Identity thieves aren't only interested in your banking information and credit card numbers. Health forms can be a goldmine of personal information, including social security numbers, contact information and insurance data. Hackers use that information to commit medical billing fraud and personal identity theft or to buy pricey medical products that they're then able to resell.
Given the huge potential payoff, the rise in medical data theft is unsurprising. Yet the statistics are still staggering. Over the past three years, healthcare has been the most common area for data breaches, accounting for more than 40 percent of all such activity, according to a study by the Identity Theft Resource Center. Medical identity theft surged by about 20 percent between 2013 and 2014, hitting an all-time high last year, the report found.
"While not all breaches will result in identity theft or other crimes, the fact that information is consistently being compromised increases the odds that individuals will have to deal with the fall out," Eva Velasquez, president and CEO of the resource center, said in a statement.
Keeping your data safe doesn't mean opting out of healthcare altogether. Instead, adopt some smart strategies to shore up your safety and minimize your risk.
1. Be wary of phone requests
It's impossible to know whether the person on the other end of the phone is truly calling from the hospital billing department or doctor's office or is actually a savvy hacker trying to ferret out more of your health information. When Anthem suffered a data breach of its health insurance files earlier this year, the company warned that many patients were receiving phishing phone calls from people falsely claiming to be Anthem employees, CBS reported.
The easiest way to avoid accidentally giving your guarded health data over to a hacker is to decline any phone requests for information. If the representative says that the information is urgent and needed, tell them that you'll call the hospital or doctor's office directly. Initiating the call is one way to better ensure that you're speaking with the right person. If the caller offers you a phone number, don't take it. Instead, look up the phone number on the doctor's website or in your address book to make sure you're not simply ringing the hacker's number.
2. Talk to your doctor about a patient portal
Sharing information and questions easily and quickly with your doctor is one benefit of modern technology. But that doesn't mean all forms of communication are equal when it comes to data security. Talk to your doctor about whether the office uses a secure patient portal for communicating between visits. Patient portals typically use advanced security measures that go far beyond your standard email, which means they're more resistant to a data breach. Keep in mind, too, that communicating by text message is one of the least secure modes available, and you should refrain from ever sharing personal or medical data by text.
If your doctor's office does have a patient portal in place, sign up so that you can access your medical records and talk to your doctor with peace of mind that you're not compromising your data security. You may be able to create proxy accounts to access family members' accounts, so you can keep communication about your kids secure as well.
3. Store your medical data securely
Just as you wouldn't leave your credit card statements lying around, medical files shouldn't be left unprotected. Electronic health records offer some of the strongest security possible, because you can encrypt that data. That means even if those files fall into the wrong hands, the information inside is safeguarded. There's no reason to have both paper and electronic files, so opt for one or the other, Consumer Reports recommends. If you're still using paper files, or have your data on a thumb drive, make sure that they're under lock and key in a closed filing cabinet. Shred any physical files before you discard them as well.
4. Change your passwords periodically
Using the same password on everything from email to your personal health record can be disastrous. If a hacker is able to obtain your password, that means every bit of your digital life is up for grabs. Instead, create unique passwords for every health account you have, including Internet-enabled devices, like an activity monitor or smart scale. For the strongest security, don't just simply set the passwords and forget about them, either. Create periodic reminders to change your password for each account to minimize the possibility of a breach.
5. Review your statements
It might be tempting to let that stack of mail from the insurance company pile up, but that may mean you miss a red flag. Scan your statements periodically to make sure you're not being charged for pricey medical equipment or procedures that you didn't receive. Both could be a sign that your data has been compromised and hackers are using the info to bilk your insurance company out of money. If you do spot suspicious activity, alert your insurance company right away. You'll also want to contact your doctor's office so they can be on high alert to future charges that look suspect.