News Feature | March 24, 2015

Soaring Medical Identity Theft Has Wide-Ranging Repercussions

Christine Kern

By Christine Kern, contributing writer

Vawtrak Malware Takes A “Crimeware-As-A-Service” Approach

Report found more than two million victims of medical identity theft in 2014.

According to the Fifth Annual Study on Medical Identity Theft, the incidence of medical identity theft has nearly doubled since the first study five years ago. It also notes that last year there were more than 2,000,000 victims, almost 500,000 more victims than in 2013. Sixty-five percent of victims paid more than $13,000 in out-of-pocket costs to resolve the crime, and consumers were left facing more than $20 billion in out-of-pocket costs as a result of the fraud, according to a press release announcing the study.

“Over the past five years, we’ve seen medical identity theft steadily rising with no signs of slowing,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Our research shows more than two million Americans were victims of medical identity theft in 2014, nearly a quarter more than the number of people impacted last year.”

The study was based on an annual survey of more than 1,000 individuals who self-reported they or close family members were the victim of fraud in 2014. The Medical Identity Fraud Alliance released results of the survey, which was sponsored by Kaiser Permanente, ID Experts, Experian Data Breach Resolution, and Identity Finder, and conducted by Ponemon Institute, a research organization.

“2015 will be a year of increased attention to the pervasiveness and damaging effects of medical identity theft. As we’ve already seen this year, the healthcare industry is and will continue to be a major target for hackers,” said Ann Patterson, senior vice president and program director at MIFA. “Stolen personal information can be used for identity theft, including medical identity theft and the impact to victims can be life-threatening.”

The study also found that, while consumers are the primary victims in these attacks, they expect healthcare providers to be proactive in preventing and detecting medical identity theft. According to the results, while respondents are not confident in the security practices of their healthcare provider, 79 percent said they expect their healthcare providers to safeguard their health records. Almost half (48 percent) reported they would consider switching providers if their medical records were lost or stolen. In cases of breach, 40 percent expect to receive prompt notification from the affected healthcare organization.

Respondents were clearly attuned to the potential dangers of electronic record keeping, with 55 percent saying regulations under the Affordable Care Act increase their chances of becoming a victim of medical identity theft, in part because of increased use of information systems that may not be adequately secured. “Given the high volume of medical records and personal information leaked by healthcare providers and payers, organizations are now more focused on reducing how much unprotected PHI they store and shrinking the target hackers go after so that fewer patients are exposed to the risks of medical identity fraud,” says Todd Feinman, CEO of, Identity Finder LLC.