A Sickness in the Healthcare System: Weak Protections for Patient Identities


Criminal cyber attacks on healthcare information repositories have increased 125% since 2010. With the announcement of the Excellus breach in recent weeks, the total number of big-headline medical information compromises reported in 2015 (such as Anthem, Primera, Carefirst) had crossed the mind-blowing demarcation line of 100 million files.


  • According to the Identity Theft Resource Center, the medical/healthcare sector accounted for the highest percentage of breaches in 2014 at 42.5%.
  • Medical Theft can be life-threatening. When your personally identifiable information is used by another person to acquire healthcare, your medical history is literally contaminated with the medical information of another person. If that mingling of data results in the removal of an allergy or a change of blood type, the result could put your life in jeopardy.
  • If someone gains unauthorized access to your health insurance, you could find yourself in a quagmire should you suffer from the same ailment as the thief and require a particular treatment or medical procedure. Consider how serious that could be if the procedure you need (and can’t get because it’s already been performed on the impostor) happens to be something like bypass surgery, amputation, cancer treatment or any other major intervention.
  • Unlike credit card fraud, victims of medical identity theft can suffer significant financial consequences. Sixty five percent of medical identity theft victims in a study done by Ponemon Institute had to pay an average of $13,500 to resolve the crime. In some cases, they paid the healthcare provider, repaid the insurer for services obtained by the thief, or they engaged an identity service provider or legal counsel to help resolve the incident and prevent future fraud


Unfortunately, just as the sector is less well-equipped to protect itself, there are also fewer services for consumers wanting to protect themselves from medical identity theft than there are in financial services. That said, you can still take a few key steps.

  • Get a copy of your medical records from your doctors and review them for accuracy.

Make sure that all the information describes your medical history. If you see something you don’t recognize, it could mean that your health information has been mixed with someone else, whether it’s a fraudster or simply another patient with the same name as yours.

  • Check your Explanation of Benefits.

Since EOB’s generally say in bold at the top, “This is not a bill,” most people don’t read them, but you should review every single one. Make sure you received the service it says you did on the date and at the organization stated.

  • Only give your Social Security Number if absolutely necessary.

If you’re asked for your SSN at the doctor’s office, find out why they need it, and see if there’s a way to avoid providing it.

  • Use a medical identity monitoring service.

A number of companies have begun offering identity theft protection services specifically around health care or health data. These services will alert you whenever there’s a health care transaction on your account.

Kuderer Financial has partnered with IDShield and Kroll Risk Management Services to offer safeguards for your Financial and Medical security. Contact me or Click Here to learn more about how together we can help you protect your family’s medical identity.