A recent data breach that compromised information on 1.2 million Cook County Health Department and hospital system patients was not a typical breach, experts say.
The breach occurred between March and May of this year and exposed patient names, social security numbers, and personal medical information. That personal medical information could be used against you in very malicious and surprising ways.
Experts said medical information is worth 10 times more than stolen credit card numbers on the dark web, and the fallout could last for years.
If you’re one of the patients who received a letter in the mail saying your information has been compromised in a data breach, here’s what you need to know.
Security experts at Binary Defense say there are two main types of scams specific to medical information.
medical blackmail
The first is extortion. Scammers actually blackmail you based on your medical history, medications, or diagnosis.
“We sometimes see this when it comes to mental health and mental health issues, where the attacker says, “Hey, I know your diagnosis is x, y, and z. Unless you want your wishes…to inform your employer that you have been diagnosed with this disease, you are potentially doing something that could cross the line.” said Jake Aurant, a member of Binary Defense’s counterintelligence team.
Fake medical bills and collection calls
Another scam involves fake medical bills. Scammers may know all of your medical history, so they know what services you’ve used and can be very convincing if they call you to collect your money. There is a possibility.
“They may contact you by phone or email and disguise or fraudulently create a medical bill to try to get someone to pay. So they say, ‘Hey, this isn’t being paid. ‘And if there’s a diagnosis.’ Or if medical bills are stolen, they’re trying to get people to send money to the wrong account. [scammer] Then you can receive that money,” Aurant said.
You may not receive these fake bills or blackmail attempts today, tomorrow, or even this year. Experts say these scammers are playing the long game. And it could be years before someone tries to use this leaked medical information to commit fraud or extortion.
how to protect yourself
Set up credit monitoring so you are at least aware if someone is using your information to apply for a loan or credit card.
The Cook County Health Department said it is offering patients whose Social Security numbers may have been affected the opportunity to enroll in credit monitoring and privacy services for free. Patients who may be affected and would like more information should call 888-867-3881.
Additionally, be especially wary of calls or emails requesting payment from someone claiming to be affiliated with your hospital or health care provider. Take it a step further and check if you have a bill and how much it is.
Experian offers the following advice to patients after a healthcare data breach:
You can check your credit report from the three major credit bureaus every 12 months at annualcreditreport.com. You can also get a free copy of his Experian credit report on his website at Experian. You also have the right to place a fraud alert or credit freeze on your account to prevent or warn you if someone attempts to open an account in your name.
You should also be aware of activity in health financial accounts, such as health savings accounts and flexible spending accounts, where once hackers obtain your personal information, they can withdraw your money.
How to get things back on track after a medical breach
If you discover your medical information has been stolen, here are three steps you can take to protect yourself and limit the damage.
1. Gather documents and submit a report
2. Collect copies of current medical records
Obtain up-to-date copies of all your medical records from your doctor, all other health care providers, your health insurance company, and any family members who may be affected. Look through the report and look for any treatments, procedures, or prescriptions that are not allowed for you or your family.
In some cases, the scammer may max out your benefits for the year or do something else that could jeopardize your coverage or treatment eligibility.
Make sure all your personal information is correct, from your mailing and billing address to your blood type. If your medical records have been altered to reflect treatment to imposters, false allergic reactions to some medications, chronic conditions such as diabetes, conflicting medication lists, and even incorrect blood type listings, etc. , may contain dangerous errors. If you are rushed to the hospital after an accident, such false information can lead to dangerous or even fatal medical errors.
This can be time-consuming and frustrating, but according to the federal government, the best way to do this is to ensure that each doctor, clinic, hospital, pharmacy, lab, health insurance, and thief uses your information. Is to tackle a complete list of sexual places. Board of Trade. If the thief obtained treatment or prescriptions in your name, request records from your health care provider or pharmacy where the prescription may have been filled.
If your health care provider refuses to provide your records due to concerns about the identity thief’s medical privacy, you have a right to appeal under federal law. According to the FTC, you should contact the person listed in the provider’s Notice of Privacy Practices, the provider’s patient representative, or its ombudsman. If he is unable to obtain the records within 30 days of your written request, contact the U.S. Department of Health and Human Services Office for Civil Rights by calling (800) 368-1019 or emailing ocrmail@hhs.gov. can do.
Additionally, federal law allows you to obtain one free copy of your accounting information from each health care provider every 12 months. This is a record of the person who received your medical information from that health care provider. Request a copy of the “Accounting of Disclosures” from each health plan and provider. This explains who received your medical information, what was sent, why and when it was distributed.
Obtaining copies of your medical records may be expensive. Each state’s medical privacy laws may make it easier to obtain your records.
3. Request correction
After reviewing your health record, report any incorrect information and request corrections in writing. You can copy records, highlight or circle incorrect entries for deletion, and write out additions and corrections. Make copies of everything you send, keep the originals, and keep track of when, where, and what you send.
Ask your provider to correct or remove each error. Send your letter by certified mail and ask for a “return receipt” so the plan or provider can verify what was received. Please include a copy of the police report and identity theft report filed with the FTC.
Your health care provider should correct your records and alert any laboratories or other health care providers who may have received the incorrect information. The FTC advises that if your health care provider does not make a correction, you should ask them to include a statement of objection and correction in your medical record.
Once you have your medical records, keep a clean, corrected set on file and update it each time you receive other treatments or procedures to ensure you have an accurate and complete set of your own.