When hackers breached the IT system of the insurer Anthem, potentially gaining access to 80 million people's records, what exactly, were they looking for? The health records of the average American would seem far from captivating, ProPublica editor-and-chief Stephen Engelberg points out in this week's podcast.
Senior reporters Charles Ornstein and Julia Angwin explain that while mundane, health records are full of identifying data -- namely, your name, date of birth and Social Security number -- that a hacker could use to open a credit card account, attempt to get medical treatment, or use for tax fraud.
Other types of hacks -- like the ones at Target and the Home Depot, compromised only credit card numbers. "With those numbers, if they're canceled, your whole life isn't sort of put at risk," Ornstein says. On the contrary, "if a hacker has your Social Security number and date of birth and your name," he says, "you could end up starting your own durable medical equipment company, and suddenly you can start filing a whole bunch of claims on it without anybody being the wiser."
That's why proliferation of those kinds of hacks -- health care organizations and their business partners have reported 1,142 large-scale data breaches since 2009 -- are such an urgent problem. Meanwhile, the federal Office for Civil Rights has fined health care organizations just 22 times.
"Unlike other nations that have baseline privacy protections for all data, we basically don't," Angwin says, pointing out that the companies like Anthem have shown "a certain level of technical incompetence" in failing to encrypt their data.
So what can you do to protect yourself?
No. 1, Ornstein says, is not to put your Social Security number on health forms. It's simply not necessary to process most claims, he says.