Ara Shirinian: UCLA Health breach victims must take measures to protect identity

The next time your health insurance authorizes a payment for medication, you might not be the one who benefits.

UCLA Health announced Friday that its computer network was hacked, leaving as many as 4.5 million people’s personal and medical information vulnerable to theft. While investigations in conjunction with the FBI seek out the organizers of the attack and find out what information was taken, UCLA Health is offering several services for anyone that might have been affected including: 12 months of identity theft recovery and restoration services, 12 months of credit monitoring and access to fraud resolution representatives.

Unfortunately, there is a fair chance that many of these services will go unused. In the age of big data, people have become familiar with the idea of their personal information in the hands of others. Indeed, stories about companies getting hacked and losing personal data are a dime a dozen. People seem to have become desensitized to the idea of data theft and generally don’t take the precautions necessary to protect themselves from fraud. Even in high profile cases like the Heartbleed bug, one of the most widely spread security breaches in history, the majority of people were not concerned enough to even change their passwords.

But the damage that can come from credit card or financial information often pales in comparison to the damage that can be caused by the information stolen in medical breaches. That’s why anyone whose information could potentially have been stolen should be extremely proactive in protecting their identity by taking advantage of the services being offered by UCLA Health.

The breaches were discovered in early May, but could have happened as early as September of 2014, according to UCLA Health.

The information contained in the accessed parts of the UCLA Health network contains permanently identifying information like date of birth and social security numbers. These can be used to commit medical identity fraud, whereby individuals use other people’s health care information to pay for procedures or medicine.

The information can also be used to aid in health care fraud, whereby stolen medical identities can be used to charge health insurances for services that were never provided.

The other problem is that health care providers rarely monitor individual accounts for fraud, so most crimes go unnoticed for a long time.

The Department of Justice says that cases of health care fraud cost the government tens of billions of dollars each year. Some estimates put the street value of stolen medical identities exponentially higher than that of normal identities.

More importantly, the impact on victims of medical identity theft is terrifying. A recent study found that 65 percent of people whose medical identity was stolen lost an average of $13,500 due to the crime.

It should be troubling then, that more than 2.3 million Americans have been the victims of medical identity theft.

With health care expenditures topping $3.8 trillion in 2014, there is more incentive than ever for hackers to try and breech large health networks like the one at UCLA. This can leave a lot of people very vulnerable.

However, identity theft protection services can cost a lot. So for victims of the UCLA Health attack, it would be wise to take advantage of them while they are being offered for free. These services monitor activity in your health or credit account and notify you of anything suspicious, allowing you to stop any illicit activities quickly.

Affected individuals will be notified within the next few weeks and given a code they can use to enroll in the services at myidcare.com/uclaprotection before Nov. 6. So far, the services seem relatively easy to access, but it is important that UCLA Health actively encourages people to sign up.

It remains to be seen how much UCLA Health did to prevent these kinds of attacks and protect their customers’ privacy. According to some experts, not very much.

But before we receive specific information on what protections were in place, it’s difficult to say what needed to be improved. For its part, UCLA Health has since expanded their cybersurveillance and expanded their internal security team in response to the attacks, even if it came too late.

The cost to the UCLA Health system as it stands could be tremendous. Earlier this year, when Anthem was breached and lost up to 80 million people’s information, the company said that breach-related expenses could easily rise above their $100 million cybersecurity insurance policy.

It’s clear that there could be a rough road ahead for victims of the breach at UCLA Health. If the center is proactive in encouraging people to take advantage of the services offered, the harm can at least be reduced.

If past security breaches are any indication, encouragement will certainly be necessary. Those affected by the UCLA Health breach need to break the mold and start taking their personal information more seriously, allowing them to stop fraudulent activity when it starts and saving a lot of trouble down the line.

A handful of services aren’t going to get back the medical information of 4.5 million people, but at least they can sleep slightly better knowing that if their identity is used, they will be able to mitigate the damage.