Over on AVG Blogs, Roger Thompson blogged about what happened when he was traveling and his credit card was declined because he hadn’t alerted his bank he’d be traveling. In order to get his card un-suspended, he had to answer some security questions for the bank’s Fraud department. And that’s when it got scary. Roger writes:
Ok, so that’s a pain, but at least they’re looking out for me, so I answered all the questions… “Last four of social, please”… “What accounts do you have with us?”… “Mother’s maiden name?” etc.
Here’s the scary bit… The guy says, “And now, sir, just a couple more questions, please. This is from publically available information. What age-range would best describe this person?”, and he proceeded to ask me about my _daughter-in-law_…. Using her maiden name, and she’s been married for nine years!!!!!
Now I answered the question correctly, and they un-suspended the card. I paid the bill, and headed for the airport.
I had one question thundering through my mind.
How did the bank associate me with her??????????????????????
I _refuse_ to believe it was “publically available information”.
We have no connection on _any_ bank accounts, or legal documents.
She hasn’t used her maiden name for nine years. I’d have been less suspicious if they’d asked me about her married name.
She’s _not_ a big computer user.
The _only_ place we connect as far as I’m _aware_ is that she’s a friend on Facebook!!!!!!!!!!
Now, I’m not accusing Facebook of _anything_, but one wonders…. I can’t believe Facebook would sell our data, so … is someone “harvesting” it?
Read more on Roger Thompson’s blog.
Similar situation. I had a hospital bill declined by the insurance company because I was not a member of that plan. The hospital had submitted the claim to my mother’s insurance company. The scary part, I have not been covered under my parent’s insurance for at least 23 years. The insurance company that they currently use is not the one they used 23 years ago. They have never been to the hospital that I had visited and there was no information given to the hospital about my parents. Worse yet, the hospital billing company insists that they claim had only been submitted to my insurance company. The only record that we have of this incident is an Explanation of Benefits (EOB) sent to my mother by her insurance company detailing the claim and the reason for denial. The hospital name, date of visit and dollar amount listed on the EOB also matched the information for my hospital visit and the patient name listed on the EOB was mine.
OK, that would freak me out, too. And it’s not like they can claim “publicly available information,” either. So where did your parents’ insurance company get that info if not directly from or indirectly from the hospital you went to? Was there an intermediary involved like an outsourced claims adjustment service?
This is also a HIPAA issue, as your PHI was exposed. If this is a recent event and you can’t get any satisfaction/real answers that make sense from the hospital where you were treated, think about submitting a complaint to HHS asking them to investigate the breach.