Friday, March 5, 2010

What, Medical Identity Theft?

A little over three years ago I was speaking with a good friend and author on identity theft. He had predicted that medical identity theft would soon be the new frontier of identity theft. He had been soundly rejected by the press and some so called experts. They put down his theory as soundly as if he had purported that the world was flat after all. In fact John Gardner was exactly right. Read the article below to see just how pervasive medical identity theft and fraud has become.

A new survey from the Ponemon Institute shows that nearly six percent of American adults have been victims of medical identity theft, with an average cost per victim of $20,160. The cost comes from the efforts victims face to sort out what happened with concerned parties such as doctors, hospitals, insurance companies and credit agencies, the San Francisco Chronicle reports. "The National Study on Medical Identity Theft" is based on findings from 156,000 people who agreed to discuss the general topic of identity theft, with 5.8 percent confirming they had been the targets of medical ID theft. Based on those statistics, the study estimates that 1.42 million adults in the U.S. may have experienced the theft of their medical identification information
.

Tuesday, March 2, 2010

The Cost of Data Theft

The pice to Fix Data Theft: $7 Million and Counting
The theft of 57 unencrypted hard drives from BlueCross-BlueShield of Tennessee has given thieves access to personal data on upwards of 500,000 customers and is costing millions to fix, PCWorld reports. The drives contained recordings of more than one million customer support calls as well as 300,000 screen shots, which in some cases included names, birthdates and Social Security numbers. BlueCross is now auditing its security practices, the report states. The process of investigating the breach and notifying customers has cost more than $7 million so far. According to Michael Spinney of the Ponemon Institute, while the average data breach costs $6.75 million, the company could be paying much more due to the complexity of the breach.

FTC to Appeal Red Flags Exemption for Attorney Firms

FTC Set to Appeal the Red Flags Rule Exemption for Attorneys and Law Firms

On February 25, 2010, the Federal Trade Commission filed a notice that it is appealing the D.C. District Court’s December 28, 2009 judgment in favor of the American Bar Association in American Bar Association v. FTC. The District Court’s summary judgment held that the FTC’s Identity Theft Red Flags Rule (“Red Flags Rule” or the “Rule”) does not apply to attorneys or law firms. The Rule implements Sections 114 and 315 of the Fair and Accurate Credit Transactions Act. In relevant part, the Rule requires creditors and financial institutions that offer or maintain certain accounts to implement an identity theft prevention program. The program must be designed to detect, prevent and mitigate the risk of identity theft. Prior to the district court’s decision, the FTC had taken the position in publications and numerous panels that attorneys and law firms meet the Rule’s definition of “creditor” because they allow clients to pay for legal services after the services are rendered.

View the FTC’s notice of appeal notice last week stating its intention to appeal the court's judgment notice
http://www.huntonprivacyblog.com/uploads/file/ABA_v__FTC_Notice_of_Appeal.pdf