By TOM MURPHY and BRANDON BAILEY AP Business Writers

Those seemingly harmless medical forms everyone fills out before seeing a doctor can lead to identity theft if they get into the wrong hands.

Names, birthdates and - more importantly - Social Security numbers can help hackers open fake credit lines, file false tax returns and create false medical records. And health care businesses can lag far behind banks, credit card companies and retailers in protecting such sensitive information.

"It's an entire profile of who you are," said Cynthia Larose, chair of the privacy and security practice at the law firm Mintz Levin in Boston. "It essentially allows someone to become you."

The danger of cyberattacks was highlighted last week when Anthem, the nation's second-largest health insurer, said hackers broke into a database storing information on 80 million people. That hack led to a particularly valuable trove of data because it exposed Social Security numbers, a key to a range of identity thefts.

Those numbers were created to track the earnings history of workers in order to determine Social Security benefits. Now, health care companies are, in some cases, required to collect the numbers by government agencies.

They also use them because they are unique to every individual and more common than other forms of identification like driver's licenses, said Dr. Ross Koppel, a University of Pennsylvania professor who researches health care information technology.

But the protection health care companies have for that information can be lax compared with other industries. In fact, the FBI warned health care companies a year ago that their industry was not doing enough to resist cyberattacks, especially compared with companies in the financial and retail sectors, according to Christopher Budd at the security software company Trend Micro. He said the warning came in a government bulletin to U.S. companies that cited research by a nonprofit security institute.

Avivah Litan, a cybersecurity analyst at the research firm Gartner, estimates that the health care industry is generally about 10 years behind the financial services sector in terms of protecting consumer information. She figures that it may be twice as easy for hackers to get sensitive financial information out of a health care company compared with a financial services business.

Litan, who studies fraud-detection technology, says she sees gaps in several areas of spending on cybersecurity for health care companies. Banks, she said, are much more likely to use advanced statistical models and behavior analytics programs that can spot when someone's credit card use suddenly spikes. That's a sign of possible fraud that may be worth investigating.

Go here to read the rest:

Health care records make fertile field for cyber crime - Quincy Herald-Whig | Illinois & Missouri News, Sports