The Associated Press revealed that thieves gathered information from 100,000 US taxpayers between February through May of this year. They used an IRS system called "Get Transcript" where tax returns can be downloaded from the IRS by simply providing a social security number, birth date, tax filing status and street address. With all the recent breaches I can't help but wonder if the stolen health care data from Primera and BlueCross BlueShield or even the data from the Target or Home Depot breaches was used with the IRS system to get the tax data...
If the thieves already know your name, birth date, social security number and address the only thing they have to guess is whether a person filed as married, single or head of household. It's a wonder that this didn't happen sooner. It's possible that the thieves will use this data to open credit cards or to this
information to file a fraudulent tax return in the future.
We're all vulnerable here. If you haven't done it already, please lock down your credit. Each of the 50 states have enacted legislation that allows consumers to lock down our credit records at the three credit bureaus: Experian, Equifax and Transunion. Please go to the URLs to learn how to lock down your credit:
Experian: https://www.experian.com/freeze/center.html
Equifax: https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp
Transunion: http://www.transunion.com/personal-credit/credit-disputes/credit-freezes.page?
In the theme of thinking about what is logically next based on these breaches, think of medical identity theft. This is a fairly new type of fraud targeting your medical identity. In this case, someone other than you uses your identity for their health care. When someone other than you uses your identity for health services, their information is tied back to you. I read about a young girl whose medical identity was used for AIDS treatment by someone other than her. The young girl learned that something was wrong when she tried to donate blood. Imagine if she had been in an accident or if that incorrect data was provided to an employer, school or some other person or institution that made decisions about her future.
Insurance companies are also going to be left holding the bag for services and procedures given to someone other than the person paying for the insurance.
It's time to consider your health identity. Next time you visit your health care provider verify that the information in your records is correct and consistent with the services you receive. I predict that we will see additional steps taken by health care providers to ensure we are who we say we are. Something like a providing picture identification might be required.
Legislation needs to be enacted to mandate that the health care industry protect our sensitive information. (Currently the health care industry is not as well regulated as the financial industry.)
The bottom line is that we need to think about how these breaches might impact other parts of our lives. The IRS should have has a system in place that evaluated requests to uncover the fraud sooner so that a quicker response could have been made.
What other systems can be used to violate the privacy and security of our data? These systems need to be identified and evaluated consistently, breach notification needs to be made sooner so that future issues can be prevented.
