sony medical identity theftA massive hacking attack on Sony Entertainment got a lot worse for company employees when it was discovered that sensitive employee data was stolen. Last week, employees logged into their computers to discover an image of a skeleton with the message “Hacked by #GOP” (which stands for “Guardians of Peace”). Many were locked out of their computers and email accounts, and several Sony films were pirated. However, new information uncovered by security blogger Brian Krebs indicates that a lot more damage was done. Among the 25 GB of data stolen was a spreadsheet that contained sensitive personal information of over 6,800 employees, including salaries, social security numbers, network usernames, birth dates and health savings account information.

How can identity thieves use this information?

In addition to accessing employees’ names, social security numbers and birth dates, thieves also obtained information about their health savings plans — and possibly other medical insurance data. While no form of identity theft is a walk in the park, medical identity theft can be one of the biggest headaches to deal with. It can also potentially cost you your health or your life.

What is medical identity theft? If someone else has access to your name and health insurance information, they can use it to visit doctors, order and pick up prescriptions or even file claims with your health insurance provider. Not only can this hurt you financially, but it can be potentially life-threatening due to the mixing of medical information. If your records are crossing paths with another person’s, you could be denied treatment or given the wrong medication or procedure during an emergency.

How can I protect myself from medical identity theft?

medical identity theft

One of the worst things about identity theft in general is it can be difficult to catch early. Medical identity theft especially can be tricky to catch straight away. However, there are some ways to help protect yourself from it or at least spot and deal with it sooner rather than later.

1. Protect your medical details. Some scammers may call you on the phone or send emails asking for your personal information. They might claim to be from a doctor’s office or your insurance company. Don’t give out any information if prompted. Instead, find out what they are contacting you about and do some research to find the phone number of the doctor or company yourself. Call and confirm that your information is actually needed, and only give it out once you feel certain you are giving it out for legitimate reasons. This goes for your social security number, of course, but also any account numbers associated with your medical insurance plan. Thieves are looking for you to give up information so they can use it for their own needs. Don’t let it fall into their hands!

2. Always read your medical insurance statements. Most health plans send subscribers a statement, often called the Explanation of Benefits, which details any treatment received. It will list the provider, service received and the date. If you notice something unfamiliar or wrong in your Explanation of Benefits, you should contact your insurance company immediately — this could be an indication that someone is using your name and insurance information. Keeping an eye on your insurance statements is a great way to catch any errors before you get a bill or a collection notice on your credit reports.

3. Receive an unfamiliar bill? Request copies of your medical records. If you receive a bill for a service you don’t remember receiving, it’s important to request a copy of your medical records. Depending on how long ago the alleged medical service was, you might not even get a bill and instead have to deal with the headache of a collection agency. Federal law says you have a right to view your medical records, so you should feel free to request the records from any provider or pharmacy where an identity thief has been using your information. Be aware, you may have to pay to receive these records — it is good to try and determine a time period so you can request records only from those dates. Some states make it easier than others to get these records, so check your state’s laws before requesting information.

4. Take care with medical-related logins. Many medical groups, insurance companies and clinics now offer online services in addition to in-office visits. This means your information will be available online, making it more vulnerable in the event of a breach like the one Sony’s employees have just experienced. Make sure that you create strong passwords for your online medical accounts. Some people might be tempted to be lax about security with such things, but your medical information is just as important to protect as your credit card account. Don’t know how to create a strong password? Follow this step-by-step guide for help.

5. Sign up for identity theft protection. Be aware, not all identity theft services are created equal. These services are great to have in general because they monitor your personal information to ensure it is not being used, traded or sold on the Internet black market or elsewhere. Some don’t provide any kind of coverage for medical records, so it’s important to sign up for a service that does. TrustedID is the top-rated service we review that offers medical record coverage — it will help you request your medical benefit history from all your providers so you can make sure no one else has been receiving benefits in your name. TrustedID then monitors your health insurance account for any suspicious usage on an ongoing basis.

Sony is offering its employees free coverage from an identity theft protection service to help with any problems in the coming months as a result of the data breach. Attacks like this are a reminder to us all that we live in an age where information is not always as safe as we hope. It’s important to do what we can to protect our identities at all costs. To learn more about how to protect yours, visit our identity theft protection reviews.