This week Community Health Systems announced their system was hacked by Chinese hackers. The hackers were able to obtain the name, date of birth, address and social security number information 4.5 million patients. Community Health Systems provides hospital health care services to patients in 29 states. Since the initial announcement of the breach I have learned that patients of physicians affiliated with Community Health Systems hospitals may have also been exposed. As of this writing Community Health Systems did not have information relating to the breach available on their website. However, I have learned that Community Health Systems has hired Kroll, a risk management company, to set up a toll free number and website for those affected by the breach and to answer questions. Next week Community Health Systems will start mailing letters to individuals whose information has been exposed. In the meantime, DO NOT PANIC!! I should know as this is potentially, the second time my personal information has been exposed due to a health care data breach. Here are a few tips to help you through this process.
Community Health Systems has stated that they will offer credit monitoring for those affected by the breach. This is common practice for organizations that have suffered a breach. Don’t be surprised if the monitoring offered monitors only one credit bureau. Again, a typical response. Unfortunately this is not very effective. Not all creditors report to all of the credit bureaus. Does this mean you should not take their offer of the free monitoring? Absolutely NOT! Something is better than nothing. If only bureau is monitored then you will want to continue reviewing your credit reports from the other bureaus, at a minimum, yearly. The three major credit bureaus are Equifax, Experian and TransUnion.
MEDICAL IDENTITY THEFT
Another thing to consider is that credit monitoring DOES NOT monitor for medical identity theft. Medical identity theft occurs when someone uses your identity, without your permission, for medical services or products. Right now there are NO services that can truly monitor for medical identity theft. Credit reports and credit monitoring merely detects when a medical bill has not been paid thus resulting in a collections account or when a payment plan, or credit, has been established with a health care provider. If the identity thief pays his bills then the medical provider will never show up on your credit report.
So what can you do?
1. Review your Explanation of Benefits (EOB). An EOB is the summary statement you receive from your insurance company showing what was billed, the cost for the service/treatment/product,any insurance adjustments to the cost, how much the insurance will pay and the amount you must pay out of pocket, if any. An EOB can be very confusion to understand. For example: you saw the Doctor for five minutes yet you are being billed for fifteen things. What?? When reviewing an EOB pay attention to the date of the appointment/service and the name and/or the address of the provider. If you do not recognize one or either of these contact your insurance company right away. The EOB in questions could have been for a legitimate charge but without further explanation it is hard to make that determination. When it comes to medical identity theft it is safer to over-react than to make assumptions.
2. Provider bills. Review bills you receive from health care providers to check for accuracy. Again, you might not be able to understand the entire bill. The easiest way to overcome this is to call the provider directly and speak with someone in their billing department. Ask them for additional information so you can understand the line item charges. Bottom line – when in doubt, ask for clarification.
3. Medical records. You can request copies of your medical records from each provider. You will typically be charged a fee but go ahead and pay it. It is worth a few dollars now to protect your health.
Another thing to consider is that criminals will use the news of the breach to scam people even further. I know, the news just keeps getting better. The criminals will call you saying your information has been exposed and that they will help you sign up for the free credit monitoring. Aw, how kind. Not really. They are doing this to get your social security number and other sensitive information. The best way to avoid these scams is to not respond to unsolicited phone calls or emails claiming to be affiliated with the breach. If your information was exposed you will receive a letter in the mail. Again, scammers will create fake letters to trick you into calling them and providing your information. If you are in doubt call the toll free number Community Health Systems has created to answer such questions. The number to call is 1-855-205-6951. Remember, before you provide any information in response to an email, a phone call or a letter received in the mail call 1-855-205-6951 to verify it is legitimate.
UPDATE: For those of you in Southwest Florida I have been told that both Physicians Regional hospital locations and Lee Memorial were involved in the breach.
If you have additional questions on medical identity theft or what steps to take if you were exposed leave me a comment.