By Marla Jo Fisher
The Orange County Register
June 5, 2008
A computer security breach at a health insurance company was responsible for an identity theft at UC Irvine that affected 1,132 students, and led to fake tax returns filed for at least 155 of them, officials said Thursday.
A criminal investigation is under way in the case, which came from a leak at Minnesota-based UnitedHealthcare, the insurance provider for UCI graduate students.
The thefts came to light in February, after UCI students began filing reports with campus police that someone was filing fraudulent tax returns and collecting the refunds using their names and Social Security numbers.
Students generally discovered the problem after unsuccessfully trying to file their real tax returns, only to find that someone had already filed a fake one and claimed a refund on their accounts.
UCI computer experts pored over their systems trying to find a leak, without success. Federal and local police were called in, and were ultimately able to determine that all the victims had been enrolled in the United Healthcare insurance plan.
“We take our obligation to protect our members’ information seriously, and continue to work with law enforcement officials in this ongoing investigation,” (UnitedHealthcare) spokesman Daryl Richard said.
http://www.ocregister.com/articles/students-uci-tax-2061061-insurance-campus
Comment:
By Don McCanne, MD
The private insurance industry has certainly been doing a shabby job of fulfilling its primary obligation to pool risk. The insurers have been quite successful in avoiding paying for health care by selectively marketing their products to the healthy (like these graduate students), and by using underinsurance to shift more of the costs of care to individuals who actually need it. They use amoral business practices that sometimes challenge the regulators, and occasionally even move into the criminal sphere to achieve their business goals.
UnitedHealthcare should not take any consolation in the fact that we are not going accuse the company of orchestrating the crime of filing fraudulent tax returns for its own policyholders. Even if it was an inside job, this criminal act certainly did not represent official company policy.
UnitedHealthcare does not escape blame in this. The primary product that they sell us is administrative services, and a whole lot of them – things like data processing with security systems that protect the confidential information of their clients. In spite of the excessive resources directed to their administrative systems, they can’t even do that right.
Last week both the Secretary of the Air Force and the Chief of Staff were fired because of security breaches by individuals under their command. In contrast, the last head of UnitedHealthcare was rewarded with a golden parachute of $1.1 billion (some of which he had to give back because of his illegal options backdating).
Bad things happen within the government, and we are outraged and expect corrective action. Bad things happen within the private insurance industry, and yet we intend to reward them by supporting reform that mandates that everyone buy their wasteful administrative services.
Instead, let’s establish our own single payer national health program and hire stewards that will take good care of it for us. If they don’t, we can fire them and hire ones that will.