Insurance company sends letters to wrong addresses; 202,0000 at risk of identity theft

Georgia’s largest health insurer sent an estimated 202,000 benefits letters containing personal and health information to the wrong addresses last week, in a privacy breach that also raised concerns about potential identity theft.

Blue Cross and Blue Shield of Georgia later confirmed that the erroneous mailings were primarily Explanation of Benefits (EOB) letters, which include the patient’s name and ID number, the name of the medical provider delivering the service, and the amounts charged and owed.

“A small percentage” of letters also contained the patient’s Social Security numbers, said Cindy Sanders, a Blue Cross spokeswoman. The EOB forms were mailed to the addresses of other Blue Cross policyholders.

The security breach may be a violation of the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA), which protects patients’ medical information. The privacy rules were fully implemented in 2003, but few fines have been assessed under the law, experts said.

While the insurer said it was still determining the number of letters involved, state Insurance Commissioner John Oxendine, whose office is investigating the problem, gave a preliminary estimate of 202,000.

That figure does not equal the number of patients affected, though, because some would have received multiple EOBs if they had visited several medical providers, Oxendine said.

“This is very, very serious,” Oxendine said. A person with knowledge of medicine or billing, for example, could determine if the patient was treated for cancer, HIV or fertility problems, he said.

Blue Cross said the mix-up was caused by a change in the computer system that was not properly tested.

“As soon as we became aware of the mailing error, we worked to determine the exact cause, and we have made changes to prevent it from happening again in the future,” Sanders said.

Blue Cross has 3.1 million Georgia policyholders.

The error occurred statewide and affected both employer and individual health benefit plans. The company has many state employees and schoolteachers as members, as well as large and small corporate customers. Blue Cross declined to identify large employers that it serves.

Blue Cross’ parent company, Indianapolis-based WellPoint, “is committed to protecting the privacy and security of all members’ health information and is working diligently to mitigate any impact which may result from this operational error,” Sanders said.

Oxendine said he ordered the company to provide free credit monitoring for affected patients for one year. Blue Cross also must give written notice to policyholders whose names were on the EOBs and compile a list of names of those who erroneously received the forms.

Blue Cross is in the process of removing all Social Security numbers from such future mailings, Sanders said.

Rhonda Bloschock, a registered nurse in Atlanta, said Monday that she discovered EOB forms from nine other patients in a large envelope she received Friday from Blue Cross.

“This is a serious privacy breach,” Bloschock said. Nurses and other hospital staff “jump through all sorts of hoops protecting people’s privacy,” she said.

Since the passage of HIPAA, health insurers, hospitals, doctors and other medical providers have increased their efforts at protecting the privacy of medical records. And consumers have become more attuned to privacy issues, said Anne Adams, chief privacy officer for Emory Healthcare.

“There is an expectation that their personal information is protected and not used inappropriately,” Adams said.

But with the movement toward keeping health records electronically, there’s more potential for breaches to happen, Adams said.

Joy Pritts, director of Georgetown University’s Center on Medical Record Rights and Privacy, said the push for electronic medical records “should proceed hand in hand with additional privacy and security protections.”


Policyholders who received an incorrect EOB should contact Blue Cross’s dedicated toll-free number at 866-800-8776 between 7 a.m. and 9 p.m. Monday through Friday. Members who may have received an EOB of another individual should return it to Blue Cross. The company will provide a postage-paid envelope.

add to del.icio.usDigg itStumble It!Add to Blinkslistadd to furladd to ma.gnoliaadd to simpyseed the vineTailRank

The Pros and Cons of LifeLock

LifeLock, one of the companies that offers identity-theft protection in the United States, has been taking quite a beating recently. They’re being sued by credit bureaus, competitors and lawyers in several states that are launching class action lawsuits. And the stories in the media … it’s like a piranha feeding frenzy.

There are also a lot of errors and misconceptions. With its aggressive advertising campaign and a CEO who publishes his Social Security number and dares people to steal his identity — Todd Davis, 457-55-5462 — LifeLock is a company that’s easy to hate. But the company’s story has some interesting security lessons, and it’s worth understanding in some detail.

In December 2003, as part of the Fair and Accurate Credit Transactions Act, or Facta (.pdf), credit bureaus were forced to allow you to put a fraud alert on their credit reports, requiring lenders to verify your identity before issuing a credit card in your name. This alert is temporary, and expires after 90 days. Several companies have sprung up — LifeLock, Debix, LoudSiren, TrustedID — that automatically renew these alerts and effectively make them permanent.

This service pisses off the credit bureaus and their financial customers. The reason lenders don’t routinely verify your identity before issuing you credit is that it takes time, costs money and is one more hurdle between you and another credit card. (Buy, buy, buy — it’s the American way.) So in the eyes of credit bureaus, LifeLock’s customers are inferior goods; selling their data isn’t as valuable. LifeLock also opts its customers out of pre-approved credit card offers, further making them less valuable in the eyes of credit bureaus.

And, so began a smear campaign on the part of the credit bureaus. You can read their points of view in this New York Times article, written by a reporter who didn’t do much more than regurgitate their talking points. And the class action lawsuits have piled on, accusing LifeLock of deceptive business practices, fraudulent advertising and so on. The biggest smear is that LifeLock didn’t even protect Todd Davis, and that his identity was allegedly stolen.

It wasn’t. Someone in Texas used Davis’s SSN to get a $500 advance against his paycheck. It worked because the loan operation didn’t check with any of the credit bureaus before approving the loan — perfectly reasonable for an amount this small. The payday-loan operation called Davis to collect, and LifeLock cleared up the problem. His credit report remains spotless.

The Experian credit bureau’s lawsuit basically claims that fraud alerts are only for people who have been victims of identity theft. This seems spurious; the text of the law states that anyone “who asserts a good faith suspicion that the consumer has been or is about to become a victim of fraud or related crime” can request a fraud alert. It seems to me that includes anybody who has ever received one of those notices about their financial details being lost or stolen, which is everybody.

As to deceptive business practices and fraudulent advertising — those just seem like class action lawyers piling on. LifeLock’s aggressive fear-based marketing doesn’t seem any worse than a lot of other similar advertising campaigns. My guess is that the class action lawsuits won’t go anywhere.

In reality, forcing lenders to verify identity before issuing credit is exactly the sort of thing we need to do to fight identity theft. Basically, there are two ways to deal with identity theft: Make personal information harder to steal, and make stolen personal information harder to use. We all know the former doesn’t work, so that leaves the latter. If Congress wanted to solve the problem for real, one of the things it would do is make fraud alerts permanent for everybody. But the credit industry’s lobbyists would never allow that.

LifeLock does a bunch of other clever things. They monitor the national address database, and alert you if your address changes. They look for your credit and debit card numbers on hacker and criminal websites and such, and assist you in getting a new number if they see it. They have a million-dollar service guarantee — for complicated legal reasons, they can’t call it insurance — to help you recover if your identity is ever stolen.

But even with all of this, I am not a LifeLock customer. At $120 a year, it’s just not worth it. You wouldn’t know it from the press attention, but dealing with identity theft has become easier and more routine. Sure, it’s a pervasive problem. The Federal Trade Commission reported that 8.3 million Americans were identity-theft victims in 2005. But that includes things like someone stealing your credit card and using it, something that rarely costs you any money and that LifeLock doesn’t protect against. New account fraud is much less common, affecting 1.8 million Americans per year, or 0.8 percent of the adult population. The FTC hasn’t published detailed numbers for 2006 or 2007, but the rate seems (.pdf) to be declining.

New card fraud is also not very damaging. The median amount of fraud the thief commits is $1,350, but you’re not liable for that. Some spectacularly horrible identity-theft stories notwithstanding, the financial industry is pretty good at quickly cleaning up the mess. The victim’s median out-of-pocket cost for new account fraud is only $40, plus ten hours of grief to clean up the problem. Even assuming your time is worth $100 an hour, LifeLock isn’t worth more than $8 a year.

And it’s hard to get any data on how effective LifeLock really is. They’ve been in business three years and have about a million customers, but most of them have joined up in the last year. They’ve paid out on their service guarantee 113 times, but a lot of those were for things that happened before their customers became customers. (It was easier to pay than argue, I assume.) But they don’t know how often the fraud alerts actually catch an identity thief in the act. My guess is that it’s less than the 0.8 percent fraud rate above.

LifeLock’s business model is based more on the fear of identity theft than the actual risk.

It’s pretty ironic of the credit bureaus to attack LifeLock on its marketing practices, since they know all about profiting from the fear of identity theft. Facta also forced the credit bureaus to give Americans a free credit report once a year upon request. Through deceptive marketing techniques, they’ve turned this requirement into a multimillion-dollar business.

Get LifeLock if you want, or one of its competitors if you prefer. But remember that you can do most of what these companies do yourself. You can put a fraud alert on your own account, but you have to remember to renew it every three months. You can also put a credit freeze on your account, which is more work for the average consumer but more effective if you’re a privacy wonk — and the rules differ by state. And maybe someday Congress will do the right thing and put LifeLock out of business by forcing lenders to verify identity every time they issue credit in someone’s name.

This essay originally appeared in

add to del.icio.usDigg itStumble It!Add to Blinkslistadd to furladd to ma.gnoliaadd to simpyseed the vineTailRank

Thieves Steal Laptop Containing Anheuser-Busch Employee Data

Personal information for current and former employees of Anheuser-Busch Cos. Inc. in several states is missing, the nation’s largest brewer said Friday.

Anheuser-Busch said in a statement that several laptops were recently stolen from one of its office buildings in the St. Louis area, where it has its headquarters.

It said at least one of those laptops contained data on current and former employees, dependents and some people involved in employee assistance programs. All the data was password-protected and encrypted, the company said.

Anheuser-Busch would not say how many people were affected or when exactly the theft occurred. But offices for attorneys general in Missouri, New Hampshire, Texas and Florida confirmed either they or their residents have been notified of the breach.

A letter from Anheuser-Busch to the New Hampshire Department of Justice said at least 2,250 residents in that state were affected.

The letter, which was posted on the New Hampshire’s DOJ Web site, said the data was reported missing in early June and included Social Security numbers, addresses, marital statuses, and dates of birth.

One of the company’s 12 plants is in Merrimack, N.H.

The state of Florida, where Anheuser-Busch has a brewery in Jacksonville, was also notified that some of its residents were affected, said Sandi Copes, a spokeswoman for Florida Attorney General Bill McCollum.

Anheuser-Busch’s home state of Missouri was also notified of the data losses, said John Fougere, a spokesman for Missouri Attorney General Jay Nixon.

Both said they were not sure how many residents were affected.

Anheuser-Busch said there was no evidence the loss resulted in any identity theft crimes, including fraudulent credit card applications. Affected individuals are being notified and offered one year of free credit monitoring.

Data breaches like this are now an everyday occurrence, said Beth Givens, director of the Privacy Rights Clearinghouse, a nonprofit consumer organization based in San Diego, Calif. She said the fact that Anheuser-Busch’s laptops were encrypted was rare, and that makes the breach less of a threat to people.

“It’s obvious that they have adopted strong security practices,” she said.

add to del.icio.usDigg itStumble It!Add to Blinkslistadd to furladd to ma.gnoliaadd to simpyseed the vineTailRank

Feds crack largest U.S. identity theft case

August 6, 2008
Federal authorities said yesterday that they had cracked the largest identity theft case in U.S. history, charging 11 people in the theft of more than 40 million credit and debit card account numbers from computer systems at major retailers such as T.J. Maxx and Barnes & Noble.

The three-year investigation by federal agencies and overseas allies brought home the global nature of the Internet’s underground economy as agents tracked leads from China to Ukraine and picked up suspects in Turkey and Germany as well as the U.S.

Total damages may never be learned, but the Justice Department said the fraud reached at least into the tens of millions of dollars. Many potential victims have yet to be contacted.

“So far as we know, this is the single largest and most complex identity theft case ever charged in this country,” U.S. Attorney General Michael Mukasey said at a news conference in Boston, where he announced indictments handed up by grand juries there and in San Diego.

To the chagrin of the U.S. Secret Service, which handles many electronic fraud investigations, the trail led back to one of its own informants, Albert Gonzalez. Justice Department officials said Gonzalez served as the ringleader and double-crossed the agency by tipping off his cohorts. Prosecutors said Gonzalez could face a life term in prison.

T.J. Maxx especially has become the latest poster child for the identity theft epidemic, an evolving type of fraud estimated to affect 15 million U.S. residents a year at a cost of $50 billion.

“Credit cards are constantly being stolen in different ways,” said Lance James, chief technology officer at the identity theft tracking firm Secure Science Corp. “There will be more surprises to come.”

Besides T.J. Maxx and Barnes & Noble, other retailers that lost data to the hackers were Sports Authority, BJ’s Wholesale Club, OfficeMax, Boston Market, Forever 21, DSW and T.J. Maxx’s sister company, Marshalls.

TJX Cos., which owns TJ Maxx and Marshalls, discovered the security breach in its system in late 2006 and announced it early the next year. Likewise, shoe retailer DSW discovered the breach in 2005, contacted federal law enforcement officials and posted a customer alert on its Website. It contacted credit card companies and hired a computer security firm to investigate the breach, spokeswoman Debbie Mitchell said.

But some other companies weren’t aware that hackers had broken into their databases until day and, therefore, hadn’t notified customers about possible identity losses – as may be required under the laws of California and some other states.

Barnes & Noble “had not received inquiries from credit card companies or customers about these alleged activities,” company spokeswoman Mary Ellen Keating said.

Angela Proctor, spokeswoman for restaurant chain Boston Market, said her company had detected a “potential data compromise” at one location in Florida in late 2004. But an outside audit couldn’t confirm that any data had been compromised, she said, so no notifications were issued.

She said the company was still unsure if customers’ data had been stolen, though the indictments stated that Gonzalez and six others had access there.

Secretary of Homeland Security Michael Chertoff, who was in Silicon Valley to discuss Internet security Tuesday, said that the government would leave it to the companies to warn customers. He said the government lacked the authority to notify consumers.

The break in the case began when a handful of people were arrested in Florida last year, not long after TJ Maxx revealed that it had been hacked. They were caught trying to buy goods at Wal-Mart by using fake credit cards that been encoded with the account numbers and other data lifted from TJ Maxx.

Some began cooperating, and the trail led to such members-only websites as, as well as to Internet chats and Web transactions in the millions of dollars.

Two Chinese nationals – who are among several accused conspirators who remain abroad and at large – were charged with providing the blank credit cards that were encoded with stolen information.

The bigger suspects include Ukrainian Maksym Yastremskiy, accused of selling credit card numbers for more than $10 million, and Aleksandr Suvorov of Estonia, who allegedly supplied Yastremskiy with the numbers and related data.

The two were arrested after they had traveled on vacation to closer U.S. allies Turkey and Germany, respectively. Federal cyber-crime agents have complained privately for years about poor cooperation from most states formerly belonging to or allied with the old Soviet Union.

The Boston indictment charges Gonzalez, who is being held in New York, with computer fraud, wire fraud, aggravated identity theft and conspiracy. Fellow Miami residents Christopher Scott and Damon Patrick Toey were described as participants but not indicted, suggesting that they may be cooperating and expect to plead guilty.

In San Diego, prosecutors charged Yastremskiy, Suvorov, the Chinese nationals and a man known only as Delpiero with trafficking in unauthorized access devices and other offenses. In addition, a criminal complaint filed in San Diego accuses Sergey Pavlovich of Belarus and Dzmitry Burak and Sergey Storchak, both of Ukraine, of conspiracy to traffic in stolen credit card numbers.

Retailers have much to worry about with the loss of sensitive data.

The initial disclosure by TJ Maxx triggered consumer lawsuits and legal fights with the banks that backed the credit and debit cards, forcing the company to set aside more than $100 million to deal with the issue.

The revelation capped years of data loss horror stories emanating from companies, government institutions and elsewhere.

“TJ Maxx is kind of the granddaddy of them all,” said Phil Dunkelberger, chief executive of encryption firm PGP Corp.

Security experts said some of the hacking feats described in the indictments were impressive. Suspects used a virtual private network, Internet security tunnels common at big companies, to funnel the stolen information to encrypted computers in Eastern Europe.

Others were trivial efforts, such as driving on U.S. 1 in Miami and looking for unsecured wireless networks at retailers. They hacked into the wireless systems and installed “sniffers” to record payment card information as it was transmitted within the company.

Retailers have generally improved their security in the last few years, forcing identity thieves to be more resourceful, Dunkelberger said.

More remarkable, experts said, was the mini-United Nations that came together in the enterprise, and the speed with which everyone acted when the data fell into their hands.

“The underground economy is a global economy, and there are hot spots, like China and Eastern Europe,” said Alex Eckelberry, chief executive of security firm Sunbelt Software. “It is a full distribution channel, with people who steal the data, resell the data and use the data.” On Tuesday, TJX Cos. said banks and credit card agencies needed to work closely with retailers to protect customer privacy.

“The sheer number of retailers attacked by these cyber-criminals demonstrates the much broader challenges in protecting sensitive consumer data from this increasing threat,” spokeswoman Sherry Lang said.

TJX has posted a customer alert on its website and on the sites of its retail chains, including TJMaxx and Marshalls, notifying shoppers of the identity theft and providing them with a toll-free number to call for more information.

DSW also has sent notification letters to affected customers whenever possible, spokeswoman Mitchell said. Altogether, about 1.4 million credit cards and electronic data on 96,000 checks were breached, she said.

BJ’s Wholesale Club, OfficeMax and Forever 21 did not return calls seeking comment.

Many companies have been slow to improve security because customers haven’t stopped shopping.

“Consumers, regardless of what they tell surveys, do not take this seriously,” said Evan Shuman, editor of a blog on retail technology, “As long as they do not punish retailers that get breached, how can they cost-justify spending to prevent it?”

add to del.icio.usDigg itStumble It!Add to Blinkslistadd to furladd to ma.gnoliaadd to simpyseed the vineTailRank

Eliot Spitzer’s Call Girl Charged with Identity Theft

NEWARK, N.J. (AP) — A woman has sued the call girl linked to the downfall of New York Gov. Eliot Spitzer, claiming Ashley Dupre used her lost driver’s license to appear on a “Girls Gone Wild” video.

A federal lawsuit filed this month by Amber Arpaio seeks unspecified monetary compensation for defamation and invasion of privacy.

Dupre has said she was only 17 when she signed a contract to appear in the “Girls Gone Wild” video.

The video displays a New Jersey driver’s license in the name of Amber Arpaio and a birth date that would have made her appear to be in her 20s.

Arpaio, 26, of Sussex County, cannot recall where she lost the license and doesn’t know Dupre, although the women have similar faces, said Arpaio’s lawyer, Joseph J. Fell.

“Somehow, Ashley Dupre got ahold of the license and had it for some period of time,” Fell said Thursday.

Arpaio also sued “Girls Gone Wild” founder Joseph Francis.

Lawyers for Francis and Dupre had no immediate comment. Dupre’s publicist did not immediately return a call seeking comment.

Earlier this month, Dupre dropped her own lawsuit against Francis. She had claimed her name and image were exploited.

Dupre made news in March when she was identified as a high-priced call girl in the Emperors Club VIP prostitution ring whose client list included Spitzer, who resigned soon after the scandal broke.

The lawsuit by Arpaio was filed in U.S. District Court in Trenton on July 11 and reported Thursday in The Star-Ledger of Newark.

add to del.icio.usDigg itStumble It!Add to Blinkslistadd to furladd to ma.gnoliaadd to simpyseed the vineTailRank

DMX charged with identity theft

Troubled rapper DMX has been accused of using a false identity to avoid paying hospital medical expenses.

The star — real name Earl Simmons — was charged in Arizona on Tuesday with one count of theft and one count of stealing someone else’s identity.

Authorities claim Simmons gave medical officials the fake name of Troy Jones while receiving treatment for pneumonia at the Mayo Clinic in Scottsdale, Ariz., in April. He also allegedly failed to pay his $7,500 bill.

The indictment is just one of many legal woes the hip-hop star has faced so far this year. In January, he was arrested for allegedly speeding down a Phoenix, Ariz., freeway. In May, he was charged with suspected drug possession and animal cruelty following raids on his Arizona home.

A month later in June the star was arrested for allegedly attempting to buy drugs from an undercover officer, and earlier this month he was taken into police custody for violating his bail terms relating to a previous incident in June of driving without a valid license.
DMX takes his mug shot after latest arrest

add to del.icio.usDigg itStumble It!Add to Blinkslistadd to furladd to ma.gnoliaadd to simpyseed the vineTailRank

Man tells police he is undercover, reveals bizarre case of identity theft

Submitted by Matt C. on Tues, 7/29/2008 – 10:47am. Original article written March 2008.

Wichita Police have arrested a man and a woman after the man walked into a patrol substation and reported that he was an undercover agent who had assumed the identity of someone else.

Sergeant Bruce Watts says the man explained where he was living, so officers later went to the home in the 600 block of South Bluff to check it out. They discovered a very strange situation.

The same man who reported the incident the day before answered the door when the officers knocked. They realized he was living there with his wife. Neither were supposed to be there.

Story sent by Chuck R.

“These people had broken into this house,” says Sergeant Bruce Watts. “They assumed the owner’s identity, got credit cards, hooked up satellite TV, phone service, ordered new flat screen TVs, new laptops, even changed the locks and put up a new mailbox.”

Watts says the man who owns the house has been gone for several months taking care of his sick mother in another town.

Meanwhile, neighbors on the street just thought someone new had moved in.

“These people had invited the neighbors over for dinner,” Watts says. “They thought they were new homeowners or new renters and said that they were pleasant people.

add to del.icio.usDigg itStumble It!Add to Blinkslistadd to furladd to ma.gnoliaadd to simpyseed the vineTailRank

Dear fellow identity theft victims

Submitted by Mari J Frank on Thurs, 7/24/2008 – 12:44am.

Dear Fellow Identity Theft Victims,

You have experienced a tremendous violation! I know how it feels because I lived the “Identity Theft Nightmare” which lasted almost a year, and took 500 hours of my time. I wrote 90 letters (return receipt requested) to the various agencies, and incurred out-of-pocket costs of approximately $10,000. This included my postage, long distance phone calls, travel expenses, additional security systems to my home, (since the woman who had stolen my identity also was stalking me) and many other incidentals. This does not include the $50,000 in credit that she stole in my name from various credit grantors and banks. I was overwhelmed by the ordeal of dealing with the mess of “Identity Fraud Hell.”

As you know, there is very little help for victims, and most police departments do not even prosecute these crimes. (Often, they won’t even take a report.) You must be very persistent, assertive, and savvy about what to do and how to get around the system. I forged my way through the “Jungle” and now have my perfect credit back again, but it was not an easy task!

As a result of my experience, I appeared on several national television shows (ABC, CBS, CNBC and NBC) and many local television shows, and will be featured on 48 Hours as “an expert” (not by choice, but by necessity!) I also was featured in Your Money Magazine, The Congressional Journal, The Los Angeles Times, The Register, and numerous other newspapers and magazines. I agreed to these interviews so I could alert the public of this insidious crime!

As a result of the media exposure, I have received hundreds of phone calls and e-mails from victims across the nation. I was overwhelmed by the calls that I recently received after my appearance on a Los Angeles News Program. This is the fastest growing crime in America with over 500,000 new victims each year.

After hearing the pleas for help for over a year, I as one person could not help the hundreds of victims who literally cried to me for help. My dilemma was – I did not want to charge victims for my time, but I could not help people without supporting my children. I felt that the only answer was to develop a coaching kit that includes the information I learned from the hundreds of hours that I spent in research and repair. I decided I could inexpensively help many more people with this information, the cost of which is less than I would charge for writing one letter.

I hope the information is a great help to everyone..

Mari J Frank

add to del.icio.usDigg itStumble It!Add to Blinkslistadd to furladd to ma.gnoliaadd to simpyseed the vineTailRank

Doctor’s office employee charged with identity theft, stole patient’s social security numbers

Louisville,Ky. (WHAS11) – It’s proof that identify theft can strike at the places where you should feel most safe. Erika Bradford’s facing charges of ID theft after allegedly stealing patient’s social security numbers at the doctor’s office where she worked. Bradford then opened credit cards in the victim’s names.

We’ve all filled them out – new patient forms that ask for your address, your social security number, your birthday and sometimes your spouse’s personal information. You trust your doctor with your life; you’d think you could trust them with that information. But can you trust the doctor’s staff? And what’s being done to make sure your identity’s not stolen during a check-up?

“Do you ever wonder how you’re being protected against identity theft?” WHAS11’s Adrianna Hopkins asked Fred Veatch.

“Usually you feel alright there, at a doctor’s office,” says Veatch.

“No I’ve never given it that much thought to be honest with you,” said another lady.

“They’ve got everything – social security, address, birthdays, insurance… Everything,” says Andreana Mills.

‘But if you had any doubts, what would you do? You know what I mean?” asked Veatch.

Yes! Because most doctors require that information before they treat you. But some offices like Deer Park Family doctors realize just how vulnerable paperwork makes patients.

“This is what we keep in files,” explained Dr. Terry Weiss of Deer Park Family Doctors who showed us a cabinet full of brochures. “We use electronic medical records. We can make sure there are no charts with patient names on it.”

“Who all has access to that database?” asked Hopkins.

“The licensed professionals in the office. We certainly understand people’s concern. Many people don’t want to give their social security numbers because of the ID theft issue. So we give them makeup numbers. We have to give them a number though because everything’s accessed by numbers now,” explained Weiss.

“That’s one way you protect against ID theft… Any other ways?” Hopkins asked.

“Yes, we have raised counters to people can’t see any notes with patient names on them.”

“And you trust everyone in your staff?”

“Absolutely… Absolutely,” said Weiss.

add to del.icio.usDigg itStumble It!Add to Blinkslistadd to furladd to ma.gnoliaadd to simpyseed the vineTailRank

From bad to worse – Laptop , then identity stolen

Submitted by Matt C. on Tues, 7/22/2008 – 10:47am.

I used to work for Boeing in Wichita. Boeing sold the Wichita division and all of the workers, including me, to another company. We still did the same work, but Boeing was just one customer of several.

Nearly a year after the sale, someone at Boeing lost a laptop that had the names, addresses and Social Security numbers of nearly all of the 12,000 Wichita ex-employees on it. They waited an unknown period of time before telling anyone, then another couple of weeks before they offered to pay for credit reporting subscriptions for us. They offered no compensation for people that had been actual identity-theft victims and they wouldn’t pay for identity-theft insurance.

Almost immediately after the laptop went missing, someone used my SSN to apply for credit cards all over the country. The name they used was always close, but not exactly a match to my name/address. They used addresses of those private mail drop places.

Since I’d lived at my house for nearly 20 years at the time, all these bogus addresses made the credit card companies reject the applications, but those rejections showed up on my credit reports and lowered my rating.

The credit bureaus (I had to deal with all three of them separately) couldn’t just remove those rejections; they said that the credit card companies that made the requests had to retract them. The bogus addresses also appeared on my credit report as alternate addresses for me, and I had to convince the credit agencies that I’d never lived in Minneapolis or Boca Raton or wherever.

I spent untold frustrating hours on the phone being transferred from one credit card company customer service representative to the next, listening to crappy on-hold music, often being disconnected, and having to tell my story over and over. It took several months to finally get everything cleared up, and I now have a fraud alert on my credit rating so nobody can request a report without my explicit permission.

That’s really a double-edged sword. I recently tried to open a new bank account and when the bank found out that there was a fraud alert on my account, they assumed that I was a criminal. I eventually went to a different bank, one that didn’t need a credit report to open a checking account. There have also been credit report requests in the last two or three years since the original laptop loss that didn’t originate with anything I’d done. They were rejected, but there’s someone out there that’s still trying.

Like AT&T, Boeing wasn’t particularly apologetic. They insisted that the information “probably hadn’t been compromised,” and they couldn’t explain why someone was running around with the social security numbers of a bunch of people that didn’t even work for Boeing.

add to del.icio.usDigg itStumble It!Add to Blinkslistadd to furladd to ma.gnoliaadd to simpyseed the vineTailRank