From Blount Memorial Hospital

Identity theft is the fastest-growing type of theft in the United States, with an estimated 9.9 million victims. And not only are thieves stealing your personal information to spend your money, but also to receive services such as medical care.

For the last few years, Blount Memorial Hospital has been taking steps toward making it more difficult for others to use your identity and personal information at its facility. In 2007, the hospital began by asking for copies of patients' photo identifications, attaching them to medical records as a courtesy for the patients.

A short time later in November 2007, the Federal Trade Commission (FTC) issued a regulation called the “Red Flags Rules,” which requires certain entities (including some health care providers) to develop, write and implement identity theft detection and prevention programs to protect their consumers. The rules were scheduled to be enforced on Nov. 1, 2008, but the FTC has delayed the enforcement date until June 1.
Implement despite delay

Blount Memorial patient access manager Jama Hurst said that although there was a delay from the FTC, Blount Memorial began implementing a plan in November 2008 to stop identity theft in the hospital. As part of this plan, cameras were installed at different points of check-in in the hospital and at off site facilities.

“There are at least eight cameras located in the hospital and off-site, and cameras are still being distributed today,” Hurst said. “Patients are asked for a photo ID, and if it's not available, they will be asked to let us take their photo.”

Hurst said hospital staff would ask for photo IDs when patients check in at the hospital. And what happens if you refuse? “You may be asked to provide additional documentation,” Hurst explained. “Its truly for them. This is how we protect them.”
Patients receptive

Hurst said a photo permission section was added to the patient consent form, and patients have been “very receptive” to the change. “I think they are very pleased to know that their hospital and community are taking an active initiative in protecting them from identity theft.”

Hurst said she has seen a decline in identity theft at Blount Memorial, and recalled an incident in 2009 of “shared identity” theft. She said a patient provided personal and insurance information, and an employee noticed the photo on file did not match the patient, as it belonged to the patient's sibling.

“The patient access team has played a vital role with theft identification, making all the facility's efforts executable,” she said. “They have had a great attitude about the project, and they want to provide the best protection for their customers.”
Prepare before arriving

To help the hospital protect you from identity theft, Hurst said to make sure you have your photo ID ready to use when you arrive at the hospital. She said to make sure you shred any documents that list any personal or insurance information. She also said to pay attention to your statements and insurance explanation of benefits (EOBs). “If you receive something regarding services you did not receive, call and ask questions. The biggest mistake is to think it's an error and ignore it,” Hurst said.

Steele said to contact the hospital if you see something on a medical statement that you don't recognize. He said hospital staff will begin investigating your concerns and refer you to law enforcement if necessary.
Take precautions

Headrick said thieves are looking for your name, address, date of birth, social security number, driver's license number, and credit card or ATM numbers. One way thieves get this information is through “Dumpster diving” to find your personal information.

“Be careful about what you put in the trash,” Headrick said. “Once it hits the street corners, folks, it's public domain. Make sure you shred your documents.”

He also said not to carry your social security number in your wallet — either memorize it or lock it up.

Headrick also reiterated that you should always pay close attention to your statements and bills, and to check your credit report. “A lot of time, people don't even realize that they've become a victim for a month or several months.”

Headrick also described online scams, such as thieves that try to gain access to your hard drive remotely over the Internet, and a “phishing” scam, in which you get an e-mail that asks for personal information for an organization you may recognize. Headrick said not to respond to the e-mail nor provide any personal information. He said to password-protect your computer, install firewall and virus protection software, and make sure you are dealing with a reputable company when shopping online.

“If something doesn't sound right, stop, verify, and follow up or call the sheriff's office,” Headrick said.

Read more: http://www.thedailytimes.com/article/20100503/NEWS/305039987/-1/News

By Amanda Kerr

YORK — A strange case of identity theft went haywire when a 26-year-old was arrested under the name of an acquaintance from years ago.

York Sheriff’s deputies stopped the man April 11 while driving on the Colonial Parkway for a DUI-related hit-and-run near Yorktown.

He gave deputies an expired military ID that represented him as Jonathan Siebel. He was booked at the Virginia Peninsula Regional Jail on a variety of charges including felony hit-and-run and eluding law enforcement.

It took 24 hours for deputies to realize Siebel was actually Edward Lee Steidley, based on his fingerprints. By that time warrants had been filed in Siebel’s name as the case was entered into jail, court and the sheriff databases.

York Deputy Mike Russell said the arresting deputy filed new warrants April 12 under the correct name as soon as he was notified of the clarification. The new warrants included an additional charge of identity fraud.

More than two weeks later, the real Jonathan Siebel was delivering his postal route one day when his postmaster at the Monticello Post Office inquired why his name showed up in the Gazette’s Police Blotter with a slew of charges.

An arrest report provided to media on April 22 by the Sheriff’s Office still listed Siebel as having been arrested on April 11.

Siebel, 25, was shocked by the call from his boss. He said a deputy had visited his home a week earlier when he was away and they didn’t connect.

“I am a little disappointed I didn’t hear about this sooner,” Siebel said in an interview Thursday. “I am kind of mad with the system. I would think they would have something to prevent something of this magnitude from happening like this.”

Siebel said that the ID Steidley used was a military card that expired in 2003. More baffling was a photo of Siebel superimposed on the ID that was taken 10 years ago when he was 15.

“How could you mistake a 26-year-old man for a 15-year-old boy’s photo?”

Siebel and Steidley knew each in high school. Apparently Steidley told deputies that Siebel gave him the ID. Siebel denies that, saying he lost his wallet several years ago. “I have no idea how he got the ID,” Siebel said.

Siebel worries that the mix-up has put his job in jeopardy and damaged his reputation with friends, family, co-workers and mail customers.

“It’s embarrassing,” he said. “It makes me look like I’m a bad person when I’m not doing anything wrong. When they knew that wasn’t me who was arrested it shouldn’t have gone any further.”

York commonwealth attorney Eileen Addison said, “We’ve seen this kind of thing before,” noting that in most cases someone uses a relative’s name. “We’ve had them go through the whole [legal] system using someone else’s ID.”

Separating a defendant’s real name from the false name can be difficult.

“When someone uses another person’s ID in an arrest, the biggest problem is that the fraudulent name becomes an alias,” Addison said. “If you ever run a criminal history, both names come up.”

Addison said that Steidley has a lengthy criminal history and that there is some concern he may have poached Siebel’s name with crimes elsewhere. “We’ll do whatever we can to help him get it straight,” she said.

Read more: http://vagazette.com/articles/2010/05/05/news/doc4bdb4d61d6c11599283004.txt

Liau Yun Qing, ZDNet Asia on April 27th, 2010

Users of social networking sites are making it easy for cybercriminals looking to steal identities for financial gains, according to security experts.

In an e-mail interview with ZDNet Asia, Ang Chye Hin, director of sales for SonicWall Asean, pointed out that committing identity theft is "almost effortless" as users often naively post seemingly harmless pieces of personal information on their social networking profiles, such as their full names, birthdates, addresses, phone numbers and names of relatives.

When these information are pieced together, identity theft is as easy as creating a fake profile on one of these social networking sites, Ang said.

Vincent Goh, managing director for RSA Southeast Asia, noted that social networking sites appeal to online criminals because of their global reach and the participation of hundreds of millions of active users.

He said in an e-mail that 20 percent of online attacks are now targeted at social networking sites, and cybercriminals are continually finding new ways of attacking even with the ever changing technology.

Malicious hackers apply methods such as social engineering, phishing and planting malware in third-party applications as new ways to steal user identities.

In her report titled "To Facebook or Not to Facebook", Chenxi Wang, principal analyst at Forrester, described the popular social networking site as "a perfect social engineering backdrop for targeted attacks". Wang noted that account hijacking that leads to phishing and malware distribution is Facebook's biggest problem.

Using the hijacked account, cybercriminals are able to use "blatant social engineering tactics" by crafting their messages based on information shared by other users on social networking sites. The messages are then used in phishing and malware distribution campaigns.

Apart from social engineering attacks, cybercriminals are also using sophisticated phishing technologies.

Goh said cybercriminals have resorted to replicating the design of legitimate Web sites and misleading users to reveal their personal details on the fake Web site.

Lack of apps testing
Less than rigid testing of third-party applications can also open up security holes.

Ronnie Ng, senior manager of systems engineering at Symantec Singapore, noted that social networking sites are now providing third-party developers access to their API (application programming interface), in efforts to provide more integration and better user experience. However, some developers do not run comprehensive tests for their third-party apps, Ng told ZDNet Asia in an e-mail.

Cybercriminals are likely to identify vulnerabilities in such applications and plant malware and tracking bots to steal users' identities. They will then use the stolen information for financial gain or to launch future attacks, he said.

But while cybercriminals are becoming more advanced in their attacks, the significance of identity theft is not reflected by law enforcement, where a CNN report in March quoted the U.S. Justice Department Inspector General to say identity theft initiatives have "to some degree...faded as priorities".

Top five tips to protect online identity
So users themselves need to be vigilant about protecting their online identities. Security experts highlighted five ways users can better safeguard their personal data:

1. Limit information posted on Internet.
Avoid revealing information such as birthdates, addresses and names of relatives, that will make identity theft easy for cybercriminals.

Ng said users need to be aware of the amount of personal data they post on the Internet as these can be used in malicious activities such as phishing scams or e-mail harvesting.

2. Be discerning about accepting strangers into your online network.
Goh noted that social networking sites are vulnerable to phishing attacks because strangers who are accepted into a user's network might be phishers.

Ang added that users should restrict access to their profiles. They should only allow people they actually know to access their profiles and not accept friend requests from strangers and unknown users.

3. Keep antivirus software updated.
Cybercriminals are now equipped with sophisticated tools that are able to infiltrate computers, said Goh. Therefore, users must stay vigilant and have proper antivirus software and firewalls.

Ng added that users must ensure their computers are updated with all necessary security patches from their operating system vendors.

4. Be familiar with the site's privacy policy.
"Familiarize yourself with the [social networking site's] privacy policy, especially if you are asked to provide confidential and personal data," Ng said.

Recently, users of Facebook expressed their frustration when the social networking site changed its privacy policy to allow third-party sites to access user data without users' prior permission. In a ZDNet Asia report, a lawyer cautioned businesses against working with companies that make frequent changes to their privacy policies.

5. Be aware of personal computer safety.
Ng advised against storing online account credentials with the "Remember Password" feature offered by Web browsers.

Ang added that users must be more thorough about scanning all files that enter and leave their PCs. "Scan 100 percent of your data, there should be no exception," he said, noting that some users cite issues such as complexity, inadequate infrastructure, and lack of time and skills as reasons for selectively scanning or not scanning files at all.

Read more: http://www.zdnetasia.com/identity-theft-almost-effortless-in-social-networks-62062905.htm

BY Stephanie Gaskell
DAILY NEWS STAFF WRITER

Pay it forward.

That's what a group of veterans is doing with a $20 million class-action settlement from the Department of Veterans Affairs over a massive identity-theft suit.

They're donating about $13 million to the Intrepid Fallen Heroes Fund and the Fisher House Foundation, two New York-based charities that help families of fallen and wounded troops.

"When I first heard about it, it just really knocked me down. It's indicative of the kind of men and women they are," said Fisher House CEO Ken Fisher.

About 20 million veterans sued the VA after an employee's laptop with their personal information was stolen in 2006. The vets argued that the VA didn't do enough to protect them after discovering the sensitive data was missing.

"The veterans are very glad to have done this. These two are the most substantial organizations around," said plaintiff John Rowan, a 64-year-old Air Force veteran from Middle Village, Queens. "But the bottom line is, we had to make sure the VA doesn't do this again."

The Intrepid Fallen Heroes Fund raises money for families of soldiers killed in combat. It also helped build the renowned Brooke Army Medical Center in San Antonio and the soon-to-be opened National Intrepid Center for Excellence, a traumatic brain injury hospital in Bethesda, Md.

There are 45 Fisher Houses across the country, located next to VA hospitals to give families of wounded soldiers a place to stay while they're being treated.

"It's just an incredible gift," said Chairman Arnold Fisher, whose uncle, Zachary, founded the organization in 1991. "Veterans have been forgotten about by many people of this country. They're the ones who deserve the credit."

Read more: http://www.nydailynews.com/news/2010/04/27/2010-04-27_vets_use_settlement_millions_to_help_vets.html

WOBURN -- A 39-year-old Lowell woman will spend the next two years in state prison after pleading guilty to 66 offenses involving credit-card fraud, larceny and identity-theft crimes that targeted dozens of doctors across the country.

Desiree Gordon pleaded guilty in Middlesex Superior Court last week to two counts of forgery, 21 counts of credit-card fraud, 15 counts of larceny over $250, six counts of larceny under $250 and 22 counts of identity fraud.

Judge Howard Whitehead sentenced Gordon to two years in state prison, followed by 10 years probation. She was also ordered to pay about $14,000 in restitution, as well as an amount yet to be determined to the victims, who had to repair their damaged credit histories.

Prosecutors allege that in December 2008, State Police assigned to the Financial Crimes Task Force received a report of possible fraud being committed through the use of a post-office box in Lowell.

A doctor from Pennsylvania told police she discovered that her personal information, including name, birth date and Social Security number, had been compromised and used to obtain a credit card that was sent to that post-office box.

U.S. Postal Service inspectors learned the box was rented by Gordon, who had provided her driver's license number when she rented the box. Investigators discovered that additional credit cards in other victims' names were sent to the P.O. box, as well as to the defendant's home address.

A review of the account activity of the stolen credit cards revealed numerous charges that could be traced to Gordon. A review of Gordon's employment revealed that she has access to a large database of health-care professionals that contained their personal information.

Gordon used 33 different identities to steal credit cards, with many of the victims being doctors from all over the United States.

A search warrant obtained for Gordon's home in Lowell turned up numerous credit cards, as well as papers from the victims' unauthorized bank accounts and copies of forged checks in two of the victims' names.

Read more:
http://www.lowellsun.com/ci_14912831?source=rss

IRS: Top 10 things to know about identity theft

Criminals use many methods to steal personal information from taxpayers. They can use your information to steal your identity and file a tax return in order to receive a refund. Here are 10 things about identity theft to help avoid becoming a victim.

1. Identity thieves get your personal information by many different means, including stealing a wallet or purse or accessing information you provide to an unsecured Internet site. They even look for personal information in your trash. They also pose as someone who needs information through a phone call or e-mail.

2. The IRS does not initiate contact with a taxpayer by e-mail.

3. If you receive an e-mail scam, forward it to the IRS at phishing@irs.gov.

4. If you receive a letter from the IRS leading you to believe your identity has been stolen, respond immediately to the IRS notice.

5. Your identity may be stolen if a letter from the IRS indicates more than one tax return was filed for you or the letter states you received wages from an employer you don’t know.

6. If your Social Security number is stolen, it may be used by another individual to get a job. That person’s employer would report income earned to the IRS using your Social Security number, making it appear that you did not report all of your income.

7. If your tax records are not currently affected by identity theft, but you believe you may be at risk due to a lost wallet, questionable credit card activity, or credit report, you need to provide the IRS with proof of your identity. You should submit a copy of your valid government-issued identification - such as a Social Security card, driver’s license, or passport - along with a copy of a police report and/or a completed Form 14039, IRS Identity Theft Affidavit.

8. Show your Social Security card to your employer when you start a job or to your financial institution for tax reporting purposes. Do not routinely carry your card or other documents that display your SSN.

9. If you have previously been in contact with the IRS and have not achieved a resolution, contact the IRS Identity Protection Specialized Unit, toll-free at 1-800-908-4490.

10. For more information about identity theft - including information about how to report identity theft, phishing and related fraudulent activity - visit the IRS Identity Theft Resource Page, which you can find by typing “Identity Theft” in the search box on the IRS.gov home page.

HARLAN -- A 21-year-old Denison woman faces a felony identity theft charge for allegedly using another individual’s identity to gain employment in Shelby County.

Elvira Gemina Ramos is charged with identity theft, and faces up to five years in jail, with an additional $5,000 fine, if convicted in Shelby County District Court.

According to court documents, Ramos is accused of obtaining a benefit fraudulently, obtain identification information of another person and uses or attempts to use that information to obtain credit, property of services with/without the authorization of that other person, and the value of the benefit exceeds $1,000.

Ramos allegedly and knowingly collected wages in excess of $1,000 under an identity that was not hers, documents said. She allegedly used the name and social security number belonging to Jesenia Anni Martinez. Ramos provided a Missouri driver’s license and social security card that both displayed the name of Martinez, to Shelby County Cookers in Harlan in order to obtain employment.

The incident was alleged to have occured on February 24, 2010.

Read more:
http://harlanonline.com/articles/2010/04/16/news/doc4bc33f9f20023378957565.txt

Published/Last Modified on Wednesday, April 7, 2010 3:06 PM MDT

U.S. Customs and Border Protection officers stopped an identity theft when they arrested a man who was attempting to make entry into the United States by using someone else’s identity.

*
On March 18th at about 5 p.m., CBP Officers became suspicious of a man who was attempting to make entry into the United States. The man was identified as a 43-year-old Mexican national from Michoacan, Mexico. Further interview by CBP officers revealed that the man had acquired valid legal documents that belonged to a legitimate traveler and was pretending to be that person.

“Identity theft is a very serious crime,” Said Michael Humphries Area Port Director for the Douglas/Naco Ports of Entry “the potential for the criminal element to use this ploy to gain entry into the U.S. undetected is very strong. CBP officers receive special training in the detection and recognition of fraudulent documents. Customs and Border Protection remains committed in securing our nation’s borders.”

CBP Officers arrested the man and took him before a Federal Magistrate for prosecution proceedings.

In the month of March, CBP officers stopped 41 additional cases of identity theft by individuals who were attempting to make entry into the United States by stealing the identity of legitimate travelers.

A criminal complaint is simply the method by which a person is charged with criminal activity and raises no inference of guilt. An individual is presumed innocent until competent evidence is presented to a jury that establishes guilt beyond a reasonable doubt

http://douglasdispatch.com/articles/2010/04/17/news/doc4bbbba5bb931b072139371.txt

By Nicole Lewis
InformationWeek

Acceleration in the use of electronic medical records may lead to an increase in personal health information theft, according to a new study that shows there were more than 275,000 cases of medical information theft in the U.S. last year.

Unlike stealing a driver's license or a credit card, data gleaned from personal health records provides a wealth of information that helps criminals commit multiple crimes, according to Javelin Strategy & Research, a Pleasanton, California-based market research firm.

Information such as social security numbers, addresses, medical insurance numbers, past illnesses, and sometimes credit card numbers, can help criminals commit several types of fraud. These may include: making payments from stolen credit card numbers and ordering and reselling medical equipment by using stolen medical insurance numbers.

A key finding from the report is that fraud resulting from exposure of health data has risen from 3% in 2008 to 7% in 2009, a 112% increase.

"There's more Identity fraud of any kind being generated from exposure to health records which [have] particularly sensitive information," said James Van Dyke, president of Javelin Strategy & Research.

Van Dyke's prediction is that as medical providers increase their use of electronic medical records, the incidents of fraud will increase.

"We think medical providers aren't up to the task. They won't have security best practices in place to match the incidents of fraud, and we think theft of personal health information is going to get worse," Van Dyke said.

The study also found that there's a big difference between the misuse of data obtained through medical records, compared to other types of identity theft. For example, on average, criminals use information from medical records to commit fraud for 320 days as opposed to 81 days of misuse of information from other types of identity theft.

Additionally, it takes more than twice the time to detect medical information fraud and the average cost is $12,100, more than twice the cost for other types of identity theft.

http://www.informationweek.com/news/healthcare/security-privacy/showArticle.jhtml?articleID=224200494

Thinking about global crime fighters may conjure images of Batman, Superman, or Spiderman.

But one UI Ph.D. student is putting a new face on crushing bad guys across the world.

Peter Likarish, a fourth-year graduate student in the computer-science department, is working to develop a Firefox plug-in that would tell people when they are entering possible phishing sites, which take users’ personal information illegally.

“This is affecting more and more people,” he said.

Identity theft is becoming an increasing problem, especially with the rise of digital technology, said Emory Lundberg, the senior security analyst for the UI Information Technology Services.

“It’s a global problem,” he said.

And the problem is prevalent locally, too.

Iowa City has seen an increasing number of identity-theft reports, said Iowa City police Sgt. Mike Lord, and officers respond to several cases of varying severity each day.

Traditionally, people have stolen identities in paper form, such as mailing envelopes or disposed checks. But cases involving electronics are growing.

Likarish said he hopes his program will fill loopholes left by Internet browsers. The browsers, such as Internet Explorer or Firefox, create blacklists of websites known for phishing. If a user visits one of these sites, he or she receives an alert that contains suspicious information.

But Internet surfers are still vulnerable to new phishing sites that have yet to be blacklisted by browsers, a problem Likarish is trying to solve.

Once finished, users will be able to download the new technology installed as a toolbar. The program will analyze each site’s user visits and break down the content to determine the likelihood of it being a phishing site.

“This is a way to complement the black list technology,” Likarish said.

He hopes his program can be released on a large-scale by January 2010.

A universitywide e-mail sent on Sept. 28 helped inform students and employees about the dangers of phishing, but Lundberg said keeping everyone safe online is difficult.

“Some phishing attacks are very specific and targeted,” he said. “You can never stop all attempts by an automatic filter.”

Greg Bal, the supervising attorney for Student Legal Services, said three or four students come to him each year with identity-theft concerns.

And though it is difficult to describe a “typical” case of identity theft, he said, his office makes sure students know who to communicate with to solve the problem efficiently. This may mean referring students to their bank or local law enforcement agency.

Likarish said even the most tech-savvy people can find themselves victims to online identity theft.

“It’s not just people who are computer illiterate,” he said. “They also attack the most successful computer users.”

Article form: http://www.dailyiowan.com/2009/10/15/Metro/13653.html