October 14, 2017 | Amy Wood

It’s really bad.  Worse yet, you are on your own when it comes to protecting your identity.

Credit Bureaus (Equifax, Experian and Transunion) have a monopoly on your financial credit worthiness and Equifax just compromised your information.

Credit bureaus assign a score based on your risk factors that they sell to banks who can then decide to charge you higher interest fees on loans and mortgages based on those scores.  There is little incentive for a credit bureau or a bank for you to have a great score, since the bank makes money on higher interest fees for loans or credit cards and the bureaus get paid for the scores by those banks.

The problem here is that the credit bureaus house tons of data on American citizens to create these scores and there is little oversight in how they are required to protect it.

According to the New York Times, “The bureaus each have files on roughly 200 million Americans. And consumers have little choice, since banks and other companies hand over financial information and other data directly to the bureaus. The industry has been marred by complaints of mistakes on credits reports and difficulties in fixing them.”

How did this happen?  A known security vulnerability in a program called Adobe Struts, which allows servers to use Java for web applications, was discovered by researchers in March of this year.  Those same researchers provided a free patch for people to utilize in protecting their systems, which, apparently Equifax disregarded.  In May hackers utilized this vulnerability and caused the data breach.  A week later, several executives at Equifax sold off massive amounts of stock in Equifax.  It’s now September and we are now being notified.  First attempts to offer credit monitoring came with a waiver to not participate in any class-action lawsuits against Equifax and don’t include any credit freeze from Transunion or Experian.

Given all this information, it’s not surprising that there is public outcry.  These entities have all this data on us and we have no say in how it should be protected, shared or used.

Your patients feel the same way.  Sometimes I can be the crazy HIPAA lady, but when something like this happens, it all comes back to something that was easily preventable.  Anthem Blue Cross, Sony, Equifax.  They all have one thing in common — they had minimal cost invested in proactive security and cybersecurity and shortly after making that budget decision had a major security incident.  Don’t add your practice to the dramatically growing list of businesses that experience a data breach.

Also keep in mind that your patients may have identity compromise or theft issues that may effect their ability to pay or get approved for a Care Credit type payment solution.


Back to you and your identity.  How do you protect yourself?

You can put a credit freeze on your identity with each of the three credit bureaus.  At this time Equifax is doing it for free, but expect to pay for Transunion and Experian.  Remember, one bureau alone will not protect you.  The thieves got information that can be used anywhere for identity theft and unless you have a freeze across the board, anyone can open a new account in your name.

Monitor your credit frequently.  The government requires a free report from the three bureaus once per year, but I highly recommend subscribing to a service with alerts if anything new pops up.  The faster you address a new account, the faster you can shut it down.

Ironically, when I checked my credit score this month, my Transunion and Experian scores were the same, but my Equifax score dropped 28 points with no changes to my report.  Perhaps another sneaky way to make money since Equifax is looking at many, many lawsuits?  Hmm….

Arevtech partners with experts such as Amy Wood for all compliance needs including education, administration, and breach mitigation. Amy can be reached at www.acsdt.com