companies to spend untold amounts on testing and retrofitting IoT devices to meet hastily approved “privacy and security by design” rules.

Insider threats get addressed– Insider threats — current or ex-employees with knowledge of, and access to, the corporate network — will take center stage in 2016. This will push human resources leaders onto cross-functional cybersecurity teams in many organizations. Expect leading-edge companies to invest in technologies that identify and, in some cases, prevent insider threats before they cause material damage.

International data flows narrow– Uncertainty arising from the demise of the EU-U.S. Safe Harbor pact will disrupt international data flows. Expanding European nationalism, distrust of U.S. surveillance and subpoena power, the prospect of triggering huge fines for transborder transfers and political disputes over alternatives will drive some U.S. companies to avoid doing business with Europe altogether. Meanwhile, other multinationals will opt to segregate business functions geographically by building local cloud services and data centers that protect them from penalties.

Boardroom shuffle– With concern mounting over cyber risks, organizations will evaluate fresh approaches to ensure boards are well-informed and comfortable making strategic decisions. Expect the appointment of specialist, non-executive cyber directors and the formation of dedicated cyber-risk committees (similar to audit committees) with independent advisers. Regulators may also pursue the concept of “cyber competent” people as a requirement for boards.

Cyber insurance spike– Demand for cyber liability coverage will continue to rise. Expect premiums to also rise because of constantly evolving threats, immature risk models and an underdeveloped reinsurance market. This will affect retailers, healthcare providers, banks and others that are considered high risk. Uncertainty about the concentration of exposure will lead regulators to impose cyber incident “stress testing.” This is a way to model the impact of multiple, simultaneous incidents on cyber insurance carriers — and potentially stop those that fail these tests from writing new policies.

Why Traditional Crime Measurements Don’t Tell the Whole Story

All over the nation, the question is being asked, “Why is the overall crime rate in the US on the decline?”

We have the answer:  “It’s not.”

In 1930, the FBI was given the task of collecting and publishing crime-rate statistics from across the country, and the UCR (Uniform Crime Reporting) Program was born. This program collects data from across the country, and it is published in several reports, including the often quoted Crime in the United States report. The report separates offenses into two categories: violent crime and property crime. 

These two categories appear to provide an adequate sample of the types of crimes that should be captured to measure the overall crime rate, but the four “property crime” categories fall short. There is a simple reason: They have not changed since the 1920s.*

For instance, the category of larceny-theft does not include embezzlement, confidence games, forgery, check fraud, etc. Identity theft, which is growing astronomically, is also not included.

According to the two entities within the federal government that measure and report identity theft rates — the Federal Trade Commission’s (FTC) Consumer Sentinel Report and the Bureau of Justice Statistics — identity theft crime rates continue to increase. Identity theft has been ranked as the #1 complaint reported to the FTC for the past 13 years. Of the 2,061,495 complaints captured from a variety of organizations that share data with the FTC, 369,132 were regarding identity theft.

The Bureau of Justice Statistics uses the National Crime Victimization Survey (NCVS) to capture and report its statistics on identity theft.  The last report available captures information from 2005-2010. According to this latest report, approximately 8.6 million households experienced financial identity theft.

The latest statistics available (2012) are from Javelin Strategy & Research Inc., an independent organization not affiliated with the federal government.  Their study concluded that there have been 12.6 million incidents of identity fraud.

Identity theft is increasing faster than property theft crimes are declining, but the public isn’t paying enough attention.  The reasons for apathy include the misconception that one can’t be a victim without a stellar credit rating (i.e., my identity isn’t worthy stealing) and the conspiracy theorist notion that this is all just a scare tactic promoted by industry to entice consumers into buying services that are unnecessary. Both are misguided.

A change in public perception is required. It has been engrained into us that we must take personal responsibility for safeguarding our possessions and our physical wellbeing, so why not our identity?

Most people realize that they cannot guarantee they will never be burglarized.  So they employ tactics to make it harder to break into their home.  When leaving for vacation, they secure doors and windows and activate alarms.  Often, mail is held at the post office and friends are asked to check in on the place.

People must likewise actively guard their identity components (such as passwords and devices).  Taking regular steps to safeguard your identity must become engrained in all of us.  It’s absolutely true that you can do everything right and still become a victim of identity theft – but why not make the thieves work hard?

Ask anyone if they would think twice about wandering into a dark alley, alone, at night, in a dicey neighborhood, and they would say, Absolutely! But consumers think nothing of going to strange websites and entering credit card (or even more personal information) without checking the legitimacy of the site, especially when you can get a screaming deal on that flat-screen TV or tablet.

It is widely recognized that fraud and financial crimes don’t scare or shock people in the same way that violent crimes do.  Unless they rise to the level of Bernie Madoff or Enron, the crimes rarely make headlines.

Additionally, financial crimes are often cited as much harder to accurately measure because of underreporting and lack of consistent reporting methods.**  Some individuals do not believe that financial crime victims suffer true harm, especially if they are eventually made financially whole, as can happen with some identity-theft victims.  There is a misconception that once an individual has false charges removed from a credit account, or false accounts removed from a credit report, or a false tax return remedied by the IRS, that they are no longer the victim.  The victim label is assigned to the entity that takes the financial hit, such as the credit card issuer/financial institution and the IRS. Regardless, a crime has still been committed. Even if the crimes are difficult to measure and don’t shock, they certainly should be included in our evaluation of crime rates.

The infiltration of technology into our daily lives has not only changed the way we live, it has changed the way crimes are being committed. Much like water, criminal elements will take the path of least resistance.  When law enforcement and society become adept at suppressing scofflaws by making a particular crime more difficult to commit, such as through anti-theft devices on cars, criminals move on to other crimes.

Non-violent crimes rates haven’t decreased; they have just changed. Whereas the criminal of twenty years ago was armed with a knife or a gun, today’s criminal is armed with a keyboard or skimming device. The weapon(s) of choice has changed from tools of violence to tools of technology.  Criminals aren’t committing fewer criminal acts, just different ones. We don’t have fewer criminals, only smarter ones.

* Upon inquiry, the FBI responded with the historical information to explain how the eight offense classifications known as Part I crimes were chosen as indicators of the overall crime rate in the country.  The first seven offenses were originally chosen in 1929.  Arson, the 8th offense was added in 1979. The 7 original offenses chosen to illustrate the overall crime rate and used in the annual publication Crime in the United States were not altered at that time.  In fact, they have remained mostly unchanged since the 1920s.

** The FBI has a Financial Crimes Report that is listed under its “Other Reports and Publications” section. Other offense data for fraud and fraud type offenses is captured in the FBI’s NIBRS (National Incident-Based Reporting System); however, identity theft is not one of the incident types captured.

The Financial Crimes Report(s) differ in format from the violent crime/property crime format in the UCR and are more difficult to decipher.  The data contained in these reports is for cases investigated by the FBI.  It does not include financial crimes cases for local jurisdictions throughout the United States as the UCR does.  The most recent report shows 5 year trends in various categories.  The categories of  Corporate Fraud, Securities and commodities fraud, health care fraud, and mortgage fraud (reported cases) all show increasing numbers. Financial institution fraud, insurance fraud, and money laundering case statistics show a decrease in numbers and mass marketing fraud has stayed relatively flat.

The NIBRS report for 2011 indicates there is data on the following fraud type offenses: Bribery – 293; Counterfeiting/Forgery – 74,131; Embezzlement – 17,000; Extortion – 1217, and Fraud Offenses – 245,301. This a total of over 330,000 known incidents that could be counted in the overall crime rate in the UCR.  Though small in comparison to the other property crime numbers, it is not a statistically irrelevant number.   Identity theft statistics are not captured on this report.  Identity theft statistics are published by another department within the USDOJ (of which the FBI is a part), the Bureau of Justice Statistics.

5-Year Analysis Of Pharmacy Burglary And Robbery Experience

Background
Burglaries and robberies represent a significant expense to pharmacies in the United States. Beyond direct insurance costs, which are driven by loss experience, pharmacists experience financial, business interruption and psychological costs. Pharmacists are concerned about armed robberies, and even finding that a store has been burglarized overnight can be upsetting and cause the expenditure of thousands of dollars in an effort to prevent reoccurrence. Beyond what is covered by insurance, customers pay deductibles that can easily be exceeded as a result of criminal efforts to gain entrance. Pharmacists that are victimized face hours of dealing with police, the Drug Enforcement Administration, board of pharmacy, contractors and their insurance company. As state and national efforts increase to address the underlying problem of prescription drug diversion, pharmacists face increasing administrative and regulatory compliance costs.

When we seek methods to effectively combat the problem, it is important to understand the larger problem of prescription drug diversion and how it fuels pharmacy burglaries and robberies. Described by the Centers for Disease Control as having reached epidemic proportions in the United States, demand for prescription narcotics, coupled with a widely available supply, create an environment that is ripe for criminal activity.

  • While the U.S. represents only 4.6% of the world's population, we consume 80% of the global opioid supply.
  • Five million Americans use opioid painkillers for non-medical use.
  • We experience almost 17,000 deaths from prescription narcotic overdoses annually. In a 4 year period, that is more deaths than we experienced during the Vietnam War.
  • Morphine production was at 96 milligrams per person in 1997. By 2009, that number increased eight-fold.

The origins of the problem are complex, but are based on a cycle of over-prescribing that has occurred over the past two decades. While well intentioned, liberal prescribing coupled with aggressive marketing, incentives and even encouragement to physicians to relieve pain at all costs sparked the fire. Unchecked by adequate physician education on drug diversion and dependency, and a lack of appropriate chronic pain management protocols, demand and dependency increased. As demand increased, so did production levels, opportunities for profit and creative methods of diversion.

Pharmacy crime involves every part of the distribution chain from manufacture through wholesale, retail, and ultimately to the end user. Pharmacists have been victims of deceptive practices, prescription fraud, employee diversion, burglaries and robberies. According to the Centers for Disease Control, prescription drug diversion, measured by drug overdose deaths and pharmacy crime, is at epidemic proportions.

National And State Actions Taken To Address The Problem
Significant efforts continue to be taken at the national and state levels to combat the problem, with various degrees of success. Each of these has a direct impact on how customers conduct business. Unfortunately, most will have no short term impact on reducing the probability of pharmacy burglaries, robberies or employee diversion.

Prescription Drug Monitoring Programs — Inputting data on prescriptions written and prescriptions filled, particularly for opioid based narcotics is an effective measure for identifying doctor shoppers, abusers and other drug seekers. While the programs are in place in 49 states, most do not connect with each other. This allows a drug seeker to get a prescription in one state and have it filled in another. Use of the program varies significantly by state between being mandatory, voluntary or somewhere in between. In addition, many of the programs are set up on a “free trial” basis for 5 years. As the trial periods are expiring, funding is becoming difficult to continue the programs, notably in California and Florida. Most pharmacists support these programs; however, there has been some resistance by major chains and various state medical associations — in large part objections are based on the time it takes to enter data.

Drug Courts — Intended to allow persons committing crimes to recover, many of these courts eliminate or significantly reduce sentencing for burglars and, in some cases, robbers. This results in a significant level of resentment by pharmacists who are victims of crime.

Drug Enforcement Administration Strike Forces — In the past several years, the Drug Enforcement Administration has shifted a major portion of resources from illicit drug enforcement activity to prescription narcotics. One of the focal areas has been on monitoring the flow of narcotics to pharmacies. These efforts have resulted in sanctions and subpoenas against distributors such as Cardinal Health and Amerisource Bergen, as well as arrests of physicians and pharmacists. In some areas of the country, there are complaints of narcotic shortages as distributors restrict shipments. This pushes drug seekers to other states and areas where enforcement is not as aggressive.

Changing Prescription Patterns — Where states have increased penalties against prescribing physicians and pharmacists for filling prescriptions when they “should have known better,” some physicians have decreased or stopped writing scripts for certain narcotics and some pharmacists have pulled them from the shelves. As chronic pain treatment guidelines are implemented and physician education on drug diversion and addiction increases, we can expect tighter controls on the management of prescription narcotics.

Treatment For Abuse And Addiction — A reality in the war against prescription narcotic diversion is that the demand exists and that the long term solution requires treatment programs that take time, cost money and are much more difficult to manage than writing and filling prescriptions. Until these programs become more available and acceptable, drug seekers will continue to find ways to obtain narcotics, including committing crimes against pharmacies.

Key Findings Presented In This Report
This report covers a 5-year analysis of burglaries and robberies occurring to Pharmacists Mutual customers.

These claims impact our bottom line. Data collected comes from claims department data as well as interviews with each customer victim by our claims department over the past two years. In many cases (where requested by the customer or due to the nature of the loss), follow-up investigation is also conducted by risk management. Information obtained has been used to educate customers, underwriters and field representatives about how the crimes are committed and preventive measures that can be employed to minimize the extent of loss.

What we've learned:

  • Frequency of pharmacy crimes (81% of PMC crimes are break-ins vs. armed robberies) has been relatively flat over the past 5 years compared to policy count. While we've seen an 18% increase in crimes over the past 5 years, policy count has grown by 21%. RxPatrol, the only other national pharmacy crime database, has seen a slight decrease over the past 2 years, however, 60% of RxPatrol reports are for armed robberies, primarily to national chains, and much of this decrease may have been as a result in aggressive measures to address the robbery problem in chain stores such as Walgreens and CVS.
  • Total incurred and average costs have increased steadily over the past 5 years.
  • Almost 70% of the crimes we see are under $5,000. 50% of costs come from the 9% of claims that are in excess of $25,000.
  • In 52% of cases, criminals enter through the front door or front window. One indication is that video surveillance, while at times helpful in identifying perpetrators, does not deter crime. Some of the most expensive burglaries have been those where criminals entered through the roof. Examination of these and side wall entries indicates the approach targets areas of the pharmacy that may not be adequately protected by alarm systems, or to circumvent motion detectors.
  • In 1/3 of cases, police respond within 5 minutes. When they do, arrests result in 21% of cases. Unfortunately, most crimes take less than 2 minutes. Bottom line, if they can get in, chances are they will be successful and will get away. In areas of the country where police response times exceed 30 minutes (rural and municipalities with budget constraints), pharmacies are effectively unprotected.
  • Most state boards of pharmacy require alarms, but situations remain where alarms are not present, are not functional or are ineffective. In many cases, maintenance and testing are non-existent, and there are suspicions that alarm codes may have been compromised.
  • If a criminal wants to try and burglarize or rob a pharmacy, the pharmacy will likely incur property damage. However, the size of the loss can vary from a few hundred dollars to tens or even hundreds of thousands of dollars depending on control measures that are in place.

    What really makes a difference in keeping loss costs low?

    • A well-designed, tested and reliable alarm system. Alarm codes need to be protected and police response needs to be adequate.
    • Protecting doors and windows to slow down or eliminate the possibility of entry. If the crooks cannot gain entrance within a few minutes, they will usually leave.
    • Installing a safe. The overwhelming majority of criminals are in and out in less than 2 minutes. Locking target drugs in a sound, well-secured safe can make a significant difference in the size of the loss.
    • Having a plan and training employees on what to do if a robbery occurs. This can mean the difference between life and death.

What We've Done At Pharmacists Mutual And What We Will Be Doing In 2013

  • Over the past two years, we have met with over 15 pharmacy associations and buying groups, have published numerous white papers and articles in our semi-annual publication “Pharmacists Mutual Risk Management” and have spoken with hundreds of customers who have experienced pharmacy crime first hand.
  • We have identified vendors of security products based on our loss experience. Where possible, we have arranged discounts for PMC customers who use these services.
  • In the fourth quarter of 2012, we provided training to underwriters about pharmacy trends and tools to assist them in evaluating protection levels at pharmacies and to address specific deficiencies.
  • For 2013, we will be implementing a pharmacy security evaluation matrix. The matrix, based on probability and loss severity data, will be used to assist pharmacies in assessing risk and in underwriting evaluation.
  • We plan to continue publication and education efforts.

Pharmacy Crime Frequency

Number of Pharmacy Commercial Policies

National Data

Pharmacy Crime Total Incurred Claims Cost

Pharmacy Crime Average Incurred Claim Cost

Frequency by Size of Incurred Loss

Robbery vs. Burglary

Method of Entry

Average Cost by Method of Entry

Video Surveillance

Arrest Rates and Video Surveillance

Police Response Times

Arrest Rate by Time of Response

Alarm Notification

Alarm Response Average Cost

Alarms and Sales

Medical Identity Theft And Fraud

Medical identity theft (MIDT) is a crime that has profound consequences for patients, insurance providers, and health care providers. The definition of medical identity theft is the fraudulent use of an individual’s personally identifiable information (PII), such as name, Social Security number, and/or medical insurance identity number to obtain medical goods or services, or to fraudulently bill for medical goods or services using an unlawfully obtained medical identity. Unfortunately, the definition of medical identity theft and the consequences that are associated with the crime are not common knowledge to the general public.

A recent study conducted by Harris Interactive on behalf of Nationwide Insurance found that only one in six (~15%) of insured adults say they are familiar or very familiar with the term “medical identity theft.” Of the 15% that professed familiarity with the term, only 38% could correctly define what a medical identity was (Medical ID Theft Study 4). Unfortunately, this lack of widespread understanding of medical identity theft by consumers is part of the problem and it is costing consumers, insurers, and healthcare providers alike.

According to the most recent Ponemon Institute Research Report, 1.85 million Americans were affected by medical identity theft in 2012. This is a dramatic increase from the 1.49 million affected by medical identity theft in 2011, amounting to an almost 25% increase in just one year (Third Annual Survey 1). This rate of growth has the potential to explode due to several reasons. First, The Affordable Care Act is estimated to reduce the number of uninsured by approximately 30 million (Insurance Coverage Provisions 13), drastically increasing the number of insurers and insured patients that are targets for medical identity theft. Second, HIPAA policies and new rules under HITECH are increasing the use of electronic health records (EHRs) which can be vulnerable to data hackers. And lastly, the data hackers themselves are more sophisticated and cognizant of ways to profit off of personal data than ever before. All these factors combined pose a very serious dilemma in controlling the rate of growth for medical identity theft. Ponemon estimates that the cost of medical identity theft to consumers in 2012 was approximately $41 billion (Third Annual Survey 1). This does not include the untold cost borne by healthcare and insurance providers. We cannot afford the cost of letting this crime grow.

In order to minimize the effects of medical identity theft we must better understand the nature of medical identity theft. The Identity Theft Resource Center (ITRC) knows it is important to assess how consumers’ identities are stolen, how they find out they have fallen victim to this crime, and how difficult it is to resolve once discovered. The Identity Theft Resource Center believes this information can be used to educate and make aware the general public as to what medical identity theft is and how they can minimize their risk or mitigate the cost once they become a victim.

Looking at how medical identity theft victims discover they have fallen victim to this crime is crucial in determining what can be done to discover medical identity theft sooner to avoid increased expenses and instances of fraud. The 2012 Ponemon report found that the most common way (39%) people discover they have become victims of identity theft is by receiving collection letters for delinquent bills. This is bad news as this means the costs for the fraudulent services worked their way through the providers’ billing systems and languished there until they were forwarded to collection departments or agencies. In the time it took for the bill to make it to the collection department or agency, the imposter could have committed many more instances of fraud in different locations. The second most common method of discovery (32%) was by noticing mistakes in their health records, tipping them off to the medical identity theft. This is also bad news as mistakes in health records can have catastrophic consequences which can be fatal.

Fortunately, the third most common method (26%) of discovering identity theft was by victims noticing suspicious postings to a statement or invoice, such as an Explanation of Benefits statement. This is very good news as this usually means the victim is discovering their medical identity theft as early as possible. The earlier the victim notices the crime, the more likely they may avoid damage to their credit score, stop future abuse of their medical identity, and reduce the amount of time and money spent to rectify the issue. This statistic is even more interesting when compared to the previous two years of the Ponemon study, where only 9% of participants indicated that they discovered their medical identity theft via suspicious statements of invoices. This is a promising example of how educating and making consumers aware of medical identity theft can make a big difference in helping reduce the incidence of medical identity theft and its costs as a whole.

Looking into the mitigation process victims are confronted with after they discover their medical identity theft reveals the costs and trouble they have to go through to clear their names. There are two distinct objectives when mitigating medical identity theft. First, the victim must deal with an individual incident such as a thief receiving medical care under the victim’s name and the associated fiscal impact the crime imposes. Second, the victim must now deal with the task of “curing” themselves of medical identity theft, insuring that their medical identity is not abused again in the future. This second objective is extremely difficult and contributes to the devastating nature of medical identity theft.

Regarding the first objective, the process for rectifying an individual incident of medical identity theft is complicated and drawn out. The victim must immediately contact the medical records and billing departments of the healthcare provider that provided the services to the imposter, request their medical records, and inform the provider that they are not responsible for the fraudulent bills. Upon learning that there may be fraudulent information in the victim’s medical record, the healthcare provider may deny the victim access to their medical record for fear of violating the Health Insurance Portability and Accountability Act (HIPAA). HIPAA protects the privacy of patients’ medical records making healthcare providers worry that they may be violating the imposter’s privacy rights by releasing the medical record to the victim. Oftentimes, the healthcare provider does not know for a fact that the fraudulent information in the medical record was a result of medical identity theft and cannot rule out that it may simply have been an accidental mixing of two patients’ records. Regardless of the situation, the healthcare provider is afraid of incurring liability under HIPAA for releasing confidential medical information even if it is under the victim’s name. The victim may have to appeal the decision in order to be able to view their records.

In one case, a medical identity theft victim was charged for bills related to the alleged amputation of one of her feet. Luckily, this was easily refutable as she would simply show the hospital billing department that she still has her two feet. Unfortunately, the imposter also had diabetes which prompted a physician, during a subsequent hospitalization, to ask the victim what medications she was taking to treat her diabetes. Note, the victim has never had the disease (Menn). This case demonstrates how frustrating correcting medical records can be and reminds us how dangerous medical identity theft is to the victim.

It is also recommended that victims file a police report and submit a copy of the report to healthcare providers as it will usually help streamline the process. It is important for victims to note that medical identity theft, like any other form of identity theft, is a crime police are required to provide a police report for in most states. Once the incorrect information is identified, the victim must request that the healthcare provider either remove the information or at least flag it should the provider be reluctant to permanently remove it. After correcting the records at the location the imposter received medical services, the victim will then have to request an accounting of disclosures listing all the entities to which the healthcare provider sent the victim’s fraudulent records. The victim must repeat this procedure at each location that has their fraudulent medical record. All of this creates mountains of work for healthcare providers, insurers, and the victims themselves which increases costs in the medical industry for everyone involved.

The second and more difficult objective, “curing” oneself of medical identity theft, does not have a set solution. The problem stems from the decentralized structure of the medical data system. Every healthcare provider, pharmacy, and insurer has its own records and records system. In contrast, the financial industry has three major credit reporting agencies through which almost all financial credit information is processed. Therefore, when you have suffered financial identity theft, a great way to mitigate future instances of fraud is to place a credit freeze with all three credit reporting agencies so that identity thieves cannot abuse your credit again. There is no such central medical record agency for medical records. Thus, it is possible for a medical identity thief to commit fraud with the same medical identity over and over again in multiple locations around the country. The victim will have to go through the individual incident mitigation process every time and just hope that the identity thief will stop using their medical identity.

Since there is no way to get ahead of the thief and prevent the medical fraud from occurring, the best way to mitigate the costs and effects of medical identity theft is for the victim to be vigilant and confront each instance of fraud as soon as possible in order to reduce the amount of wasted time and costs. This repetitive cycle is exhausting and costly for the victim as well as healthcare providers and insurers. In all three years Ponemon has conducted this survey, the number of victims who said they had completely resolved their medical identity theft never exceeded 11% (Third Annual Survey 11). This is an ongoing problem that does not yet have a solution, but it is imperative for all stakeholders to be involved.

All of this information points us to the realization that medical identity theft is a costly and potentially dangerous crime that is incredibly difficult to resolve. To make matters worse, medical identity theft often goes undiscovered for long periods of time and only becomes more detrimental and difficult to resolve the longer it goes undetected.

The Identity Theft Resource Center proposes that one of the best methods of reducing medical identity theft and the costs associated with it is an educated and aware consumer population. To make this point, it is useful to separate out the causes of identity theft listed in the Ponemon report into two groups. The first group includes causes of identity theft that victims have no control over: healthcare provider used identification to conduct fraudulent billing (22%), malicious employee in the health provider’s office stole health information (7%), and the healthcare provider, insurer or other related organization had a data breach (6%). In total, 35% of the causes of identity theft cannot be affected by actions of the consumer. The second group consists of causes of identity theft that a consumer does have a degree of control over: family member took personal identification credentials without my knowledge (35%), mailed statement or invoice was intercepted by the criminal (6%), lost a wallet containing personal identification credentials (5%), and a phishing attack by criminal who obtained personal identification credentials (4%). Thus, the total of causes of medical identity theft that can be affected by actions of the consumer is 50%. It should be noted that 15% of the participants still did not know how they had their medical identity stolen.

Looking at the numbers above, it is clear that the consumers themselves can have the largest impact in reducing the number of medical identity theft cases and the severity of the cases that still occur. Not only do the consumers themselves have the best ability to reduce the risk of medical identity theft happening to them, they are the only people that can reduce the severity of the crime when it does happen. The Identity Theft Resource Center has long understood the ramifications of medical identity theft on the consumer population as well as the medical industry itself. We know that educating the consumer population can be cost-effective and powerful.

The Identity Theft Resource Center is a founding organization of the Medical Identity Fraud Alliance, the first public/private sector-coordinated effort with a focused agenda that unites all the stakeholders to jointly develop solutions and best practices for medical identity fraud. We encourage all industry stakeholders to join so that we can work together in galvanizing the consumer population into becoming the most effective weapon yet against medical identity theft.

How Consumers Can Minimize Their Risk Of Medical Identity Theft

  • Review Explanation of Benefit statements as soon as you receive them as they may detail medical services that you never received.
  • Review your credit reports multiple times a year to see if any fraudulent accounts have been opened in your name, or if any medical bills have been reported as unpaid.
  • Be aware of phishing emails. These emails are designed to look like they are official communications from either a healthcare provider or insurer and ask for personal information such as a Social Security number, insurance policy number, or other information used to commit medical fraud in your name.
  • Do not open attachments in emails from people you are not familiar with as it may have a virus or program to steal information from your computer.
  • Use a Virtual Private Network when using the Internet outside of your home as this will encrypt your signal from your mobile device or laptop.
  • Do not carry your Medicare card, Social Security card, or certain military identification as these have your Social Security number on them. Should you lose your wallet or purse or have it stolen, this information would be extremely valuable to a medical identity thief.
  • Shred or safeguard any documents with personally identifiable information by either locking them in a safe hidden in the home or by storing them on an encrypted thumb drive and deleting them off your computer. Sensitive documents with PII include:
    • Tax preparation papers
    • Explanation of Benefits statements
    • Medical Bills or Records
    • Bank Statements
    • Passport
    • Medicare, Social Security, or military identification card

References
Nationwide Mutual Insurance Company. “Medical ID Theft Study Results.” March 2012. Print.

Ponemon Institute. “Third Annual Survey on Medical Identity Theft.” June 2012. Print.

Congressional Budget Office. Estimates for the Insurance Coverage Provisions of the Affordable Care Act Updated for the Recent Supreme Court Decision. U.S. Government Printing Office. July 2012. 13 December 2012. http://www.cbo.gov/sites/default/files/cbofiles/attachments/43472-07-24-2012-CoverageEstimates.pdf

Menn, Joseph. “ID Theft Infects Medical Records.” Los Angeles Times. 25 Sept. 2006. N.pag. Web. 20 Dec. 2012