investigate the break-in.
Thieves who gain access to this type of data can use it for a variety of fraudulent purposes, including obtaining credit cards, lines of credit and false identification cards.
Health data like diagnoses, medical service codes and insurance information can be used for much larger fraud schemes involving insurers like Medicare and Medicaid, said Ryan Kalember, chief product officer at WatchDox Inc., a Palo Alto, Calif.-based software company that makes data security products.
Criminals can set up fake provider identifications and fraudulently bill insurance companies or the government for services never rendered.
"Having someone's insurance information is critical, but having their (personal health information) itself is very useful in order to make the fraud more convincing," Kalember said. "These are much more sophisticated operations that can net much better dollars, and in many cases it's paid for by us as taxpayers."
There are also, of course, privacy implications.
"If you can find out the health condition of a politician or a CEO, whether he has HIV, diabetes or terminal cancer, you can commit a totally different type of fraud," including blackmail and extortion, said Will Hinde, director of health care strategy and solutions at West Monroe Partners LLC, a Chicago-based consulting firm. "And once that information is out, it's out. You can cancel your credit card and get a new one, but you can't trade in your body."
(EDITORS: STORY CAN END HERE)
Since Health and Human Services began tracking and investigating health-related data breaches in late 2009, there have been at least 660 reported breaches that each involve more than 500 individuals. With the Advocate case included, personal and health data of about 27 million people has been put at risk, according to agency data.
The largest breach occurred in September 2011, when the vendor that operates Tricare, the health program for U.S. military members and their dependents, lost data on 4.9 million patients when backup tapes were stolen from an employee's car. The Health and Human Services department has not completed its investigation in that case.
A more recent settlement involving Blue Cross Blue Shield of Tennessee draws similarities to the Advocate case. In March, the insurer agreed to pay $1.5 million in fines to settle potential privacy and security violations after 57 unencrypted computer hard drives were stolen.
Advocate went public with the latest breach Aug. 23, 39 days after it uncovered the computer theft. While some patients have decried the delay, under the law the company had 60 days to report the incident.
In response to the breach, Advocate is offering a free year of credit monitoring services to those whose information may have been exposed. It also set up a website and a call center, which is handling about 2,000 calls a day, Golson said. In response to the high volume, Advocate has increased its call center staffing by about 30 percent.
"Our primary focus is on offering all (patients) resources to answer their questions and tools to protect their personal information," Golson said. "We do not believe the data was targeted, and we have no information that leads us to believe that (it) has been misused."
(c)2013 Chicago Tribune
Visit the Chicago Tribune at www.chicagotribune.com
Distributed by MCT Information Services
KeyWords:: BC-ADVOCATE-DATA:TB BC ADVOCATE DATA TB
Most Popular Stories
- Apple Wants Samsung to Pay $22M for Patent Dispute Legal Bills
- Twitter Coming to Phones Without Internet
- NASA Fellowships, Scholarships Bring Diversity to Workforce
- Dish Network Leads 2013 Top 50 Advertisers List
- Networks Vie for U.S. Hispanic TV Viewers
- Ad Counts Rise in 2013 for Hispanic Magazines
- Entravision Initiates Quarterly Cash Dividend
- Jobs Report Brings Cheer As Unemployment Drops to Five-year Low
- Starbucks Gets Grinchy; No Gingerbread Lattes for Tampa Customers
- Warner Bros. Unleashes 'Hobbit: Desolation of Smaug' Merchandise