BreachExchange mailing list archives
Re: Is it just about credit? (question 1 / health care)
From: nepen <nepen () attrition org>
Date: Sun, 29 Apr 2007 18:36:50 +0000 (UTC)
On Sun, 29 Apr 2007, security curmudgeon wrote:
: Question 1 : Is is just about your credit? : : If someone gets you SSN or SIN (Canida) they can do a lot more than get : cash. If they get medical treatment for ... I don't know ... a heart : problem of even... HIV do you think you will ever get insurance again? Hopefully someone in the health care industry can speak up on this but a few points. Many (most? all?) hospitals require photo ID for everything now. While we know that a bad guy can do a full identity theft, including getting a new license or birth certificate, it does require a dedicated person. They ask for the photo ID with insurance card, which you'd also have to get issued. Some hospitals actually train their staff (a full class) on handling photo ID, recognizing aspects that would be suspicious (birth date, etc) and how to respond. This has lead to some cases where the person using a stolen identity recived medical treatment, walked out of the hospital all better, only to be arrested immediately as the hospital staff watched (they knew what was going on but wouldn't deny treatment of course).
Just a note, but back when I had absolutely no way to prove who I was, the ER would treat me. This was post 9-11, and the hospital had significantly upgraded their security procedures. ERs have charity care programs, however, for those who cannot pay, and they are [or mine was] retroactive. If you state that you cannot pay upon arriving, they will set up an appointment for you. I don't really see an issue there with ID theft unless someone is deliberately attempting to keep their particular ailment off of their own record. The requirements for these programs [at least here] are relatively loose, but usually last only one year, at which time you must re-file. You may be able to pull it off for minor problems that are put through Fast-Track [but charity care, at least in my state, covers that 100%], but if you go in with heart problems you may wake up 10 hours later handcuffed to your bed after your open-heart surgery.
This leads one to wonder if the DMV when re-issuing a license might notice discrepancies. Eye color goes from blue to brown, hair color, height, weight .. how many changes before someone says "wait"?
That's the beauty of contact lenses [particularly blue to brown--brown to blue not so easy to pull off], hair and weight don't seem like big issues, and depending upon the age of the person, a one or two inch height discrepancy doesn't seem like a big deal. My mother had no problems getting her license--she went when I went--and she's changed her hair colour, weight, and height. If I'd have given her a pair of blue contact lenses, I'd doubt they'd have even noticed. Her previous license had no photo. Though at the NJ DMV, I was able to receive my ID and /bypass/ their "6 point identification system" which requires a certain amount of documents worth a certain number of points, adding up to 6, before you're able to get a license or photo ID. I was also able to do this at the SSA. This was all relatively recently--this month, in fact. All the SSA required was a note from my doctor--who simply wrote everything I told him to write when it came to my description--in lieu of their new post-9/11 requirements. For my birth certificate: I never had to get out of the car. It seems to me that everyone now has to juggle leniency for those who have fallen through the cracks with vigilance for those who are exploiting the system. I spent hours worrying about how I would be able to get my new Social Security Card or meet the DMV's 6 points, and I had absolutely no problem doing either. It was incredibly easy. It seems like this transitioning issue, where they are accommodating people unable to meet the new requirements, might be the easiest point of abuse. nepen _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 207 million compromised records in 634 incidents over 7 years.
Current thread:
- Is it just about credit? Rodney Wise (Apr 29)
- Re: Is it just about credit? (question 1 / health care) security curmudgeon (Apr 29)
- Re: Is it just about credit? (question 1 / health care) nepen (Apr 29)
- Re: Is it just about credit? (question 1 / health care) Rodney Wise (Apr 29)
- Re: Is it just about credit? (question 1 / health care) nepen (Apr 29)
- Re: Is it just about credit? (question 1 / health care) Adam Shostack (Apr 30)
- Message not available
- Re: Is it just about credit? Al Mac (Apr 29)
- Re: Is it just about credit? Chris Walsh (Apr 30)
- Re: Is it just about credit? Al Mac (Apr 29)
- Re: Is it just about credit? (question 1 / health care) security curmudgeon (Apr 29)