It was announced this past weekend that more than 600,000 people in the US Medicare program may have had personal data, including medical records, exposed through a data breach.
The data was on systems belonging to Maximus Federal Services, a unit of Maximus Inc.
Medicare patients may have had some of their most intimate health information exposed, including medical histories and visit notes, diagnoses, images, and treatments, along with names, dates of birth, contact information, and insurance data, the agency said.
The agency and the company are contacting the 612,000 people affected and intend to offer free credit monitoring services and instructions on how they can replace compromised Medicare cards.
This follows a recent report in KFF Health News by Michelle Andrews that “The American Hospital Association is ‘very concerned’ about foreign-based hacking groups from countries like Russia, China, North Korea, and Iran," said John Riggi, the national adviser for cybersecurity and risk for the American Hospital Association.
Riggi said "The personal information in people’s medical records may be sold in bulk to criminals who create phony providers to submit fraudulent claims on a mass scale that can result in hundreds of millions of dollars in Medicaid, Medicare, or other insurance fraud. Or they may use the information to create fake identities to apply for loans, mortgages, or credit cards.”
“They flee with the money, and the individual is left to deal with it,’” Riggi said.
What can you do to protect yourself? “Consumers should generally monitor the notices and bills they receive from insurers and providers and contact them immediately about anything suspicious.”
Other steps to take:
- Go to the FTC’s identity theft site to learn about the next steps and file an identity theft report, if appropriate.
- If someone has used your name, contact every provider who may have been involved and ask for a copy of your medical records, then report any errors to your medical providers.
- Notify your health plan’s fraud department and send a copy of the FTC identity theft report.
- File free fraud alerts with the three major credit reporting agencies and get free credit reports from them. Consider filing a police report. If your health plan offers free credit or identity theft monitoring following a breach, take advantage of it.
According to Eva Velasquez, president and CEO of the Identity Theft Resource Center, a nonprofit that provides free assistance to victims of identity theft, “It’s best to proceed as if your data has been compromised and will be for sale.” “Don’t be afraid to ask for help.”