Like too many consumers, reporter Evelyn Wilkerson seems to have been living under a rock:
Sometimes in journalism, a story appears right in front of you. That’s what happened with Eyewitness news Morning Anchor, Evelyn Wilkerson — when a family friend became a victim of identity theft after having a stroke. So, she dug into it and was stunned by what she found–that identity thieves are helped by the embarrassment and caution of the companies they hack.
Read more on MyStateline.com.
One of the points the report highlights is what happens when a consumer or patient believes that their ID theft occurred as a result of a specific breach, but the entity keeps insisting that their problems are not from that breach. In Wilkerson’s report, it’s the Advocate Medical Group breach, covered on PHIprivacy.net, which involved the theft of four computers with unencrypted patient information. So far, Advocate has managed to get class-action lawsuits dismissed, but the reporter’s friend believes her problems are a direct result of the theft of her medical records from Advocate. For its part, Advocate continues to maintain there’s no evidence that there’s been misuse of the information or that the burglary was intended to steal information as opposed to hardware.
They may be correct, of course, that Allen’s problems are not due to their breach, and it may not be their breach that explains why Allen is also reportedly getting phone calls from people trying to sell her the services her stolen medical records would indicate she needs.
But the bottom line is that Allen became a victim of ID theft and no one has stepped up and said, “Yes, this is our responsibility and we’re going to help you.” Entities continue to fail to detect and/or report breaches. And entities continue to try to duck liability when they do have breaches. So who’s responsible for helping the affected consumer or patient?
Sadly, it seems that Nobody is.