March 26, 2011, 9:36 PM — When most people think of identity theft, it's credit card transaction fraud or perhaps a criminal taking out a car loan or a mortgage in someone else's name. What doesn't always come to mind is someone stealing identity and medical credentials and then using those to obtain needed medical care, or selling those credentials on the underground market.
According to many industry experts, medical identity theft is on the rise because it is profitable, and the increasing use of electronic health records makes more data accessible. Additionally, Credit card numbers and other forms of financial data are losing their market value. "While credit card data will earn a few dollars on the black market, medical and medical insurance account information can sell for hundreds," says Robbie Higgins, VP of security services at IT solution provider GlassHouse Technologies.
Also see: Lessons of ChoicePoint, 6 Years Later
Also, explains, Higgins, while credit cards, banks, and financial services firms have systems highly tuned to spot fraudulent transactions, the same isn't true for health care services. "They're much less mature when it comes to their ability to spot fraudulent transactions," he says.
Jennifer Leuer, general manager of Experian's identification protection service ProtectMyID agrees. "The health care industry is much more fragmented, with dozens of providers potentially being part of a transaction," she says.
That's what makes incidents, like when managed health care services provider Health Net disclosed that 1.9 million customers were notified that server storage containing personal and health data went missing. The drives contained names, addresses, Social Security numbers, financial information and health data of current and former Health Net members, employees and health care providers, according to Health Net's statement on the incident.
Last week, the Ponemon Institute, sponsored by Experian ProtectMyID, released their second annual National Study on Medical Identity Theft. The study concluded that roughly 1.5 million Americans are victims of medical identity theft. And, according to the study, the average cost to resolve a case of medical identity theft is $20,663, up from $20,160 in 2010.
The study surveyed 1,672, and of those, 633 were known to have experienced identity theft directly or through the experience of a close family member.