NEW HYDE PARK, N.Y. (WABC) --Tens of thousands of patients of NRAD Medical Associates recently received a letter warning them an employee had stolen their personal information.
"If they know what's going on, tell us what's going on so we can evaluate the risk we're under," said one victim who was so concerned about her privacy that she would only comment anonymously by phone.
According to NRAD, one of its employee radiologists accessed and acquired data belonging to 97,000 patients, including their names, addresses, Social Security numbers, diagnosis codes and insurance information.
"The employee's misconduct," a spokesman said in a statement, "was reported by NRAD to the appropriate authorities and he is no longer employed at the practice."
NRAD is one of the area's largest radiology groups with 18 locations and thousands of patients. It is based in New Hyde Park, N.Y.
Data security expert Aaron Ross said the breach is especially bad news for consumers and not just because of potential for identity theft. The medical identity theft could be much worse, he said.
"You can't find it on your credit report, so you don't even know it's happening and there are warning signs to look out for," he said. "Typically, you get a letter from your insurance company, 'this is not a bill' (and) you thorw it in the garbage. It could say 'hey, you have a new family member.'"
The victim said she is a privacy blogger at databreaches.net. She said she's glad she took her own advice about information she reveals at doctors' offices.
"Every doctor's office I walk into, they ask for my Social Security number. I don't give it to them," she said. "I don't have to, they don't need it. Why are they collecting it? Why are they storing it?"
MORE ON MEDICAL IDENTITY THEFT (courtesy of Ross Backup)What Is it?
Medical Identity Theft is having your medical information used without authorization or for illegal or fraudulent purposes.
The Warning Signs
1. Receiving a bill for medical services from a doctor or hospital you have never used.
2. Receiving Bills in other peoples names.
3. Receiving collection calls for payments on medical accounts that are not yours.
4. Receiving a change of address notification from your insurance provider.
5. Medical insurance is inexplicably denied.
6. You receive notification from a hospital or doctor that your private medical information was compromised.
What to do
1. Request a copy of your prescription or medical claims history by calling your insurance provider and review it carefully.
2. Contact your provider immediately if any information is inaccurate or if there are unknown claims listed.
3. Make sure you are the only one receiving any medical information.
4. Request an accounting of disclosures of protected health information from all your doctors.