Stolen personal health insurance information can be used by criminals to obtain expensive medical services, devices and prescription medications, as well as to fraudulently acquire government benefits.

Life has changed radically in the digital age, and while technology has altered everything from how we communicate with the world around us to how we purchase goods, some things never change. For example, we all still need to eat right, sleep and exercise.

Physical health may be top-of-mind, but consumers often fail to recognize the importance of protecting their digital health. Individuals need to take care of themselves in the information age and be mindful of the dangers lurking in cyberspace—most notably identity theft. “Web-driven” or “digital” healthcare is an emerging trend, with hospitals and other healthcare entities rolling out internet services that give patients new ways to manage their health, wellness, and medical affairs online.  These services undoubtedly offer consumers greater convenience, however they also lead to a significantly increased threat of identity fraud.

In fact, recent studies show that medical identity theft is on the rise, with over 2.3 million theft cases reported in 2014, a 22% increase from the year before. Data breaches appear to be the leading cause of these incidents, and the trend is likely to continue with the number of victimized healthcare organizations reaching an all-time high of nearly 400 breaches in 2016, according to the Identity Theft Resource Center.

But shouldn’t the move to digital healthcare have quashed identity theft?

Unfortunately, it hasn’t.

Moving records to a digital system does reduce the risk of physical records theft and allows for better information tracking. However, the combination of ever-increasing amounts of data being stored digitally and brazen, highly sophisticated cybercriminals is proving to be a dangerous mix.  The payout for criminals is likely to ensure that the problem will not be going away anytime soon. The FBI has noted that medical identities are valued at 20 to 50 times more than financial identities on the black market, and unfortunately health system cybersecurity is, like in many other industries, inadequate.

As web-driven consumer healthcare grows, so does the scope of identity theft. Stolen personal health insurance information can be used by criminals to obtain expensive medical services, devices and prescription medications, as well as to fraudulently acquire government benefits like Medicare or Medicaid. Victims of medical identity theft may face severe financial implications as there are currently no legal or regulatory consumer protections in place that limit the financial liabilities for this specific type of fraud.

According to the Medical Identity Fraud Alliance (MIFA), out-of-pocket cost to victims is $13,500 on average, and since medical identity fraud usually takes longer to detect than other types of fraud, people often don’t realize they have been victimized until a collection agency starts calling or the default appears on credit reports.

With the rise of breaches and medical identity theft, it is critical that health organizations implement cybersecurity best practices.

Besides the financial and emotional damage, other issues stemming from medical identity fraud could prove to be even more disastrous. Victims could be denied health insurance or benefits based on the fraud. The theft could even prove deadly if another person’s information is mixed with the victim’s own legitimate records, leading to misdiagnosis and mistreatment.

With the rise of breaches and medical identity theft, it is critical that health organizations implement cybersecurity best practices, including training their employees on identifying theft attempts and data protection processes. Often, organizations spend significant time and money on technology safeguards but neglect to address the biggest potential vulnerability—their employees.

The best security technology in the world cannot help healthcare providers unless employees understand their roles and responsibilities in safeguarding sensitive data and protecting company resources. This involves putting practices and policies in place that enable workers to identify and avoid risks.

As the number and frequency of data breaches increases exponentially—2017 is on track to reach over 1,000 reported breaches according to the Identity Theft Resource Center—it is important for health organizations to take preventative steps to help mitigate the fallout if they do fall victim to such a breach. Consumers also must take a proactive stance, and take steps to protect their digital assets to reduce the likelihood of falling victim to medical identity fraud.


Identity theft protection with full-service medical identity theft safeguards is one of the most effective mechanisms for providers and consumers alike. These platforms should include services that address prevention, monitoring, alerts and resolution—all critical elements of identity protection best practice.

  • Prevention defends personal information and enhances privacy while online. Features should include services such as online data protection that guards against cybercriminal including keylogging and phishing.
  • Monitoring tracks identity risk level and spots fraud early. These services include credit monitoring, reports and scores, as well as identity monitoring, which detects fraud at its inception by searching for compromised credentials and potentially damaging use of personal information.
  • Alerts provide detailed notifications of suspicious activity, including changes to credit profiles, compromised credentials and black market activity.
  • Resolution addresses and repairs problems. Such services include access to certified identity theft resolution experts, affidavit submission, creditor notifications, and communication with law enforcement.

While today’s cyberworld is fraught with danger, there are steps that healthcare providers and consumers can take to manage the challenges of web-driven consumer healthcare. Simple tactics such as creating stronger passwords and updating computer operating systems, to more comprehensive medical identity protection platforms, can be effective tools in the continued fight against medical fraud.

The increasing risk of identity fraud stemming from web-driven consumer healthcare falls against the backdrop of the Trump Administration’s plan to review all U.S. cyber defenses and vulnerabilities, for both the government and private sector.  While some predict that President Trump will not advocate for stricter cybersecurity regulations based on his pro-business positions, others suggest that the president may support or even champion legislation that would require businesses to share highly-sensitive customer data with the federal government. Such legislation, especially if left unclear or developed without adequate understanding of the cyber threat landscape, has the potential to hurt businesses and consumers more than protect them.

Only time will tell what type of impact legislation will have in the fight against medical identity theft. But one thing is certain: identity theft and medical identity fraud will be long-term problems. Businesses and consumers that recognize the problem and take a proactive stance against it are likely to benefit. Those who disregard the dangers are putting their personal and financial health at risk.


Paige Schaffer is president and chief operating officer, Generali Global Assistance’s Identity and Digital Protection Services Global Unit.