DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

New Report: The Geography of Medical Identity Theft

Posted on December 12, 2017 by Dissent

Pam Dixon and John Emerson have authored a new report from the World Privacy Forum: The Geography of Medical Identity Theft.

From the report:

Summary of Findings and Recommendations

This report finds that medical identity theft is growing overall in the United States, however, there’s a catch. The consumer complaint data suggests that the crime is growing at different rates in different states and regions of the US, creating medical identity theft “hotspots.”

Populous states such as California, Florida, Texas, New York, and to a lesser degree, Illinois, often have high consumer complaint counts, which can result from population effects. Based on data analysis of “rate per million” so as to equalize for population, strong additional patterns emerge from the complaint data. Notably, a large cluster of southeastern states emerge as a regional hotspot for medical identity theft, with steady growth patterns. Medical identity theft hotspots have also occurred in a dispersed mix of less populous states.

In addition to documenting geographic and growth patterns, the complaint data also documented significant and heretofore largely unreported patterns of harm related to debt collection resulting from medical identity theft, including debt collections documented to be one to three years in duration.

The documentation of debt collection impacts on victims of medical identity theft is new information, and needs to be added to the understanding of how medical identity theft impacts victims of the crime. Although impacts and modalities will be discussed in detail in Part 3 of this report series, this report touches on this research as it represents a significant adjacent finding.

Key recommendations in the report include:

  • The Department of Health and Human Services should facilitate the collection of follow up information from those affected by medical data breaches, specifically including data to document medical debt collection activity post-breach.
  • Policymakers and law enforcement agencies should take regional and state hot spots suggested by the data into account when planning resources for medical identity theft deterrence, prevention, and remedies.
  • Healthcare providers and related stakeholders need comprehensive risk assessments focused on preventing medical identity theft while protecting patient privacy. These risk assessments need to include specific plans for handling patient debt collection practices, and specific procedures that will prevent debt arising from medical identity theft to be passed to a collection agency.
  • Patients, medical data breach victims, and other identity theft victims should be aware of states where medical identity theft is more active.
  • The Consumer Financial Protection Bureau should monitor medical debt collection practices more closely and address abuses.

You can download the full report from this link.

No related posts.

Category: Health DataOf NoteU.S.

Post navigation

← South Korea Imposes ~$55,000 Fines On a Crypto Operator for Security Failures
Text alert: the ‘bank’ message that cost a student £5,400 of her loan money →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked
  • Hunters International to provide free decryptors for all victims as they shut down (2)
  • SEC and SolarWinds Seek Settlement in Securities Fraud Case

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.