Anthem Inc. is the second largest health insurer in the U.S. and this week they announced that they were victims of a very sophisticated cyber attack that resulted in access to data on around 80 million past and current customers and employees, including names, birthdays, medical id and social security numbers, among other personal information. This is a really bad week for Anthem, and their customers, but what does this mean as far as what we expect to see as we go forward into 2015? After several high profile retail breaches in 2014, some are already calling this the year of the healthcare data breach.

ABC News: Anthem Hack: Credit Monitoring Won't Catch Medical Identity Theft

As noted in the Wall Street Journal (Health Insurer Anthem Hit by Hackers, February 4, 2015), “investigators are still determining the extent of the incursion, which was discovered last week….the insurer said it would reach out to everyone whose information was stored in the hacked database with a letter and, where possible, email….and will offer to provide a credit-monitoring service.” Anthem has also notified the Federal Bureau of Investigation of the intrusion and the FBI is investigating the matter.

So why do hackers target entities with consumer health information? For one reason, health data has substantial value on the black market. As reported in the Washington Post (China suspected in major hacking of health insurer, February 5, 2015) “A set of complete health insurance credentials sold for $20 on the underground markets in 2013 – 10 to 20 times the price of a U.S. credit card number with a security code.” It’s like why Slick Willie Sutton, the famous bank robber, said that he robs banks answering “I rob banks because that’s where the money is.”

Unfortunately, the impact to consumers of the compromise of personal information including their health insurance credentials can be very negative, challenging and expense. Those who acquire this data can perpetrate medical identity theft in order to profit from stealing the credentials. Healthcare fraud resulting from medical identity theft costs the system billions of dollars every year. But there are also costs (and hassles) that must be borne by the consumers affected by their medical identity theft.

Larry Ponemon, founder of the privacy and security research firm Ponemon Institute told NBC News (Anthem Hack: Credit Monitoring Won’t Catch Medical Identity Theft, February 6, 2015) that medical identity theft is large and growing and that in a 2013 study noted that “more than one-third of victims said they incurred out-of-pocket costs which averaged nearly $19,000 per person.”

He goes further saying “untangling wrecked medical records can be an arduous process even for experts, as privacy laws protect the release of health information and it can be tough for victims to provide they’re not the ones who actually received treatment.” Bob Gregg, CEO of data breach software and services company ID Experts noted to NBC that “everyone thinks about credit cards and bank accounts, but medical identity theft can be much more damaging and extremely hard to fix.”

And that is why experts generally agree that credit monitoring alone has little efficacy in helping consumers in battling the scourges of medical identity theft, including false billings to their insurer of services procedures that were never rendered. This has created a gap in terms of what organizations who are breached should do to provide consumers at risk for medical identity theft with a solution that can help them, like credit monitoring does for certain types of financial identity theft.

ID Experts MIDAS software was developed specifically to address this gap. It provides consumers, in partnership with their health insurers, with a tool for monitoring and detecting medical identity theft in order to arm them with something that was designed from the beginning to target medical identity theft issues.

ABC News: Anthem Hack: Credit Monitoring Won't Catch Medical Identity Theft