A report released by Javelin (requires an expensive membership) has updated statistics for 2008:
There were more than 275,000 cases in the U.S. last year of medical information theft, twice the number in 2008, The average fraud cost $12,100, Javelin said.
(The bold emphasis is mine.)
Medical identity theft is about 2.5 times more costly than other types of ID frauds, said James Van Dyke, president of Javelin, in part because criminals use stolen health data an average of four times longer than other identity crimes before the theft is caught. The average fraud involving health information was $12,100 compared with $4,841 for all identity crimes last year and consumers spent an average of $2,228 to resolve it, or six times more than other identity fraud, according to Javelin.
“It’s becoming the credit card with a $1 million limit,” said Jennifer Leuer, general manager of ProtectMyId.com. “If the health insurance is valid, they’ll treat you and not always check your ID.”
“A thief may change the billing address for a victim’s insurance so they’re unaware of charges.”, according to the World Privacy Forum “Once you aggregate and put data in one place it’s easier for you to see it but it’s also easier for a criminal to see and use it.” And how secure are we, these days?
Given that a lot of doctors have relatively small offices, many staff have all access to patient information. It’s fairly easy to download much more patient records to a USB drive than can be acquired by paper forms.