Archive for the ‘Personal privacy’ Category

Newer Entries »

10 Ways To Guard Your Medical Records

Thursday, July 31st, 2008

Part 3 of 3

A Prescription to Prevent Prying Eyes

Your doctor’s office, clinic or hospital are clearly in the bulls-eye when it comes to being targeted by predatory identity thieves. Insurance company records are under attack as well. Many of the bad guys are on the outside trying to get in to databases and files, but unfortunately many culprits are on the inside and can’t resist the temptation to pry or steal.

Sadly, the market demand for our most private health-related information is quite high and therefore tempting for those inclined to take advantage of their to access to our most private health matters.

Privacy experts, attorneys and fraud investigators have their hands full battling fraud and theft on these fronts. As I mentioned a couple of posts ago, the FTC reported in a recent survey that 3 percent of U.S. identity crime victims (250,000 people) had some form of their personal information used to obtain either medical services or false insurance claims payments.

If your company is in the habit of searching for the best value in medical benefits for employees, there is a good chance that they will make a switch to a new provider for “better benefits”. While that could be good for the company’s bottom line, your medical history has now been replicated in a new place and “abandoned” in another. These realities of the health care landscape make vigilance a necessity.

The Washington Post reported earlier this month about a peer to peer data breach that involved the medical records of at least 1000 patients at Walter Reed Army Medical Center. In many cases, breaches are caused by the careless downloading of file sharing or peer to peer (P2P) software by careless employees at work.

Leading the way again, California passed legislation this year requiring notification when consumers’ medical information is “improperly accessed”. Only Arkansas has passed similar legislation and the topic is now being debated in Congress.

Here are 10 ways you can protect your medical history, your records and your health.

  • Limit your authorization for release of medical records to anyone unless it is an absolute necessity.
  • Inspect all your insurance statements for accuracy and the absence of any discrepancies.
  • Put your shredder (cross cut) to work on any health or medical documents that you may discard.
  • Ask for and inspect your medical records or statements for any benefits which may have been paid for under your name, but not received.
  • Monitor your credit report for any collection notices filed by medical providers.
  • While not always easy, make a serious attempt to correct any inaccuracies in your medical records.
  • File a police report if your information is stolen.
  • Read and digest the privacy statements of all your medical providers and request copies for your records.
  • Remember that your medical records are just as vulnerable as other sensitive documents. Keep them out of reach and out of sight.
  • According to the Identity Theft Resource Center, if you are a Medicare patient, you should make a photocopy of your Medicare card and carry a wallet sized version with only the last 4 digits of your Social Security number showing. The original should be locked away. The name and contact information of a trusted person should be included in your wallet. This medical contact person should have on hand the following information: the last 4 numbers of your SSN, your pertinent medical history, the name of your doctors and a list of all your medications. This tip could be a lifesaver.

Posted in Data Breaches, Medical Identity Theft, Personal privacy | No Comments »

The Era of Medical Exploitation

Sunday, July 13th, 2008

Part II in a series

It would not be an exaggeration to say that medical identity theft could possibly kill you.

Research indicates that there may have been as many as 500,000 medical id thefts in just the last two years. Much of recent medical id theft has gone on undetected, which presents the real threat. We don’t even know we are victims…..yet.

Because this violation of our medical privacy can go on for years until it is discovered, the threat looms even larger for those who rarely seek medical services or advice. Sadly, these medical privacy breaches are not much of a priority for most health-care providers.

According to a recent Price Waterhouse Coopers report, the situation is not only dire in the United States, but around the world. Studies indicate that less than 50 percent of medical facilities even bother to encrypt your health data before transmitting or storing it electronically.

The opportunities for caregivers to misdiagnose a patient’s condition are drastically increased due to potentially false or inaccurate medical information being stored and shared in databases worldwide.

The recent disclosure that the medical files of George Clooney, Britney Spears and Maria Shriver were recently “snooped on” by curious hospital workers is a case in point. Just as most companies strive to prevent attacks and hacks from insiders, health-care providers are just waking up to the same stark reality.

We have become victims of not just the criminals, but victims of the curious. Marc Rotenberg, director of The Electronic Privacy Information Center agrees. “Now we’re moving into an era where many of those same problems occur with medical records.”

Next post, we’ll look at specific recommendations to help make and keep you a smaller medical identity theft target.

Posted in Medical Identity Theft, Personal privacy | No Comments »

The Frightening Specter of Medical ID Theft

Tuesday, June 17th, 2008

Part I:

What you can’t detect, anticipate, control or prevent could kill you.

There is a dark world far beyond the gates of mere identity theft. This region lies beyond the boundaries of credit card fraud, phishing and pharming scams or corporate data breaches.

The victims who inhabit this world are reportedly growing in number. The Federal Trade Commission (FTC) recently reported that as many as 250,000 Americans may be engulfed in medical identity theft each year.

The current economic climate fans the flames of temptation for perpetrators who include health care workers, those with access to medical and insurance records and regular Janes and Joes who are personally struggling with the economic reality of “too much month left over at the end of the money.”

Its not just the career criminals who are taking advantage of the health data that falls into their hands, but desperate and otherwise harmless opportunists who can’t resist the temptation to latch on to someone else’s medical history.

Consumers drowning in debt, may find the lure of this type of theft too great to resist according to Chris Dorn, a fraud expert with Ingenix, a health care investigations firm in Eden Prairie, Minnesota. Dorn says “Anytime you have 47 million Americans without adequate health care coverage, you will have people out there willing to steal it.”

The life threatening nature of this type of fraud and theft are apparent. Imagine that someone else’s medical problems were suddenly thrust into your medical records without your knowledge. This could change the way you are treated in a hospital or emergency room, change your blood type and allergy records or litter your personal medical files with maladies that could affect your ability to travel or to obtain certain types of insurance.

Next post, I’ll take a closer look at this growing problem and examine what the experts are commonly referring to as the age of “medical exploitation.”

Posted in Medical Identity Theft, Personal privacy | No Comments »

TransUnion Settlement Reportedly Largest In History

Saturday, June 7th, 2008

Consumers may have finally scored big time!

Credit reporting agency TransUnion has agreed ( as part of a pending class action settlement) to provide free credit reports and credit monitoring to anyone who had a credit card, loan or credit account between January 1998 and May 28, 2008.

In case you’re counting, that amounts to over 160 million Americans who would qualify for free credit monitoring. Under the settlement, the free monitoring would be good for between 6 and 9 months.

After a 10 year legal battle in which TransUnion was accused of selling private consumer data, it seems that anyone with a loan during the last 10 years will get this neat gift by simply applying for it.

The data in question was sold to marketers like retail and financial institutions, who then analyzed it and sent out unsolicited offers (a.k.a. junk mail) to consumers like you and me.

In addition to the free credit report available now from the big 3 bureaus, consumers will also get free monitoring of their credit files. Monitoring can be a useful early warning signal that an identity fraud has occurred or may be pending.

Until now, it seemed that consumers had no defense against the sale of their personal and private credit profiles. During my public lectures, I have always shared the dangers of this sort of “dirty tricks” industry practice which I refer to as “Pirates Peddling People’s Personal Preferences.”

A TransUnion spokesman denied that any law was ever violated and claims that the practice in question was terminated in 2001. The company plans to make lemonade from lemons when it begins an ad campaign in mid June to announce its free monitoring plan to the public.

You can read a copy of the settlement online at: www.listclassaction.com Claims can be filed starting June 16th, 2008 on the website or by calling 866 416-3470.

Posted in Credit industry, Credit reporting agencies, Personal privacy | No Comments »

Mail Fraud Identity Theft Schemes Exposed

Saturday, May 31st, 2008

Postal Inspector laments: “Like nothing we have ever seen!”

Nebraska police and postal authorities have uncovered what appears to be one of the largest cases of mail fraud and identity theft they have ever encountered.

A vehicle searched after a routine traffic stop uncovered a mountain of stolen mail which lead veteran postal inspectors to discover one of the largest caches of stolen mail in the state’s history.

Similar incidents in Fremont, California have led to the arrest and conviction of a couple who were recently sentenced to five years in prison and slapped with a $25 million dollar judgement for trying to misuse the U.S. Mail to defraud Microsoft Corporation.

The Microsoft case involved multiple defendants who were very organized and persistent.

In a frightening turn, it was discovered that the proceeds from the racket were being funneled out of the country and in to Pakistan, according to federal prosecutors.

Here are 5 simple ways to reduce your chances of being a mail fraud victim:

  1. Only use a locked mailbox at home
  2. Never leave mail for pickup in, on or around your mailbox (that red flag is a no no)
  3. Stop your mail delivery when going on vacation
  4. Utilize online bill payments to reduce the paper mail you receive
  5. If you suspect you are missing mail, contact local police and Postal Inspectors pronto

Sadly, we have finally come to the point in our nation’s history when it is naive and foolish to utter the hackneyed phrase “the check is in the mail.”

Posted in Mail fraud, Personal privacy | No Comments »

ID Theft Services..Who Ya Gonna Call?

Saturday, May 10th, 2008

Not all Identity Theft protection providers are created equal.

Many consumers are scrambling for answers and guidance. Some just roll with their hunches or simply give in to the relentless marketing barrage of the “high profile “solution providers.

We all know who they are. These companies seem to pop up every time we visit the web. Their promises to prevent financial peril have been carefully crafted to deliver the greatest set of wiz-bang features ever offered before.

Some firms prop up spokesmen who carelessly boast of their own invulnerability to financial theft, while others claim to have cornered the patented ability to deliver a cloak of protection which only they can serve up.

All these contenders with their endless features and benefits remind me of a fantastic local deli near our house. The menu is huge and there are just too many delectable choices with a wide variety of prices!

So what’s a typical security seeker to do?

First, answer these revealing questions:

  • Are you a victim? (If so, contact your local police immediately!)
  • Have I checked the FTC’s online resources for information and guidance?
  • Am I prepared between $9 and $15 dollars per month for the “right” solution?
  • Do I mind paying someone to do something I could do myself for free?
  • Are the company’s promises and claims reasonable and realistic?
  • Is my entire family in need of protection or just me?
  • Have I been lured with promises of “free” services? www.freecreditreport.com
  • Do I really expect to “cash in on those well publicized $1,000,000.00 loss guarantees?
  • Should I take a deep breath and examine my real no cost credit report?
  • Have I taken advantage of freely accessible steps to minimize my exposure?

Consider your needs before “jumping on-board” with a provider.

Simply scratch off anyone on your list who claims to be able to PREVENT your identity from being stolen.

Consider that the Big 3 credit aggregators are in the business of selling your personal information to data-hungry marketers, while they simultaneously “protect” you from many of the very vultures that they feed.

It makes sense to protect yourself from the seemingly inevitable world of data breaches, medical fraud and financial fraud.

Well known Silicon Valley IT expert Ravi Char refers to information security as “the delicate dance”. No one solution is capable of covering all the bases.

In today’s complex world of portable data and predatory opportunists, the best identity protection solution is to stay light on your feet and keep on dancing.

Posted in Credit reporting agencies, Data security, Personal privacy | No Comments »

Universities Pummeled by Data Thefts

Friday, April 25th, 2008

Massive data spill leaves thousands of students out in the cold.

The combined number of people victimized in two separate incidents at the Universities of Virginia and Miami totals over 50,000.

Nearly every imaginable piece of private information was stolen; including names, addresses, credit card data and highly- prized social security numbers.

These giant leaks aren’t supposed to occur, but the fact is that the portability of laptops and backup tapes makes the crime more common than casual observers may notice.

In the Florida case, the records were being shipped off to a private off site storage facility. This practice is usually designed to safeguard the data off campus, but this time the stagecoach was robbed.

This isn’t the first time the University of Virginia has dealt with this crime. Last year the F.B.I. was called in to investigate the theft of data belonging to 5735 University faculty members.

Techweb Media reported this story last week and also disclosed new research from analysts at AMI Partners. The research indicates that a staggering 86 percent of mid-sized U.S. business reported some sort of security breach or data loss in the last 12 months!

What can you do to ward off the grim IDENTITY GRIM REAPER?

1. Back up your data. A backup allows you to restore missing, corrupted or stolen files quickly. A backup will also allow you to continue your work while your computer is being located, repaired or restored.

2. Download updates to your OS and software regularly. Security patches and “bug fixes” can help you keep your privacy armor polished.

3. Be on guard for viruses and worms. Fight these cyber-security threats by installing a good anti-virus software program.

4. Fight off malicious Ad-ware and Spy-ware. Everyone using the web, instant messaging or file-sharing is vulnerable. Install protective software to fight off malicious mal-ware and update it regularly.

5. What do you mean you don’t have a firewall? Install one immediately to protect your computer from intrusion. Purchase a firewall “box” or get the software version from a company like Norton or McAfee.

6. Use stronger-longer passwords. The longer and stranger looking they are, the better. Recent studies indicate that most computer users utilize the same password for everything. Create long and unusual alpha-numeric passwords that don’t contain easy clues like your dog’s name or the street you grew up on.

7. Lock your computer down! The trunk of your car doesn’t count. Visit a local retailer to purchase a computer locking cable device. Turning your back on your computer for even a moment at home, at the library or at Starbucks is just asking for trouble with a capital T.

Posted in Anti-virus software, Computer safety, Data Breaches, Data security, Personal privacy | No Comments »

Congressman Is a High Profile Data Theft Victim

Saturday, April 19th, 2008

Ironic twist makes this incident noteworthy!

Even high profile identity theft advocates are vulnerable to the threat of data loss, data compromise and data crime.

Representative Joe Barton (R-Texas) was among 3000 patients whose records were reported missing by the National Institutes of Health. An NIH laptop containing the medical records for the patients was reported stolen from the trunk of a vehicle according to a report this month by The Associated Press.

Here’s the irony. Barton is a founder of the Congressional Privacy Caucus, whose mission among other things is to educate members of Congress and their staffs on matters of individual privacy.

It is noteworthy that Rep. Barton only found out about his own breach in press reports. Barton has asked the inspector general for the Health and Human Services Department to investigate why the information wasn’t encrypted and why the NIH delayed disclosure of the breach.

As difficult as it may seem to protect your financial identity, your medical records are much harder to secure. This is primarily because patients have no control over the handling and care of their own personal medical records.

The federal regulation designed to prevent these unsettling scams is the Health Insurance Portability and Accountability Act ( HIPAA) Privacy Rule. Unfortunately, it can be extremely difficult for patients to correct inaccuracies in their medical records, because insurance companies are not compelled to correct records which they did not create.

According to a report on msnbc.com, one medical identity theft victim had the contents of her wallet removed and despite the fact that she quickly cancelled all her credit cards, had almost $14,000 in prescription meds and treatments charged up in her name. Over the next four months, restoring her identity became a part-time job. She fought off bill collectors, struggled to get her own medical prescriptions paid for and nearly got arrested herself on suspicion of being a co-conspirator in the scam.

The numbers can be deceiving. According to the Federal Trade Commission, only 3 percent of U.S. identity-crime victims have their information used by others to obtain medical services or false claim reimbursements. This still means that nearly 250,000 Americans may be victims each year! The rising cost of health-care will only make these crimes more prevalent going forward.

The lurking dangers of not being able to access your own health benefits or having your medical records polluted with potentially life threatening mis-information makes this topic a sure recipe for more than just heartburn.

Posted in Data security, Federal Government, Medical Identity Theft, Personal privacy | No Comments »

Warren Buffett Has Shakier Credit Than Me?

Tuesday, April 1st, 2008

The Oracle of Omaha shares our pain!

It is not surprising that many well known personalities are targeted not only because of their vast wealth, but because dumb criminals actually believe that the wealthy enjoy so much excess that they wouldn’t notice a few missing coins.

The spotlight shines brightly enough to cast a shadow over the financial affairs of many in the public eye. That spotlight however, hasn’t necessarily blinded them.

Oprah, American Idol finalist Ruben Studdard and even Herman Munster have all made the identity theft headlines in the past couple of years. Enter Warren Buffett.

A story in the March 2008 issue of Fortune Magazine cites the latest instance of a high profile identity theft victim. For those who don’t know, Buffett recently passed Bill Gates as the richest man in the world, with a net worth around 62 billion dollars.

According to the account, the Berkshire Hathaway CEO recently checked his credit history and discovered that his FICO score was slightly lower than the U.S. median. The less than stellar FICO score was attributed to a supposed “impostor” who may have compromised Buffett’s credit record.

Apparently, Mr. Buffett’s credit report cites 23 missed payments on a loan held by an HBSC branch in Nevada. The total loan amount was  a whopping $294.00. Buffett claims the account was never his. Nice try Warren.

Fortune reporter Telis Demos indicated that a recent study found that 25% of credit reports contain serious errors.

Although most of us will never share the financial spotlight with money making titans like Oprah and Buffett, we do share the same vulnerability.

Fortunately for Mr. Buffett, he didn’t ignore his credit history, he actually looked at it.

The rest of us would do well to follow that sage example.

Posted in Credit industry, Personal privacy, Personal Responsibility | No Comments »

Guess Who's Coming to Dumpster?

Thursday, March 13th, 2008

Be afraid…..be very afraid.

We live in a world where our personal habits, personal preferences, personal information,  and private lives are sometimes taken for granted. Former New York Governor Eliot Spitzer now realizes the folly of this careless, foolish and whimsical approach.

Last week, msnbc.com reported about the rash of failed savings and loans who are dumping mountains of personal information into trash bins as their businesses shut their shingles, fold their tents and abandon their clients.

The article chronicles the failure of First Magnus Corp. who was one of the largest mortgage lenders in the nation. The company was hailed as a “powerhouse” of savvy technological innovation. As unimaginable as it seems, “tens of thousands” of  documents including credit card and social security numbers were “dumped” in a nearby trash bin.

It now appears that every personal tidbit we make available in the process of securing credit for mortgages and secured or unsecured personal or commercial loans is up for grabs and beyond our ability to provide or even expect protection. Is that line of credit really worth the open exposure of all your personal data?

This new reality hit home for me today as an eagle-eyed industry associate correctly pointed out that a commercial lender who served each of our company’s mutual business clients had suddenly collapsed, leaving their customers and pending applicants’ data completely unaccounted for.

Mountains of juicy private data files are turning up in dumpsters and garbage cans all over the country. This criminal carelessness leaves us all exposed and hopelessly vulnerable beyond our control.

What’s a consumer to do? Protect yourself at all costs. Private identity theft insurance, regular credit monitoring and reactive credit restoration services are all good ways of keeping your guard up. To avoid pro-active identity self-defense is foolish.

The reality is that the information that passes through our hands and into the care of nameless, faceless, careless corporate grunts cannot be safeguarded with any degree of reliability.

Despite the fact that the Fair Credit Reporting Act was amended by Congress in 2003 to mandate better consumer privacy protection, commerce and industry must each do their part.

Because of the implosion of the sub-prime lending industry, many phone lines are down, many office cubicles are empty and many trash bins are full. In the new financial frontier its “every man and woman for themselves”.

Why not begin your proactive identity theft prevention/resolution plan today?

Posted in Credit industry, Data security, Personal privacy | No Comments »

Newer Entries »