Your medical records hold valuable information for your doctor, but they can be worth pure cash in the hands of hackers.
“The black market’s huge for this,” hacking expert Jim Stickley said. “A typical medical record will sell for about $50 per record. Compare that to a Social Security number, which sells for about $25, or a credit card number, which sells for about $10.”
Hackers can grab your social security and credit card numbers from non-secure websites, which is why The Federal Trade Commission advises consumers to be careful about who you disclose your information to.
Although your medical records are worth more than your social security or credit card numbers, Stickley said you can’t do much to protect yourself from hackers stealing that data from your healthcare provider.
“It all comes down to mistakes,” Stickley said. “In the olden days, you had all these medical records that were put online and the technology for security wasn’t being kept up with it. So you had people throwing everything online and security was an afterthought.”
Stickley said that even today, some medical facilities throw paper medical records away without shredding them.
But who’s buying?
The clientele pool for stolen medical records is large and includes identity thieves as well as scammers who will try to extort cash from victims.
“If I can go and have an operation, and I have your medical records, I can become you,” Stickley said. “Well now I can go to whatever your insurance is, go get my operation. When the bill comes due, it’s going to you, not me, and you’re going to owe money.”
According to the Identity Theft Resource Center, one third of medical identity fraud victims had to pay for a procedure they never had. The average cost for this group of people was $18,000.
“It’s much more difficult to prove you weren’t involved in that medical procedure,” Stickley said. “As far as the doctors are concerned, you had that operation and you’re going to pay for that operation. Keep in mind, the laws aren’t the same for identity theft versus medical identity theft.”
To protect yourself, Stickley suggests consumers keep an eye on their credit score.
You should also periodically receive notices from your insurance company stating the recent procedures you’ve had done. Although the envelope might seem unsuspecting, Stickley advises you make sure everything fits accordingly.
“Open it up and look,” Stickley said. “Make sure that what you’ve done is what you’ve done. If it says you just had your appendix removed and you didn’t really have your appendix removed, you want to call right away.