Missing flash drive creates concerns for medical identity theft

A missing computer flash drive that contained data on Medicaid patients served by Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan, two affiliated insurance companies, may now end up causing members of either health plan to become targets of medical identity theft.. The companies are affiliated with each other and the breach involved approximately two thirds of the clients of both organizations. In addition to the medical data contained on the drive, several of the company's subscribers also had their Social Security Numbers breached. The flash drive contained sensitive information, including names, addresses and medical records of 280,000 Medicaid recipients is missing in Pennsylvania.

The companies have issued a joint statement.

 "At Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan, our number one priority is our members. Since reporting this unfortunate incident to the Department of Public Welfare, we have actively and responsibly executed a multifaceted plan to inform those affected, while also evaluating and enhancing our security measures to ensure this does not happen again."

Medical identity theft occurs when someone uses stolen insurance information to obtain medical treatment. This type of identity theft can lead to patients being billed for services not covered by insurance and can contribute towards their overall lifetime caps on insurance payouts. It can also affect a patients health record putting the patient in a jeopardy for dangerous misdiagnosis. This type of identity theft is harder to detect -and more difficult to rectify.

Officials at the companies say the hard drive may have been thrown away or lost as opposed to being stolen.Officials say, there is no indication that the information is being misused. To detect fraud, claims from those member numbers will receive extra scrutiny to make certain they follow previous patterns. The majority of the 285,691 missing records contain health-plan identification numbers and results of recent screenings, but no names. A total of 2,203 records contain names with varying combinations of addresses, member identification numbers and telephone numbers. Names and all or part of Social Security numbers are included on 808 records.

The insurers said they will provide free credit monitoring to those whose Social Security numbers were involved. However, since not all physicians report unpaid medical bills to the credit bureaus, credit monitoring can't be relied on to detect variations of this crime.

Companies will establish a toll-free number for those concerned about this breach starting at 8 a.m on Monday.

If the drive was stolen, it is possible that the thief might try to use the data to extract more information, including Social Security numbers, identity theft. Officials caution members to remember that they would never call members on the phone to request Social Security numbers. If you are contacted and solicited for information, contact the 800-number and report it. Do not provide personal data to anyone soliciting it.

Members should also monitor their insurance Explanation of Benefits forms for any unusual activity. In the event that statements include treatments that customers don't recognize or which are known to be erroneous, notify the insurance company immediately.

For more on medical identity theft see: Medical theft on the rise