cyber-attackWith the recent cyber-attacks that hit Sony and now a large national payer, the reality of our system’s security has definitively taken center stage. It highlights the vulnerabilities that we live under within the electronic age and speed at which information can travel and be shared. So are these recent events a blessing or a curse?

Think a minute about the information that was stolen from the large national payer…

  • Full names
  • Home Address
  • Telephone Number
  • Email Address
  • Date of Birth
  • Member Identification Number
  • Social Security Number
  • Employer Name
  • Employer Address

This data is called Personally Identifiable Information (PII.) PII is protected under a number of anti-identity theft statues and HIPAA/HITECH. There is a new law that is about to be enacted called The Personal Data Notification & Protection Act (PDNPA) that further defines PII and delineates breach notification protocols and the law enforcement entities that have jurisdiction.

Why would this data be targeted?

There a number of reasons.

For the last forty (40) years insurance has been one of the top three ways in which our identities can be stolen either for the criminal’s personal financial gain or to obtain healthcare services for free. Think about it, do you call your insurance company to report a lost or stolen medical identification card? Did you know you should report it and that you can request a new identification number?

There is a black market for insurance member demographics. Last going price for a Medicare ID number as reported by NPR, in their February 13, 2015 report “The Black Market for Stolen Health Care Date” by Aarti Shahani is 22 bitcoins ($4,700.)

The recent cyber-attack on a large national payer, needs to be considered a blessing as it brings to the forefront that our personally identifiable information is sensitive and we as individuals have a responsibility to protect it as we do our credit cards and bank data.

It also reminds those of us in the Healthcare and payment card arenas that we need to do our job to protect the data that we are entrusted to handle. Have you reviewed security policies recently? When was the last time you reviewed your encryption methodologies?

Post Written By Deborah H. Conklin, Corporate Compliance Officer, Ameridial Inc.

Leave Comment