My Info has been Hacked Again. What to Do?

Dear Colleague,

It seems a regular part of modern life to occasionally receive a letter indicating your medical information has been hacked. I taped today’s video in January when I had recently received such a letter myself and was feeling less outrage than I feel today. The recent and awful hack to Lurie’s Children’s Hospital in Chicago has considerably darkened my thinking on the matter. It is unusual for me to wish ill on anyone but I do hope the people responsible for this despicable behavior are found and tried and sentenced to lengthy jail terms. To compromise the care of sick children is truly vile. 

We get calls from clients when they’ve received a notice that their medical information has been hacked asking what to do. And, of course, both providers and insurance companies are hacker targets. Hackers have different motivations but none of them are good. They may want to hold an organization hostage for payment or access to information they can sell. Anyway, we appreciate those calls from clients because they alert us to more assiduously review the client’s portal information for claims that might seem odd, notably from a provider we are not familiar with, or a service that surprises us, or a claim from a geographic area we don’t normally associate with that client.

I recently received such a notice regarding a Yale-New Haven Health hack. The letter was unusually detailed and lengthy and described a journey that started in July which led to a prior May event. To my dismay, the letter was dated the following December 22nd so not timely. The solution offered which I did not pursue was complimentary credit monitoring for a period of time. Contrast this with the steps taken when your credit card information is compromised. The card is immediately canceled.

There is not too much we can do as individuals to combat hacking but it is advisable to periodically review the claim information on your claims portal to prevent and report fraud should you see it. Occasional review is a sound practice anyway because it is also a way to identify medical billing and claims processing problems. If you see something odd, send a chat via your portal or call the Plan (using chat is more effective, in my opinion, because you have a record of the exchange. It’s also less painful than a long telephone hold).

When health insurance companies pay fraudulent claims, it hurts all of us because healthcare costs increase in an unfair way. And let’s not forget Medicare. We were delighted when Medicare identified fraudulent claims for one of our clients before the client or we did. We have no idea how our client’s Medicare number found its way to a provider of durable medical equipment she had never had contact with or received services from. It’s discouraging. And, of course, it may not have even involved a hack or sophisticated hack. Unfortunately, employees of healthcare organizations have routine access to your personal information which can be misused. In fact, it’s a sound practice to provide only the last four digits of your social, if possible, at any provider office that requests that information. 

The despicable practice of hacking for profit, for the challenge, and/or the ability to obtain medical services one isn’t eligible for, is definitely part of our modern world. Please take reasonable steps to monitor your information. Thanks.