A report by Tisha Thompson and Rick Yarborough of the News4 I-Team makes a good point – that even when people know their PII is floating around or may be on black markets, they often have no clue their medical information or insurance information is also for sale on underground markets.The team interviewed one of the black market sellers. Here’s a bit of their report:
He said he got most of the current medical records from India, where call centers gather information by phishing over the phone. In those call centers, he said, “You’re going to see people buying data, selling data, like it was candy at a store.”
The seller also described how the operation worked when he, himself, was a telemarketer for an overseas company. He said callers would try to get missing private details from people over the phone. “They gave me a script that I had to read,” he said. Part of the script read, “’So, what is your name? What is the doctor’s name?’ When we didn’t even have the doctor’s name on it,” he explained. “We were just saying that.”
Those private details were then often sold to medical companies that targeted people with health conditions and charged insurance companies for services and supplies.
Read more on NBC.
A recent Ponemon survey highlighted their finding that most people do not check their medical records for accuracy. I would venture to say an even greater percentage have no clue at all whether their health-related information is up for sale on the black market. And because most of us would have no idea how to go about finding out, your best bet is to (1) check your Explanation of Benefits statements to see if anything “hinky” is showing up, (2) check your credit report, which are you entitled to get for free periodically, (3) be cautious about giving out information over the phone to out-sourced call centers, and (4) check your medical records for accuracy.
With respect to the last point, when my primary care provider switched over to EMR, they input a lot of information into the system. In glancing over their printout of an appointment, I noticed that it showed I had a history of hypertension. I don’t. A staff member casually said, “Well, maybe you had one instance of high blood pressure and that’s why it showed up.” I responded firmly that they were to delete that as it was inaccurate and misleading, and might have both insurance and healthcare implications down the road. And then I waited until they deleted it.
Protect yourself.