BreachExchange mailing list archives

Re: Is it just about credit? (question 1 / health care)

From: "Rodney Wise" <rwise29210 () gmail com>
Date: Sun, 29 Apr 2007 18:51:24 -0400

I guess the basic question is:

As people who are aware of data breeches how can we alert others that is is
NOT just about credit.

Rodney


On 4/29/07, security curmudgeon <jericho () attrition org> wrote:



: Question 1
: Is is just about your credit?
:
: If someone gets you SSN or SIN (Canida) they can do a lot more than get
: cash. If they get medical treatment for ... I don't know ... a heart
: problem of even... HIV do you think you will ever get insurance again?

Hopefully someone in the health care industry can speak up on this but a
few points.

Many (most? all?) hospitals require photo ID for everything now. While we
know that a bad guy can do a full identity theft, including getting a new
license or birth certificate, it does require a dedicated person. They ask
for the photo ID with insurance card, which you'd also have to get issued.
Some hospitals actually train their staff (a full class) on handling photo
ID, recognizing aspects that would be suspicious (birth date, etc) and how
to respond. This has lead to some cases where the person using a stolen
identity recived medical treatment, walked out of the hospital all better,
only to be arrested immediately as the hospital staff watched (they knew
what was going on but wouldn't deny treatment of course).

Some hospitals use computer systems that have routines specifically
designed to flag possible identity theft. Various incidents (most related
to billing I assume) will flag a record with a potential identity theft
marker which is visible to any hospital employee who loads the record.
Employees are trained to act normal and provide treatment but call a
special security number (internal to the hospital) and trained security
staff respond.

This leads one to wonder if the DMV when re-issuing a license might notice
discrepancies. Eye color goes from blue to brown, hair color, height,
weight .. how many changes before someone says "wait"?

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 207 million compromised records in 634 incidents over 7
years.




--
Rodney Wise
http://pplriwse.blogspot.com

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 207 million compromised records in 634 incidents over 7 years.

Current thread:

Is it just about credit? Rodney Wise (Apr 29)
- Re: Is it just about credit? (question 1 / health care) security curmudgeon (Apr 29)
  - Re: Is it just about credit? (question 1 / health care) nepen (Apr 29)
  - Re: Is it just about credit? (question 1 / health care) Rodney Wise (Apr 29)
    - Re: Is it just about credit? (question 1 / health care) nepen (Apr 29)
    - Re: Is it just about credit? (question 1 / health care) Adam Shostack (Apr 30)
- Message not available
  - Re: Is it just about credit? Al Mac (Apr 29)
    - Re: Is it just about credit? Chris Walsh (Apr 30)