Emphasizing Identity Theft Prevention for Businesses and Consumers
We have many special occasions that remind us of the importance of staying safe online. Data Privacy Day on January 28. Cybersecurity Awareness Month in October. Computer Security Day on November 30.
Today, April 13, 2021, the burgeoning need for responsible identity management is being spotlighted with the introduction of Identity Management Day 2021. And not a moment too soon!
The Scope of Identity Theft
Identity theft costs the U.S. billions of dollars annually. In 2019 alone, the cost of identity theft was nearly $17 billion. And the FTC has reported almost double the volume of cases in the first nine months of 2020.
The Identity Defined Security Alliance (IDSA) website offers excellent resources all year long to aid in understanding the scope of the identity theft problem and actions that can be taken to prevent identify theft.
- Among the data available, 79% of organizations have experienced an identity-related security breach in the past two years.
- Even more disturbing, almost all (99%) believe those identity-related breaches were preventable.
- And 81% of IT professionals say the number of identities in their organizations has at least doubled over the past decade. This seriously expands the risk and potential attack surface.
Now, thanks to the pandemic, there’s a new target for identity theft. And cybercriminals have already begun to exploit it.
Newest ID Card: Vaccination Record
The newest, virtually universal identity theft target is the COVID-19 Vaccination Card.
It may have a slightly different appearance and slightly different data fields from facility to facility and country to country. However, the essential data is the same, and the value and importance of the card is high.
The millions of Americans who have already been vaccinated possess these simple 3”x4” paperboard cards that contain private information about them. Name, birthdate, and dose information are eye-readable. Most cards also display a small, scannable QR code that provides additional personal information in electronic form.
These paper COVID-19 Vaccination Cards contain personally identifiable information (PII), personal health information (PHI), and electronic personal health information (ePHI)—three categories of data that are considered highly sensitive by various regulatory agencies. As such, they warrant serious security safeguards and preservation measures.
If these cards were maintained by your healthcare provider, they would be governed by HIPAA and HITECH healthcare regulations that would make their security and privacy mandatory. Instead, each individual is responsible for his or her own vaccination card.
As the nation continues to return to normalcy, no doubt there will be situations requiring individuals to display their cards for scanning or other scrutiny. Examples might include boarding cruise ships and airplanes, attending certain events, entering hospitals, receiving certain healthcare services, and similar scenarios. All the more reason to secure and preserve these cards using sound identity management principles.
Best Practices for Maintaining Vaccination Cards
The Centers for Disease Control, Federal Trade Commission, Better Business Bureau, and others have provided sound guidance for maintaining, preserving, and securing these vaccination cards.
In recognition of Identity Management Day 2021 and the high importance of identity theft prevention, following is a summary of that guidance for consumers.
- Make a photocopy of your card as a backup and store it in a safe place. Or, take a picture with your phone, or use a scanner to create a digital copy and send it to your computer. Be sure to capture both sides of the card.
- Laminating the cards may damage them, make the electronic code difficult to scan, or prevent the card from being updated (for example, with subsequent doses). Because of the heat used during lamination, inks may blur or bleed over time, rendering the card difficult to read.
- Instead, slip the card into a waterproof plastic pocket or sleeve that can accommodate the 3-inch by 4-inch card. (Think of conference badge holders on lanyards.) Plastic holders are available from office supply stores and online sources.
- Store your plastic-protected card away from direct sunlight, dampness, and places that may experience strong temperature changes.
- Don’t hang it from your rearview mirror or otherwise display it publicly.
- Do not post your card on social media unless you cover the personal information and QR code to prevent identity theft.
For businesses who seek to improve their overall security safeguards, reduce risk, and prevent cybersecurity breaches including identify theft, a regular security risk assessment is the place to begin. This step is a must for healthcare organizations and healthcare providers.
Identity Management Day 2021 is hosted by the Identity Defined Security Alliance (IDSA) with the support of IDSA member companies and the National Cyber Security Alliance (NCSA).
To learn more about the risks of identity theft and identity fraud and how to address them, visit the IDSA website for tools and resources and sign up for their informative newsletter. For more general cybersecurity resources on all aspects of the industries at large, you can visit our newsletter as well!
24By7Security is an official Champion of Identity Management Day 2021. We stand proudly with all of the organizations and individuals who have become Champions of this important and urgent cause.