Data breaches need not be launched maliciously in order to be very troublesome, as was the case involving about 3,700 Medicare Advantage members. Freedom Blue and Security Blue members received risk assessment results that actually belonged to other individuals. The addresses, birthdates, member ID numbers and medical information of some members ended up in the hands of other members.
And how? An innocent mistake committed by a mailroom employee. Though there was no evidence of malicious use of this personal information, it just goes to show you how easily a person’s private information can end up in a stranger’s hands. Imagine receiving a stranger’s medical information in your mailbox. It would make you think twice about trusting the company with your personal information in the future.
Members were notified of this error after the insurer spent a month exploring how it happened. Though the unintended recipients received information about other members’ scores on mood tests, medications and results of frailty tests, at least the Social Security numbers weren’t revealed.
If a breach affects more than 500 people, law requires that the health industry alert the Health and Human Services Department, which will then launch an investigation. The affected consumers, and local news outlets, are also required to be notified.
Highmark Inc., the health insurance company whose members were affected by the mailroom breach, changed the member ID numbers of the affected members or those who might have been affected. Sixty-three members received forms pertaining to other people, and 233 never received a mailing, suggesting that their forms possibly went to other members.
As for the bumbling employee, that person was fired. The other employees are being retrained, and Highmark will implement a bar code system on all mailings, which is one proper way to track breach notification letter mailings to ensure the right pieces of mail end up in the right hands and avoid over-stuffing or mis-stuffing of envelopes..
Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Insurance Company fined BIG for Breach
Why would an insurance company be fined for a data breach? There was a security breach at Triple-S Salud, Inc. (TSS), which is a subsidiary of Triple-S Management GTS. The Puerto Rico Health Insurance Administration plans on imposing a $6.8 million fine on TSS. The breach involved 13,336 of TSS’s Dual Eligible Medicare beneficiaries. The penalty includes
- Health Care Information Breaches rise
Medical errors can also mean medical identity theft—accounting for 43 percent of all 2013 identity theft in the U.S., says the Identity Theft Resource Center. Medical identity theft kicks other forms of ID theft to the curb: banking, finance, government, military and education. Fraudsters invade health data to illegally obtain prescription drugs, services or devices and
- Medical Identity Theft Protection And Prevention
Identity theft can be fatal to the victim — if it’s of the medical kind. Medical ID theft can result in getting the wrong blood type during a transfusion, the wrong diagnosis or the wrong prescription — all because the thief’s medical history gets integrated with the victim’s. I hope you’re scared, because that’s my goal. Up
- Credit Card Data Breaches Cost Big Bucks
Javelin Strategy & Research estimates that credit and debit card issuers spent $252.7 million in 2009 replacing more than 70 million cards compromised by data breaches. In 2009, an estimated 39 million debit cards and 33.3 million credit cards were reissued due to data breaches, for a total of 72.2 million. An estimated 20% of those
- Healthcare Data under Attack
Crooks want your health information. Why? It’s called medical identity theft, and it’s not going away too soon. In fact, the ACA (Affordable Care Act) has only fueled the situation, says the Ponemon Institute, a security research firm. This latest of Ponemon’s four annual Patient Privacy and Data Security studies reveals that sloppy behavior, like losing a