Could your identity be stolen at your next doctor's appointment? About 30 million Americans have had their personal health information breached or inadvertently disclosed since 2009, according to cybersecurity company Redspin. And that's just the number of breaches reported to the U.S. secretary of Health and Human Services.
Cyberthieves aren't interested in medical conditions and prescriptions. Instead, they target billing and insurance records, which house valuable data including Social Security numbers, addresses and credit card info—all in one place.
According to a study released this month by the Ponemon Institute, cybercriminal attacks on health-care organizations, like hospitals and clinics, are up 100 percent during the past three years.
The institute's first study of patient privacy and data security in 2010 found 20 percent of those surveyed had experienced a breach. In 2013, 40 percent had experienced a breach, according to the institute, a research center on information security policy.
"A financial identity can be worth $5 to $10 if you have all the info. A medical identity can be five to 10 times that amount just because how easy it is to monetize that information once that bad guys get it," said Robert Gregg, chief executive of ID Experts, a cybersecurity firm that sponsored the Ponemon Institute survey.
More medical professionals also are accessing medical data through mobile devices, which poses other security risks.
Forty percent of those surveyed by the Ponemon Institute said they rely heavily on the cloud for services such as backup, storage and file sharing. Yet, only one-third are confident or very confident that their cloud is secure.
"Health care is substantially behind the financial services industry in terms of protecting identities and it's particularly concerning because these are the most vulnerable identities we're looking at," said Gregg of ID Experts.
If you're worried about your medical data getting breached, here are some red flags to look out for. The following are signs your identity may have been compromised, according to Federal Trade Commission:
- Bill for medical services you didn't receive
- Call from a debt collector about a medical debt you don't owe
- Medical collection notices on your credit report that you don't recognize
- Notice from your health plan saying you reached your benefit limit
- Denial of insurance because your medical records show a condition you don't have
If you notice these or any other suspicious signs, contact your health insurance provider for your medical records. After careful review, report any errors to your insurance company. You should also report the fraud to the three credit reporting agencies, Equifax, Experian and TransUnion.
For more CNBC coverage of cybersecurity, visit HackingAmerica.cnbc.com.