Consumers know to be careful about identity theft, but the growth of digital medical records has led to a rise in the theft of medical records.
Dwayne Melancon, chief technology officer at TripWire, says that back in the day, hackers would just keep doing what they usually did: look for credit card and bank information inside medical records.
"But we've seen it evolve to target personal data much more heavily, and that's made medical records a much more attractive target," he says.
And then, they sit on it.
"Someone might have had their information stolen and sold to the highest bidder, and they won't know it's being used for another year, or two years, or three years," says Peter Robichau, an expert on health care information and security and author of "Healthcare Information Privacy and Security: Regulatory Compliance and Data Security in the Age of Electronic Health Records."
That's in contrast to what happens when a credit card number is stolen and used, since you often find out within seconds. Then there's the dark side of the whole question of medical data privacy concerning predictive consumer scores.
Frank Pasquale, a law professor at the University of Maryland, says data collected by devices and apps — and perhaps data stolen and resold — could end up in these scores, which, like credit scores, predict things companies might want to know about you.
"Their proclivity to commit fraud, their medication adherence score, their likely spend on healthcare score," Pasquale says.
These companies don't disclose how they calculate the score in this largely unregulated industry, Pasquale says, because they say it's a trade secret.
"They can say, 'look, we're not gonna tell anybody what's in there,'" he says.