What Now? What To Do If Your Healthcare Provider Has a Data Breach

Preventive Care for Your Medical Identity

Picture this: You just found out that your healthcare provider or insurer has had a data breach, and you probably have a lot of questions. What are the risks to you? How worried should you be? And perhaps most importantly, how can you protect yourself against those risks?

Here are some short answers. The risks of medical identity theft are significant. They can range from stressful to deadly, and you should be very concerned. A Ponemon study on breach costs found that 65 percent of medical identity theft victims had to spend almost $13,500 to pay off fraudulent medical bills, plus medical data breach victims often fall victim to financial fraud. And a study published in the Annals of Internal Medicine found that 71 percent of medical data breaches included sensitive personal information that could even be used to blackmail victims.

And the most important answer: You can protect yourself against medical identity theft. In fact, you should always take defensive measures to protect your medical identity, because breaches can happen any time. According to HealthITSecurity, 41.4 million patient records were breached in 2019 alone, and the HIPAA Compliance Journal shows an average of about 50 breaches a month from early 2019 through early 2020.

Here’s how you can help protect yourself in the case of a medical data breach:

• Never give your Social Security number (SSN) to medical providers. It shouldn’t be used for a medical ID number, and if a form asks for your SSN, it’s OK to leave that blank.
• Never share your medical benefits and insurance information with anyone except your medical provider. It’s illegal and it puts your medical records and coverage at risk.
• If you access health information through any online portals, choose strong passwords, change them often, and never share them with anyone.
• When you get an Explanation of Benefits (EOB) from your medical insurance, review it carefully for unexpected charges, and notify your insurance right away if something is wrong. Also review EOBs carefully for your kids and any other family members you provide care for.
• Be on the lookout for signs of medical identity theft, such as bills for medical services you didn’t receive; collection notices about medical debts you don’t owe; or unexpected notices you’ve reached your health plan limit or been denied coverage.

If you receive a notification letter or hear news about a data breach at one of your medical providers, take these steps to secure your medical and financial accounts:

• Change the passwords on medical portals that you use.
• Request a copy of your medical record from each of your providers right away. That way you’ll have an accurate record in your possession in case an imposter’s information ends up in your file.
• Check EOBs from your insurers even more carefully than usual.
• Contact your bank and credit card issuers and ask them to put an alert on your accounts. (Even if the medical provider doesn’t believe financial information was stolen, it’s a good idea to have alerts on all your financial accounts.)

If you see evidence that your medical identity has been stolen, your first priority is to review and correct any problems in your medical records. Proceed carefully, because if the provider thinks someone else’s medical information has gotten into your record, they may deny access because they’re required to protect the other person’s privacy. If you have an identity protection plan such as MyIDCare, contact your recovery team for help. If not, the FTC has helpful instructions on its website.

Here’s what you’ll need to do once you’ve taken steps to secure your medical records:

• If you find fraudulent charges on an EOB, notify your insurance provider right away. If the charges involve Medicare or Medicaid coverage, file a report online or call 800-HHS-TIPS.
• Watch your credit score and credit reports carefully, especially for any sign of fraudulent medical debts.
• File an Identity Theft Report with the Federal Trade Commission. If you receive phishing messages or calls that may be using your stolen medical information, report them to the FBI’s Internet Crime Complaint Center.

Medical data breaches are extremely serious, and we should all do our best to help prevent them. That means never posting medical details on social media and being aware of scams aimed at stealing medical information, especially during the COVID pandemic! Giving information to a scammer could actually cause a medical data breach. Also, remember that many medical and health apps gather data that could be breached, so before you download an app, check the source, their privacy policy, and how they will protect your sensitive information.

Finally, if you don’t have one already, consider getting an identity protection plan that includes guaranteed identity recovery and dark web monitoring that will alert you if your medical information shows up for sale to criminals. You have health insurance. It just makes sense to also protect the medical identity that your health depends on.