Your medical information is worth 10 times more than your credit card number on the black market.
Last month, the FBI told healthcare providers to guard against cyberattacks after one of the largest US hospital operators, Community Health Systems Inc, said suspected Chinese hackers had broken into its computer network and stolen the personal information of 4.5 million patients.
Security experts say cybercriminals are increasingly targeting the US$3 trillion US healthcare industry, which has many companies still reliant on aging computer systems that do not use the latest security features.
“As attackers discover new methods to make money, the healthcare industry is becoming a much riper target because of the ability to sell large batches of personal data for profit,” said Dave Kennedy, an expert on healthcare security and CEO of TrustedSEC LLC. “Hospitals have low security, so it’s relatively easy for these hackers to get a large amount of personal data for medical fraud.”
Interviews with nearly a dozen healthcare executives, cybersecurity investigators and fraud experts provide a detailed account of the underground market for stolen patient data.
The data for sale includes names, birth dates, policy numbers, diagnosis codes and billing information. Fraudsters use this data to create fake IDs to buy medical equipment or drugs that can be resold, or they combine a patient number with a false provider number and file made-up claims with insurers, according to experts who have investigated cyberattacks on healthcare organizations.
Medical identity theft is often not immediately identified by a patient or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected.
Stolen health credentials can go for US$10 each, about 10 or 20 times the value of a US credit card number, according to Don Jackson, director of threat intelligence at PhishLabs, a cybercrime protection company. He obtained the data by monitoring underground exchanges where hackers sell the information.
The percentage of healthcare organizations that reported a criminal cyberattack had risen to 40 percent last year from 20 percent in 2009, according to an annual survey by the Ponemon Institute think tank on data protection policy.
Fueling that increase is a shift to electronic medical records by a majority of US healthcare providers.
Healthcare providers and insurers must publicly disclose data breaches affecting more than 500 people, but there are no laws requiring criminal prosecution. As a result, the total cost of cyberattacks on the healthcare system is difficult to pin down. Insurance industry experts say they are one of many expenses ultimately passed onto US citizens as part of rising health insurance premiums.
Consumers sometimes discover their credentials have been stolen only after fraudsters use their personal medical ID to impersonate them and obtain health services. When the unpaid bills are sent on to debt collectors, they track down the fraud victims and seek payment.
The US government’s efforts to combat Medicare fraud have focused on traditional types of scams that involve provider billing and over billing. Fraud involving the Medicare program for seniors and the disabled totaled more than US$6 billion in the past two years, according to a database maintained by Medical Identity Fraud Alliance.
“Healthcare providers and hospitals are just some of the easiest networks to break into,” said Jeff Horne, vice president at cybersecurity firm Accuvant, which is majority-owned by private equity firm Blackstone Group.
KPMG partner Michael Ebert said security has been an afterthought for many medical providers — whether it is building encryption into software used to create electronic patient records or in setting budgets.
“Are you going to put money into a brand new MRI machine or laser surgery or are you going to put money into a new firewall?” he said.
LANDMARK CASE: ‘Every night we were dragged to US soldiers and sexually abused. Every week we were forced to undergo venereal disease tests,’ a victim said More than 100 South Korean women who were forced to work as prostitutes for US soldiers stationed in the country have filed a landmark lawsuit accusing Washington of abuse, their lawyers said yesterday. Historians and activists say tens of thousands of South Korean women worked for state-sanctioned brothels from the 1950s to 1980s, serving US troops stationed in country to protect the South from North Korea. In 2022, South Korea’s top court ruled that the government had illegally “established, managed and operated” such brothels for the US military, ordering it to pay about 120 plaintiffs compensation. Last week, 117 victims
China on Monday announced its first ever sanctions against an individual Japanese lawmaker, targeting China-born Hei Seki for “spreading fallacies” on issues such as Taiwan, Hong Kong and disputed islands, prompting a protest from Tokyo. Beijing has an ongoing spat with Tokyo over islands in the East China Sea claimed by both countries, and considers foreign criticism on sensitive political topics to be acts of interference. Seki, a naturalised Japanese citizen, “spread false information, colluded with Japanese anti-China forces, and wantonly attacked and smeared China”, foreign ministry spokesman Lin Jian told reporters on Monday. “For his own selfish interests, (Seki)
Argentine President Javier Milei on Sunday vowed to “accelerate” his libertarian reforms after a crushing defeat in Buenos Aires provincial elections. The 54-year-old economist has slashed public spending, dismissed tens of thousands of public employees and led a major deregulation drive since taking office in December 2023. He acknowledged his party’s “clear defeat” by the center-left Peronist movement in the elections to the legislature of Buenos Aires province, the country’s economic powerhouse. A deflated-sounding Milei admitted to unspecified “mistakes” which he vowed to “correct,” but said he would not be swayed “one millimeter” from his reform agenda. “We will deepen and accelerate it,” he
‘HYANGDO’: A South Korean lawmaker said there was no credible evidence to support rumors that Kim Jong-un has a son with a disability or who is studying abroad South Korea’s spy agency yesterday said that North Korean leader Kim Jong-un’s daughter, Kim Ju-ae, who last week accompanied him on a high-profile visit to Beijing, is understood to be his recognized successor. The teenager drew global attention when she made her first official overseas trip with her father, as he met with Chinese President Xi Jinping (習近平) and Russian President Vladimir Putin. Analysts have long seen her as Kim’s likely successor, although some have suggested she has an older brother who is being secretly groomed as the next leader. The South Korean National Intelligence Service (NIS) “assesses that she [Kim Ju-ae]
RSS