In today’s digital economy, companies that hold consumer records are under siege from hackers attempting to breach security and illegally access data. Healthcare consumers have to be particularly vigilant, because data breaches are potentially ruinous. If you are wondering how real the risk is, consider that the healthcare analytics company Protenus found that hackers breached almost 32 million patient records in the six months between January and June 2019.

What makes healthcare records so valuable to hackers?

A black market exists for pilfered personal data, and healthcare records can command a hefty price for several reasons:

• Blackmail — A secret illness or disability, once exposed, could damage a person’s career. Employers might hesitate to advance or retain an employee who suffers from conditions such as heart disease, multiple sclerosis, amyotrophic lateral sclerosis, schizophrenia, cystic fibrosis, scleroderma, Parkinson’s disease or Alzheimer’s disease. Criminals see enormous potential for blackmailing patients over their medical and mental health records.
• Identity theft — Personally identifying information in medical records can be sufficient to allow an identity thief to pose as the patient to make credit card purchases, apply for loans, or access bank accounts and clean them out.
• Insurance fraud — This particular area of identity theft allows someone with stolen Medicare, Medicaid or private insurance information to falsely bill for services never rendered or obtain medical services or drugs under the name of the patient victim.

It’s impossible to gauge exactly how much extortion and fraud occurs annually, but estimates are in the tens of billions of dollars.

Steps you can take to prevent healthcare data breaches

Fortunately, there are preventative measures consumers can take to avoid losses due to a security breach:

• Only give information that is absolutely necessary — Healthcare providers often ask for personal information, including Social Security numbers that are required to receive service. Healthcare providers should only request essential information and patients should only provide the information that is absolutely necessary to obtain care.
• Be cautious about healthcare apps — Patients should not hand over identifying information simply because an app prompts them to. Patients need to know how the company plans to use the data and how it intends to protect the data. Read the service provider’s terms and conditions.
• Review insurance statements — Consumers who receive an insurance company statement detailing medical services they didn’t receive should immediately alert the company about the inconsistency which maybe due to error or fraud.
• Limit sharing through social networks — If you are using various social networking platforms, don’t assume that you enjoy any privacy. Personal facts revealed online can provide criminals with enough information to steal your identity. A practiced thief can piece together a detailed profile of you by visiting multiple sites where you’re active.
• Respond quickly — If you suspect your data has been compromised, contact your bank, credit card companies, insurers and any other institution that holds assets in your name. You can also contact the three major credit bureaus to freeze your credit file and set up alerts to prevent the unauthorized creation of new accounts.

With vigilance, you can reduce the risk of thieves getting hold of your medical records and using them for nefarious purposes.