BreachExchange mailing list archives

Re: Is it just about credit? (question 1 / health care)

From: security curmudgeon <jericho () attrition org>
Date: Sun, 29 Apr 2007 17:39:20 +0000 (UTC)


: Question 1
: Is is just about your credit?
: 
: If someone gets you SSN or SIN (Canida) they can do a lot more than get 
: cash. If they get medical treatment for ... I don't know ... a heart 
: problem of even... HIV do you think you will ever get insurance again?

Hopefully someone in the health care industry can speak up on this but a 
few points.

Many (most? all?) hospitals require photo ID for everything now. While we 
know that a bad guy can do a full identity theft, including getting a new 
license or birth certificate, it does require a dedicated person. They ask 
for the photo ID with insurance card, which you'd also have to get issued. 
Some hospitals actually train their staff (a full class) on handling photo 
ID, recognizing aspects that would be suspicious (birth date, etc) and how 
to respond. This has lead to some cases where the person using a stolen 
identity recived medical treatment, walked out of the hospital all better, 
only to be arrested immediately as the hospital staff watched (they knew 
what was going on but wouldn't deny treatment of course).

Some hospitals use computer systems that have routines specifically 
designed to flag possible identity theft. Various incidents (most related 
to billing I assume) will flag a record with a potential identity theft 
marker which is visible to any hospital employee who loads the record. 
Employees are trained to act normal and provide treatment but call a 
special security number (internal to the hospital) and trained security 
staff respond.

This leads one to wonder if the DMV when re-issuing a license might notice 
discrepancies. Eye color goes from blue to brown, hair color, height, 
weight .. how many changes before someone says "wait"?

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 207 million compromised records in 634 incidents over 7 years.

Current thread:

Is it just about credit? Rodney Wise (Apr 29)
- Re: Is it just about credit? (question 1 / health care) security curmudgeon (Apr 29)
  - Re: Is it just about credit? (question 1 / health care) nepen (Apr 29)
  - Re: Is it just about credit? (question 1 / health care) Rodney Wise (Apr 29)
    - Re: Is it just about credit? (question 1 / health care) nepen (Apr 29)
    - Re: Is it just about credit? (question 1 / health care) Adam Shostack (Apr 30)
- Message not available
  - Re: Is it just about credit? Al Mac (Apr 29)
    - Re: Is it just about credit? Chris Walsh (Apr 30)