Another Health System Hacked: How Safe Is Your Medical Info?

Banner Health, a non-profit organization that runs a chain of hospitals, said this month that hackers gained unauthorized access to millions of patient, physician, and other records — the latest in a series of data breaches that spotlights the growing risk of medical ID theft.

The Phoenix-based group said it notified 3.7 million patients, health plan members, food and beverage customers, doctors, and healthcare providers about the attack, which occurred between June 23 and July 7.

Banner Health — which operates in Alaska, Arizona, California, Colorado, Nebraska, Nevada, and Wyoming — said hackers accessed computer systems that process payment records at some Banner Health locations, the company said.

Security experts say the case points up the dangers of medical identity theft, which is on the rise in the U.S. According to a recent report by the Medical Identity Fraud Alliance, 2.3 million Americans are victimized by medical ID thieves annually, with total damages adding up to $20 billion. And the rate is growing by about 22 percent each year.

MIFA noted one-fifth of the victims suffered a decrease in their credit score, a third lost their health insurance, and the average cost to resolve those crimes cost consumers $13,500.

According to Twila Brase, president of the Citizens’ Council for Health Freedom — a Minnesota-based organization dedicated to protecting patient privacy rights, such cases are being fueled at least in part by healthcare reform changes pushed by Obamacare requiring healthcare providers to convert paper medical records to digital files.

Such records can be stolen more easily and used to file fraudulent health claims with insurers, Medicare, and Medicaid.

The federal government has established a goal of creating a National Medical Records System to track and analyze patient data — an initiative she argues puts consumers at risk.

“I do see it growing,” she tells Newsmax Health of the threat posed by medical ID thieves. “It’s one of the problems with a push towards a National Medical Records System because now we have created, or will create, a bigger and bigger target as our medical records get connected without our consent, mind you.”

Experts say medical information is 20 times more valuable than financial data on the black market. And if the thief’s health info becomes mixed with your medical records, then your treatment, insurance, payment records, and credit report may all be affected.

The risk is increasing because of cyberattacks and security data breaches at major corporations. Between 2010 and 2013, nearly 950 data breaches of protected health information were reported by entities covered by the Health Insurance Portability and Accountability Act (HIPAA) — involving approximately 29 million records, according to a recent study published in the Journal of the American Medical Association. Most data breaches resulted from overt criminal activity.

In these cases, thieves gained access to such personal information as medical claims data and clinical records, as well as banking account numbers, Social Security numbers, and birth dates.

“When you have these kinds of systems that connect all of this information together, it just becomes a very valuable target to those who see how much money that they can make off of our medical IDs,” Brase says.

Experts say there are some steps you can take to reduce your chances of falling prey:

1. Protect your medical records like you would bank or credit card info.
2. Ask your doctor if you can see your electronic health records to check for errors.
3. Read your explanation-of-benefits statements from your insurer and healthcare providers to check for any fraudulent charges.
4. Ask for an “accounting of disclosures,” which lists who has received your records. By law, you are entitled to one copy per year from each provider.
5. Check your credit reports regularly for any strange medical bills that an identity thief might have generated. You’re entitled to one free copy of your credit report each year from the three main reporting bureaus (visit: AnnualCreditReport.com).
6. Don’t give out your personal or health information to anyone, including friends or family members.
7. Be on the lookout for scams, such as if someone claims to work for a healthcare company and offers you services for free or for a too-good-to-be-true price, requiring your Social Security number, insurance info, or other personal data.
8. If you’ve been victimized, be sure to report it to your insurer, doctor, and local, state, or federal law enforcement authorities.