The Fifth Annual Study on Medical Identity Theft is an industry-sponsored research project by the Medical Identity Fraud Alliance.
Medical identity theft is costly and complex to resolve. Because the crime can cause serious harm to its victims, it is critical for healthcare providers, health plans and technology/service providers to do more to help victims resolve the consequences of the theft and prevent future fraud.
Download this paper to learn about the potential damage to providers and vendors of health care services when their sensitive data is stolen and customers pay the consequences.
2014 will long be remembered for a series of mega security breaches and attacks starting with the Target breach in late 2013 and ending with Sony Pictures Entertainment. In the case of Target breach, 40 million credit and debit cards were stolen and 70 million records stolen that included the name, address, email address and phone number of Target shoppers. Sony suffered a major online attack that resulted in employees’ personal data and corporate correspondence being leaked. The financial consequences and reputation damage of both breaches have been widely reported.
2015 is predicted to be as bad or worse as more sensitive and confidential information and transactions are moved to the digital space and become vulnerable to attack. Will companies be prepared to deal with cyber threats? Are they taking steps to strengthen their cyber security posture? Read about the changes, and challenges, that IT security practitioners face after the year of the breach.
Once relegated to the back pages of local newspapers, today’s data breaches are primetime news. Negative media coverage is often accompanied by scrutiny from public officials and foreboding consumer notifications, all of which emphasize the increased risk of identity fraud after a breach. Once thought to be a theoretical consequence, new evidence clearly shows consumers become less apt to open their wallets and patronize a company after a data breach. In addition to potential lost business and goodwill, a breached company may find itself saddled with the cost of litigation and subsidizing identity protection services for affected consumers.
Since 2001, more than 132,000 public charities and private foundations have published nearly a half-million Social Security Numbers in public filings with the IRS, putting more than 171,000 individuals at increased risk of identity fraud. Between 2001 and 2006, 18% of all non-profit organizations included at least one social security number on a Form 990.The practice of including SSNs in public tax documents is decreasing, but advocacy organizations, alumni associations, community and scholarship foundations, and private trusts have all published lists of names and social security numbers, unknowingly placing personal information permanently in the public domain. Scholarship recipients, tax professionals, employees, and donors, now face the prospect of living the rest of their lives at increased risk of identity fraud.
Despite massive security efforts in place today by large organizations, data breaches continue to occur and identity theft is on the rise. Something has to change. This paper compares the two primary prevention strategies to demonstrate the strength and value in securing Data-at-Rest and Data-in-Motion. We analyze historical research to highlight the true nature of data breaches and help you determine which strategy is right for you. In nearly every comparison, from cost to effectiveness, Data-at-Rest solutions emerge as the stronger data loss prevention strategy.
Based upon the experiences of Identity Finder hotel customers, this use case illustrates how Identity Finder DLP minimizes a hotel’s risk of data leakage and decreases PCI-DSS audit and compliance costs within a decentralized hotel network. Mid-sized to large hotel and resort chains process and store a variety of guest personal information including PCI Data (e.g., credit card information) using secure Payment and Property Management Systems (PMS). However, in the fast-paced, high-stakes world of property rental, information often leaks out of secure systems, creating a PCI-DSS compliance nightmares. Identity Finder can help.
According to the US HHS, the loss of patient data nearly doubled between 2010 and 2011 and stored data, or “data-at-rest” PHI breaches were the cause of 100% of all reported breaches in 2011; no reported healthcare breaches were due to e-mail disclosure or “data-in-motion” breaches. These problems are so pervasive that the OCR initiated a program of random, system-wide HIPAA audits on Covered Entities. To comply with HIPAA and HITECH, several healthcare systems and hospitals have implemented Identity Finder to find and protect stored PHI. This use case is based upon the actual experience of several Identity Finder customers in the healthcare industry.
The National Strategy for Trusted Identities in Cyberspace (NSTIC) is a government-coordinated, private-sector initiative to launch a nationally interoperable framework of independent federated identity systems. If implemented properly, NSTIC could improve privacy. However, this whitepaper finds that in its current form NSTIC will create new methods to commit identity theft; a false sense of control, privacy, and security among users; new ways to covertly collect users’ personal information; and new markets on which to commoditize human identity.