An Epidemic of Medical Identity Theft
Within the past few weeks we have seen the hacking of the Affordable Care Act’s HealthCare.gov as well as a massive data breach at Community Health Systems, a hospital chain with medical facilities in 29 states in which the records of 4.5 million patients of Community Health Systems’ hospitals including names, addresses, birth dates and Social Security numbers were stolen
Despite government assurances that the recent hacking of HealthCare.gov did not compromise the security of the personal information of enrollees and the hack was confined to a server that was not supposed to be connected to the Internet, many security experts continue to have doubts about the security of the HealthCare.gov website.
And why wouldn’t they?
In June, Access Health Connecticut, which operates the Affordable Care Act in Connecticut disclosed that a backpack of an employee of Maximus, the company providing call center services for Access Health, containing handwritten personal information on 400 Obamacare enrollees was found left on a Hartford street. The information contained included names, Social Security numbers and birth dates of Connecticut enrollees. And therein lies much of the problem with this large bureaucracy. The Affordable Care Act involves not just multiple government agencies, but numerous private contractors as well. As my grandmother used to say, “I can keep a secret; it’s the people I tell that can’t keep a secret.”
So who are these people?
Unfortunately, in many instances, we don’t know because the Affordable Care Act does not require that Navigators, the employees who enroll applicants undergo criminal background checks. Although some individual states have their own rules requiring background checks of potential Navigators, many do not.
As for Community Health Systems, their computers were hacked by Chinese identity thieves who stole personal information exploiting the infamous Heartbleed security flaw in the Open SSL encryption security technology discovered last April that is used by as many as two-thirds of websites on the Internet.
As much as data breaches at companies such as Target and Home Depot make headlines, according to the Ponemon Institute’s Annual Study on Patient Privacy and Data Security the health care industry accounted for 44% of all data breaches in 2013, the most, by far, of any sector of the economy. In fact, a survey done by the security firm ID Experts found that 90% of health care organizations polled had suffered a data breach during the past two years with 38% having had more than five data breaches during that period. Twice this year, the FBI has warned the health care industry that they are a prime target of hackers and that the industry’s security measures were not adequate to meet the threat.