Your medical information is worth 10 times more than your credit card number on the black market.
Last month, the FBI told healthcare providers to guard against cyberattacks after one of the largest US hospital operators, Community Health Systems Inc, said suspected Chinese hackers had broken into its computer network and stolen the personal information of 4.5 million patients.
Security experts say cybercriminals are increasingly targeting the US$3 trillion US healthcare industry, which has many companies still reliant on aging computer systems that do not use the latest security features.
“As attackers discover new methods to make money, the healthcare industry is becoming a much riper target because of the ability to sell large batches of personal data for profit,” said Dave Kennedy, an expert on healthcare security and CEO of TrustedSEC LLC. “Hospitals have low security, so it’s relatively easy for these hackers to get a large amount of personal data for medical fraud.”
Interviews with nearly a dozen healthcare executives, cybersecurity investigators and fraud experts provide a detailed account of the underground market for stolen patient data.
The data for sale includes names, birth dates, policy numbers, diagnosis codes and billing information. Fraudsters use this data to create fake IDs to buy medical equipment or drugs that can be resold, or they combine a patient number with a false provider number and file made-up claims with insurers, according to experts who have investigated cyberattacks on healthcare organizations.
Medical identity theft is often not immediately identified by a patient or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected.
Stolen health credentials can go for US$10 each, about 10 or 20 times the value of a US credit card number, according to Don Jackson, director of threat intelligence at PhishLabs, a cybercrime protection company. He obtained the data by monitoring underground exchanges where hackers sell the information.
The percentage of healthcare organizations that reported a criminal cyberattack had risen to 40 percent last year from 20 percent in 2009, according to an annual survey by the Ponemon Institute think tank on data protection policy.
Fueling that increase is a shift to electronic medical records by a majority of US healthcare providers.
Healthcare providers and insurers must publicly disclose data breaches affecting more than 500 people, but there are no laws requiring criminal prosecution. As a result, the total cost of cyberattacks on the healthcare system is difficult to pin down. Insurance industry experts say they are one of many expenses ultimately passed onto US citizens as part of rising health insurance premiums.
Consumers sometimes discover their credentials have been stolen only after fraudsters use their personal medical ID to impersonate them and obtain health services. When the unpaid bills are sent on to debt collectors, they track down the fraud victims and seek payment.
The US government’s efforts to combat Medicare fraud have focused on traditional types of scams that involve provider billing and over billing. Fraud involving the Medicare program for seniors and the disabled totaled more than US$6 billion in the past two years, according to a database maintained by Medical Identity Fraud Alliance.
“Healthcare providers and hospitals are just some of the easiest networks to break into,” said Jeff Horne, vice president at cybersecurity firm Accuvant, which is majority-owned by private equity firm Blackstone Group.
KPMG partner Michael Ebert said security has been an afterthought for many medical providers — whether it is building encryption into software used to create electronic patient records or in setting budgets.
“Are you going to put money into a brand new MRI machine or laser surgery or are you going to put money into a new firewall?” he said.
HISTORIC: After the arrest of Kim Keon-hee on financial and political funding charges, the country has for the first time a former president and former first lady behind bars South Korean prosecutors yesterday raided the headquarters of the former party of jailed former South Korean president Yoon Suk-yeol to gather evidence in an election meddling case against his wife, a day after she was arrested on corruption and other charges. Former first lady Kim Keon-hee was arrested late on Tuesday on a range of charges including stock manipulation and corruption, prosecutors said. Her arrest came hours after the Seoul Central District Court reviewed prosecutors’ request for an arrest warrant against the 52-year-old. The court granted the warrant, citing the risk of tampering with evidence, after prosecutors submitted an 848-page opinion laying out
STAGNATION: Once a bastion of leftist politics, the Aymara stronghold of El Alto is showing signs of shifting right ahead of the presidential election A giant cruise ship dominates the skyline in the city of El Alto in landlocked Bolivia, a symbol of the transformation of an indigenous bastion keenly fought over in tomorrow’s presidential election. The “Titanic,” as the tallest building in the city is known, serves as the latest in a collection of uber-flamboyant neo-Andean “cholets” — a mix of chalet and “chola” or Indigenous woman — built by Bolivia’s Aymara bourgeoisie over the past two decades. Victor Choque Flores, a self-made 46-year-old businessman, forked out millions of US dollars for his “ship in a sea of bricks,” as he calls his futuristic 12-story
FORUM: The Solomon Islands’ move to bar Taiwan, the US and others from the Pacific Islands Forum has sparked criticism that Beijing’s influence was behind the decision Tuvaluan Prime Minister Feletei Teo said his country might pull out of the region’s top political meeting next month, after host nation Solomon Islands moved to block all external partners — including China, the US and Taiwan — from attending. The Pacific Islands Forum (PIF) leaders’ meeting is to be held in Honiara in September. On Thursday last week, Solomon Islands Prime Minister Jeremiah Manele told parliament that no dialogue partners would be invited to the annual gathering. Countries outside the Pacific, known as “dialogue partners,” have attended the forum since 1989, to work with Pacific leaders and contribute to discussions around
END OF AN ERA: The vote brings the curtain down on 20 years of socialist rule, which began in 2005 when Evo Morales, an indigenous coca farmer, was elected president A center-right senator and a right-wing former president are to advance to a run-off for Bolivia’s presidency after the first round of elections on Sunday, marking the end of two decades of leftist rule, preliminary official results showed. Bolivian Senator Rodrigo Paz was the surprise front-runner, with 32.15 percent of the vote cast in an election dominated by a deep economic crisis, results published by the electoral commission showed. He was followed by former Bolivian president Jorge “Tuto” Quiroga in second with 26.87 percent, according to results based on 92 percent of votes cast. Millionaire businessman Samuel Doria Medina, who had been tipped
RSS