Consumer ignorance drives big jump in medical ID fraud

People are at an increased risk of medical identity fraud, partly because they do not recognize the life-threatening scenarios that could result from having someone else use their credentials to obtain healthcare services, a survey found.

The number of Americans connected to medical ID theft reached 1.8 million in 2013, a nearly 20% increase from 2012, says a Ponemon Institute study sponsored by the Medical Identity Fraud Alliance. Consumers' out-of-pocket costs as a result of the crime topped $12 billion.

The institute based its findings on a survey of 788 adults who claimed that either themselves or close family members were somehow affected by medical identity theft. The crime is defined as when a person uses someone else's credentials to receive medical services or prescription drugs or to commit fraudulent billing.

The survey found several indicators that people do not take medical ID theft as seriously as they should. Combining medical information of multiple people on the same record could give doctors and nurses life-threatening misinformation about blood type, drug allergies or medical conditions.

"Your records are contaminated by the medical information of the perpetrator, and that could actually have severe impact," Robin Slade, development coordinator of the Medical Identity Fraud Alliance, told CSOonline on Friday. "It could impede your medical treatment. It could potentially kill you."

[IN DEPTH: DNA hack could make medical privacy impossible]

While computer hackers and employees stealing medical records certainly contribute to medical ID fraud, the problem is actually much more complicated, the study showed.

Three in 10 of the respondents had shared their medical credentials with family members, so they could obtain treatment or pharmaceuticals. Nearly the same number said a family member used their credentials without permission, which was often never reported.

Despite being aware of the crime, almost 6 in 10 respondents did not check whether the information on their medical records was accurate, the survey found. In addition, half did not take any steps to protect themselves against fraud.

Ignorance seems to be the biggest driver behind medical ID theft. "They just don't understand that [fraud] is occurring," Slade said.

The lackadaisical response could be explained in part by the fact that 35% of respondents did not suffer any financial consequences as a result of medical ID theft. The majority of the losses that did occur were a result of reimbursing healthcare providers, legal fees, diminished credit scores and lost time and productivity in fixing inaccuracies in credit reports.

Also contributing to inaction is the amount of time required to deal with the crime. A third of the respondents found that the process took a year or more, and nearly half said they were unable to fix all the damage.

Healthcare providers could help to reduce fraud by improving their procedures for identifying people coming in for services. However, Slade argued that the crime could only be significantly reduced through a "holistic risk management approach" that involved service providers, insurers, government agencies, consumer groups and law enforcement.

"All of these organizations agree that fraud is not a competitive issue and we need to work cooperatively to address medical identity fraud," Slade said.

Founding members of the Medical Identity Fraud Alliance include providers of healthcare and support services, insurers and technology companies.

Read more about data privacy in CSOonline's Data Privacy section.

Join the CSO newsletter!

Error: Please check your email address.

Tags Medical Identity Fraud Allianceapplicationsmedical id fraudPonemon Institutesoftwaredata protectionData Protection | Data Privacy

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place