Medical Identity Theft: A Modern Day Plague

When you read an account of the devastating “Black Death” Plague that spread across Europe and Asia in Medieval times, it’s impossible not to be awed by the statistics.  In just five years, one-third of Europe’s population, 25 million people, were dead.  It hit so fast and so unexpectedly that people were unable to protect themselves.  As one writer summarized, “A terrible killer was loose across Europe, and medieval medicine had nothing to combat it.”

While experiencing medical identity theft isn’t always as devastating as dying from the plague, it’s easy to draw some parallels.

  • Both affect people in such a way that they are completely unaware of it until it is often too late? Check.
  • It can spread unexpectedly fast? Check.
  • The victims are not limited to one group, whether by country, age, race, or socioeconomic class? Check.
  • People can die as a result of itCheck!

I don’t mean to get too melodramatic, but this topic is on my mind today because of the results of recent reports using data gathered by the Ponemon Institute in which they revealed some equally incredible statistics:

  • Nearly 43% of all record breaches in personal information in 2014 involved health records. (That’s more than those involved with banking and finance, education, the government and the military AND THIS WAS BEFORE THE ANTHEM BREACH!)
  • Since the U.S. Department of Health and Human Services started keeping records in 2009, the medical records of 27.8 – 67.7 million people have been breached.
  • Of those, there are an estimated 2.32 million Americans who have become victims of medical identity theft. Again, those statistics were compiled before the Anthem data breach, which may affect as many as 80 million more!
  • Cyber attacks on health care providers have doubled since 2010.

Medical ID theft is the fraudulent acquisition of someone’s personal information–name, Social Security number, health insurance number– for the purpose of illegally obtaining medical services or devices, insurance reimbursements or prescription drugs.

Understanding the importance of medical identity theft can not be over-emphasized.  Some important reasons:

  • The information taken in a health care breach is non-alterable (you can’t change your Social Security number or birth date) and is therefore valuable forever on the black market.
  • It can be significantly more expensive to recover from a medical data breach.  Unlike credit card fraud, which has a liability limit of $50, the Ponemon study suggests that 65% of medical identity theft victims had to pay an average of $13,500 to resolve the crime.
  • In addition to the cost, it took victims more than a year to successfully dispute the charges, clear up their medical records, and repair the damage to their credit.
  • When your credit card is stolen, you are notified quickly of suspicious activity.  Healthcare providers may not even know about your information being used, let alone advise you about suspicious activity.  On average, it takes up to three months for medical identity theft victims to learn of fraudulent activity.

I’ve addressed this topic before so rather than repeat myself as to the methodology of the criminals and how to be preventative, I’ll send you back to a Burning Questions episode I did back when the last survey was released.

If you don’t think it’s important to be well-informed on this topic, consider the words of James Pyles, a Washington, D.C. lawyer who has dealt with health issues for more than 40 years: “It’s almost impossible to clear up a medical record once medical identity theft has occurred.  If someone is getting false information into your file, theirs gets laced with yours, and it’s impossible to segregate what information is about you and what is about them.”

For now, medical identity theft is a plague with no readily available cure. It will take legislation, technological leverage and a lot more attention on the part of health providers to eliminate this nasty virus.

John Sileo is an an award-winning author and keynote speaker on keeping your organization from becoming the next data breach headline. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

3 Key Protections for Anthem Breach Victims


What’s the Anthem breach?

  • More than 80 million patient records were stolen out of Anthem’s servers.
  • If you are an Anthem, Blue Cross or Blue Shield customer, now or in the past, you are probably affected by the breach.
  • The data stolen included at least Social Security numbers, birthdates, addresses, email addresses and employment information.
  • Not included in the breach (or at least disclosed as being part) were credit card numbers or medical data.

Why is the Anthem breach so serious?

  • When breach includes so much data on each victim, especially your Social Security number, it makes it fairly easy for cyber criminals and identity thieves to create new accounts in your name or takeover existing financial accounts. In other words, they can bank as you, borrow as you and pose as you in order to financially exploit you.
  • The loss of medical ID can be devastating, as criminals can potentially cash out your medical benefits, append your medical records with dangerous information (e.g., a different blood type) or apply for loans or services in your name.

What STEPS SHOULD I TAKE RIGHT NOW to protect myself?

1. Monitor the breach and take advantage of the two years of ID theft monitoring they are providing at

2. Monitor your credit reports for free on

3. Freeze your credit to keep criminals from taking advantage of your buying power. This is the most powerful step you can take, but it does make it slightly less convenient when you apply for new credit.

4. Call all financial institutions you work with and have them put a “phone-password” on your account so that the thieves can’t simply use your SSN to gain access.

5. Turn on Two-Factor Authentication on all financial accounts to further protect your account.

6. Monitor your financial accounts and health insurance Explanation of Benefits (EOB) for transactions you don’t recognize. Alert the provider if you suspect foul play.

John Sileo delivers keynote speeches designed to make security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact The Sileo Group directly on 800.258.8076.

Anthem Phishing