Cybersecurity concerns surrounding healthcare organizations and hospitals have been brewing at the same time the novel coronavirus (COVID-19) has spread around the world. In fact, warnings from the FBI and Interpol indicate that hospitals are a target for a wide-range of cyber-attacks, from having medical records exposed to attacks that may involve ransomware — software built as a decoy to lock down a computer system until the ransom is paid. This happened on May 5th, 2020, when a reported ransomware attack on the Fresenius Group, a global healthcare company and one of the largest dialysis equipment providers in the U.S., impacted the company’s operations around the world. These attacks can not only cripple healthcare and hospital operations, but hackers and scammers can also put sensitive personal medical information at high risk of fraud.
With the increased exposure of scams, hacks, and security incidents due to the COVID-19 pandemic, the U.S. Department of Homeland Security (DHS) recently issued a joint statement warning of continued exploitation by bad actors. According to DHS, “APT [Advanced Persistent Threat] actors are actively targeting organizations involved in both national and international COVID-19 responses. These organizations include healthcare bodies, pharmaceutical companies, academia, medical research organizations, and local governments.” The warning goes on to explain, “APT actors frequently target organizations in order to collect bulk personal information, intellectual property, and intelligence that aligns with national priorities.”
Unfortunately, the exploitation trends of personal healthcare information we are seeing indicate that 2020 will be a year of another significant increase in medical data-oriented attacks, putting patients’ and employees’ Personally Identifiable Information (PII) and medical records at risk — including names, dates of birth, addresses, Social Security numbers, medical and treatment history, health insurance, and bank account information. This sensitive data may be held for ransom by cybercriminals, or sold on the Dark Web where it can be used to perpetrate various forms of identity theft, including medical identity theft.
Scammers are Targeting Your Medical Information
When cybercriminals aren’t hacking into organizations to access a deluge of individual records, they are busy crafting new scams to target individuals for their money personal information. Fraudsters are exploiting the fears of individuals related to the coronavirus outbreak to steal the personal, financial, and medical information of those looking for knowledge, protection, and treatment for the viral infection. As of May 5th, the Federal Trade Commission (FTC) has recognized over 36,000 scam reports that relate to the coronavirus, with COVID-19 scam victims losing more than $24 million since January 1, 2020.
Remain vigilant of the following coronavirus scams targeting your information:
- Too-Good-to-be-True Travel deals
- Offers for COVID-19 related grants or economic impact payments
- Fake investment and charitable organizations
- Phony home inspectors from the CDC
- Sham sellers of coronavirus testing kits, protection, and vaccines
- Bogus offers for hard to obtain household supplies
- Offering to help run errands
- “You’ve been in contact with a victim of COVID-19” text message
- Fake job posting
- Imposter family members
The Toll of Medical Identity Theft
If your personal information is left unprotected through a data breach, cyber-attack, or a scam, especially your Social Security number or health insurance information, you become vulnerable to medical identity theft — that is, when someone steals your personal information to receive free medical care, goods, or prescription drugs. Pediatric offices full of children’s medical records are particularly attractive to identity thieves, posing a life-long threat of synthetic identity theft for those exposed in a data breach.
Here are six signs that you may be a victim of medical identity theft:
- You were denied health insurance benefits.
- You were notified that your medical benefits had exceeded the yearly limit.
- You had prescriptions obtained in your name that were not for you.
- You discovered another person’s information in your medical file/records.
- You had your insurance company contact or bill you for unknown treatment.
- You had a medical provider; billing department or collection agency bill you for services never received.
You may not be able to keep organizations from being breached and exposing your personal information, but you can limit your risks and protect yourself and your family after a data security incident.
Four Tips to Protect Your Medical Identity
- Never share personal information through unsolicited phone calls. Remind your loved ones that they should never give personal, financial, or medical information over the phone.
- Keep Important Document Secure. Store copies of medical records and insurance cards in a secure place. Never provide medical information over the phone or by email and always shred outdated information.
- Monitor Your Insurance Benefits: Once a year you should request a list of benefits paid under your policy from your insurer.
- Monitor Your Credit Report: Unpaid medical bills could affect your credit.
Continue following Fighting Identity Crimes for the latest breach and scam updates, ID protection news and tips from our industry experts.
Follow us on social!
The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.