Imagine opening up the mailbox to find a letter explaining that the personal information you gave to doctors is now in the hands of a criminal. Your mind would instantly begin racing, thinking of all the sensitive—and private—information that others may have about you. While this may sound like a nightmare, this happens to millions of Americans each year as a result of healthcare data breaches.
When you seek medical care, healthcare providers encourage you to give them every piece of information–no matter how sensitive–to ensure you receive the best care possible. In turn, they assure you that anything you tell them is confidential. What you don’t expect is that your information will end up in the hands of criminals—or posted on the dark web for anyone to view. Making matters worse, this “protected health information” can be used by hackers or other criminals to carry out identity theft and frauds.
If your information was leaked in a recent data breach at a hospital, doctor’s office or other healthcare provider’s office, you are now at an increased risk of identity theft. At the law firm of Console & Associates, P.C., our healthcare data breach lawyers know how to help victims pursue compensation following the exposure of their sensitive information. Our data breach lawyers investigate breaches on behalf of consumers and help them explore their legal remedies. We offer free consultations to data breach victims, during which we will explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case.
Protected health information, which is also commonly referred to as PHI, is any identifying information collected by healthcare providers during the course of treating a patient. For example, demographic information, medical history information, test and laboratory results, mental health information and insurance information can all be considered protected health information.
The collection and use of PHI are governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Under HIPAA, healthcare-related data is considered protected health information if it contains at least one identifier. HIPAA lists 18 different identifiers listed, which include a patient’s:
So, if treatment-related data in a healthcare professional’s possession contains any of the above identifiers, it is considered PHI. The fact that information is “protected” triggers certain obligations on the part of healthcare providers to ensure the security of the data and to report any breaches resulting in unauthorized access to the information.
We are here to help.
Hackers target PHI for a number of reasons, most of which relate to the ease with which this data can be used to commit identity theft or other frauds, which translates to profit for the hackers. For example, healthcare providers typically have patients’ Social Security numbers on file, so by orchestrating a data breach that targets a healthcare provider, hackers have a good chance of obtaining patients’ Social Security numbers.
Once a hacker has your Social Security number, they can carry out a number of frauds, including:
Additionally, many hackers specifically target PHI with the intention of selling the stolen information on the dark web.
Hackers will often sell the protected health information they acquire through a data breach to other criminals on the dark web. But this begs the question, “who would pay for protected health information, and why?” The answer: someone who wants to obtain medical care without paying for it may buy the information and then use it to obtain medical care in the victim’s name. This is referred to as healthcare identity theft, the consequences of which can be severe.
When someone buys PHI on the dark web and uses it to get medical care in your name, they essentially pretend to be you. This means that the provider will send you the bill. More concerning, however, is the fact that the “fake patient” gives the healthcare provider their own information when seeking medical treatment. For example, when you go to the doctor’s office for any treatment, usually the nurse will ask you about your current medications and whether there have been any changes in your medical history since your last visit. If someone using your information visits the doctor in your name, they will give the doctor their own information to ensure they receive the appropriate treatment. However, whatever info they give to the provider then gets mixed up in your medical record, which means your provider may have inaccurate information about you the next time you go to see the doctor.
Given these risks, it is essential that anyone who learns their protected health information was compromised in a data breach understands what they can do to protect themselves. Patients whose information is leaked in a PHI data breach may also be eligible for compensation from the provider that leaked their information. A data breach lawyer can help patients understand their rights and pursue all available legal remedies.
At Console & Associates, P.C., our data breach attorneys monitor all healthcare data breaches so that we can help consumers understand their rights and pursue whatever legal remedies are available to them. Healthcare providers occupy a place of trust in your family, and it is essential that they live up to their data security obligations. However, too often, providers prioritize their bottom line over the security of patient information. A data breach lawsuit sends providers a strong message that they must take patient privacy seriously. If you’ve been affected by a data breach, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.