Your medical records and personal payment data are worth a lot of money on the “dark web.”
In fact, medical information sold on the anonymous regions of the internet is four times more valuable than a Social Security number.
When criminals get their hands on your medical records or billing information, they have everything – your address, your birthdate, your home phone number and probably your Social Security number, too. That’s why crooks put a higher value on medical records than simple financial records.
They can use that information for more than stealing your identity. They can create fake identities that could allow them to buy and resell medical equipment or drugs. They can also combine a patient number with a false provider number and file fake claims with insurers. They can even use them to file fake tax returns.
But there are steps patients can take to protect their medical records and billing information, says April Wilson, Vice President of Marketing and Analytics for RevSpring (www.revspringinc.com), a company that provides patient engagement and billing solutions for healthcare providers.
In one recent study, 89 percent of healthcare providers surveyed admitted at least one data security breach in the previous 24 months.
Wilson provides a few tips on what patients can do to guard their healthcare information.
Only give out data that is absolutely necessary. When asked on an application to provide a Social Security number, ask why. It may not really be needed. It’s always safest not to store financial account information online for bill paying. But if you do, credit cards offer better protections than most debit cards or bank account numbers if compromised.
Watch for suspicious mail. If the hacked company has your address, expect bogus pitches to arrive in your mailbox from people who want to “solve” your identity theft problem for you. Be suspicious of notification emails, especially those containing links or attachments (they may contain computer-infecting malware).
Use fraud alert. If your Social Security number was taken in a breach, the risk of ID theft is five times greater than for the average consumer. Place a fraud alert or security freeze on the credit report at the three big credit-reporting bureaus.
Say yes to added security. If the breached organization offers free monitoring service, take advantage of this extra layer of security. Only 20 percent of breach victims do.
Monitor your accounts. This includes Social Security earnings records. Ask bank or credit card issuers to set up free email alerts for notification about activity on accounts, especially including change-of-address requests.
Change your passwords frequently. Also order, for free, a credit report once every four months — once a year from each agency — at annualcreditreport.com.
Choose the most secure payment option. Ask if your provider has a secure, online payment option rather than handing your credit card over to the billing department. Many health systems use big data screening and analytics to flag possible security breaches before data is stolen.
“Healthcare providers are struggling to keep up with these increasing security attacks and need to partner with healthcare payment vendors who prioritize security and data safety at every transaction,” Wilson says. “Patients need to be as vigilant as possible.”
RevSpring (www.revspringinc.com) is a leading provider of consumer communications and billing solutions for healthcare providers. Since 1981, RevSpring has built the industry’s most comprehensive suite of consumer engagement, communications, and payment pathways that is backed by consumer behavior analysis, propensity-to-pay scoring, intelligent design, and user experience best practices.