Identity theft in healthcare: Why the industry is losing the battle

Healthcare's efforts to prevent identity theft are not on par with other industries' efforts, according to a Fortune article.

With an ever-growing number of breaches, cyber criminals are becoming more sophisticated, and yet the healthcare industry still struggles to keep up.

"Essentially, criminals have come to understand that using your medical credentials--your name, Social Security Number and health insurance numbers--to order goods and services that are never delivered and to bill organizations like Medicare and Medicaid, those activities are more profitable than drugs, prostitution, and other crimes they may pursue," Rick Kam, president and co-founder of ID Experts, says in the article.

The annual cost of medical fraud in the U.S. is estimated at $80 billion to $230 billion. The potential cost from the Community Health Systems breach, which exposed 4.5 million patients' data in 29 states, is incalculable.

Yet, while consumers have recourse in the financial world when their information is stolen, that is not so with healthcare.

One problem is that healthcare industries want to keep breaches close to the vest, according to the article.

"The financial services companies realize that to fight financial fraud they have to be less secretive and share more information with each other," Ann Patterson, senior vice president and program director for the Medical Identity Fraud Alliance, tells Fortune. "But in the healthcare world, that doesn't exist, and even when talking with law enforcement, what they consider medical theft or a breach is different."

And Larry Ponemon, chairman and founder of the Ponemon Institute, notes in the article that when a consumer reports a lost health insurance card, the insurer issues a new card with the same number. The industry needs to do a better of security with the cards, he says, ideally using a biometric on them.

The security of cloud vendors poses another worry, as another Forbes article points out. Ninety percent of the networks used in healthcare pose medium or high security risks, according to an assessment from cloud security vendor Skyhigh Networks.

With the recent celebrity photo hack and the ensuing beating Apple is taking, the damage has been done, whether Apple's iCloud security was at fault or not, an analyst tells Fortune. This only serves as further warnings that healthcare must shore up its security capabilities.

To learn more:
- read the Fortune article
- check out the Forbes story
- here's the iCloud piece