BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Medical identity theft on the rise

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 18 Nov 2013 00:03:16 -0700
http://www.wwlp.com/news/i-team/i-team-medical-identity-theft-on-the-rise

Identity theft can be scary in any form but there's one type on the rise
that can have deadly consequences.

People are actually selling your medical records online which can be
dangerous if they end up in the wrong hands.

The 22News I-Team did an experiment and found we didn't have to pay any
money at all to find out names of people in Massachusetts who are
diabetics, the number of times a day they need medication, who their doctor
is and where they live.

You'd like to think that those closed-door meetings with your doctor stay
between you two, but as more hospitals and doctors' offices put their
records online, it's becoming easier for people to access them.

Springfield consumer advocate Milagros Johnson says medical identity theft
is getting worse and a 22News I-Team investigation reveals just how easy it
is to get information.

We discovered websites that sell patient information. They appear to target
medical supply companies, but there's nothing stopping the general public
from accessing the information as well.

The 22News I-Team e-mailed the company to ask what they could offer and for
how much. They gave a list of prices but also supplied us with free
samples: samples of names and personal information.

For no money at all, we were able to get the names of hundreds of patients,
their home address and number, names of their doctors, how often they take
medication, etc. Some of these people are right here in Western Mass.

Computer experts at Western New England University say once you have the
private information we obtained, it only gets easier to get more.

“Any property records, criminal records, bankruptcy, liens, any judgment or
lawsuit information,” said Kevin Gorman.

Milagros Johnson says if someone takes over your identity it can have major
financial, or worse, health implications.

“If, God forbid, I ever need some type of medical care, that person’s blood
type is on my medical record,” said Johnson. “Don't tell me that's not
going to be a risk to my health. So it's putting us at huge risks. Our
health could be jeopardized, it could be a matter of life and death.”

There are things you can do. Never give out personal information over the
phone. You can also ask your health insurer to send you a list of recent
expenditures to ensure you're only paying for services you have received

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Previous By Date Next
Previous By Thread Next

Current thread: