FORT WORTH (CBSDFW.COM) – The coronavirus pandemic presents a greater threat for medical identity theft as patients interact with the health care system, security experts say.
“Companies across the board are more susceptible to theft of personal information during this pandemic because the attackers know they can take advantage of this situation,” said Randy Pargman, a former senior computer scientist with the Federal Bureau of Investigation.
Pargman, who now works as Senior Director of Threat Hunting and Intelligence at Binary Defense, said patient files are rife with personal data ranging from social security numbers to insurance information.
“That opens a whole new avenue of fraud and means someone who steals that identity can actually get an expensive medical procedure done and charge it to a victim’s insurance account,” Pargman said.
When it comes to privacy protection, not all providers are created equal.
Even as more officers digitize their files, providers are not required to encrypt patient data, according to Jeff Drummond, who serves as outside counsel for the Texas Medical Association.
“The vast majority do use encryption, but they’re not technically required to do so,” Drummond said. “There are new participants in the market who don’t understand what the risks are from the provider side.”
Here are tips on how consumers can protect themselves from medical identity theft:
-Question whether you need to disclose certain information: When making an initial appointment with a new provider, you may be asked to provide a range of personal information. Ask whether it is necessary to provide sensitive information, such as your social security number, email address or phone number. Providers may allow patients to opt out of giving certain details.
-Ensure online portals are secure: Using online provider portals is preferable to simply texting or emailing providers your specific patient information. But make sure the portal is secure by checking for the lock in the top search bar, accompanied by the letters ‘h-t-t-p-s’.
-Ask providers to delete your medical records: Once you are no longer a patient, ask the office to erase your records from their database or destroy paper records.
The Federal Trade Commission states patients who believe their medical information has been compromised should contact their health plan, monitor their credit reports and other accounts, and file a complaint.