Your medical information is worth 10 times more than your credit card number on the black market.
Last month, the FBI told healthcare providers to guard against cyberattacks after one of the largest US hospital operators, Community Health Systems Inc, said suspected Chinese hackers had broken into its computer network and stolen the personal information of 4.5 million patients.
Security experts say cybercriminals are increasingly targeting the US$3 trillion US healthcare industry, which has many companies still reliant on aging computer systems that do not use the latest security features.
“As attackers discover new methods to make money, the healthcare industry is becoming a much riper target because of the ability to sell large batches of personal data for profit,” said Dave Kennedy, an expert on healthcare security and CEO of TrustedSEC LLC. “Hospitals have low security, so it’s relatively easy for these hackers to get a large amount of personal data for medical fraud.”
Interviews with nearly a dozen healthcare executives, cybersecurity investigators and fraud experts provide a detailed account of the underground market for stolen patient data.
The data for sale includes names, birth dates, policy numbers, diagnosis codes and billing information. Fraudsters use this data to create fake IDs to buy medical equipment or drugs that can be resold, or they combine a patient number with a false provider number and file made-up claims with insurers, according to experts who have investigated cyberattacks on healthcare organizations.
Medical identity theft is often not immediately identified by a patient or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected.
Stolen health credentials can go for US$10 each, about 10 or 20 times the value of a US credit card number, according to Don Jackson, director of threat intelligence at PhishLabs, a cybercrime protection company. He obtained the data by monitoring underground exchanges where hackers sell the information.
The percentage of healthcare organizations that reported a criminal cyberattack had risen to 40 percent last year from 20 percent in 2009, according to an annual survey by the Ponemon Institute think tank on data protection policy.
Fueling that increase is a shift to electronic medical records by a majority of US healthcare providers.
Healthcare providers and insurers must publicly disclose data breaches affecting more than 500 people, but there are no laws requiring criminal prosecution. As a result, the total cost of cyberattacks on the healthcare system is difficult to pin down. Insurance industry experts say they are one of many expenses ultimately passed onto US citizens as part of rising health insurance premiums.
Consumers sometimes discover their credentials have been stolen only after fraudsters use their personal medical ID to impersonate them and obtain health services. When the unpaid bills are sent on to debt collectors, they track down the fraud victims and seek payment.
The US government’s efforts to combat Medicare fraud have focused on traditional types of scams that involve provider billing and over billing. Fraud involving the Medicare program for seniors and the disabled totaled more than US$6 billion in the past two years, according to a database maintained by Medical Identity Fraud Alliance.
“Healthcare providers and hospitals are just some of the easiest networks to break into,” said Jeff Horne, vice president at cybersecurity firm Accuvant, which is majority-owned by private equity firm Blackstone Group.
KPMG partner Michael Ebert said security has been an afterthought for many medical providers — whether it is building encryption into software used to create electronic patient records or in setting budgets.
“Are you going to put money into a brand new MRI machine or laser surgery or are you going to put money into a new firewall?” he said.
DIALOGUE: US president-elect Donald Trump on his Truth Social platform confirmed that he had spoken with Xi, saying ‘the call was a very good one’ for the US and China US president-elect Donald Trump and Chinese President Xi Jinping (習近平) discussed Taiwan, trade, fentanyl and TikTok in a phone call on Friday, just days before Trump heads back to the White House with vows to impose tariffs and other measures on the US’ biggest rival. Despite that, Xi congratulated Trump on his second term and pushed for improved ties, the Chinese Ministry of Foreign Affairs said. The call came the same day that the US Supreme Court backed a law banning TikTok unless it is sold by its China-based parent company. “We both attach great importance to interaction, hope for
‘GREAT OPPRTUNITY’: The Paraguayan president made the remarks following Donald Trump’s tapping of several figures with deep Latin America expertise for his Cabinet Paraguay President Santiago Pena called US president-elect Donald Trump’s incoming foreign policy team a “dream come true” as his nation stands to become more relevant in the next US administration. “It’s a great opportunity for us to advance very, very fast in the bilateral agenda on trade, security, rule of law and make Paraguay a much closer ally” to the US, Pena said in an interview in Washington ahead of Trump’s inauguration today. “One of the biggest challenges for Paraguay was that image of an island surrounded by land, a country that was isolated and not many people know about it,”
‘FIGHT TO THE END’: Attacking a court is ‘unprecedented’ in South Korea and those involved would likely face jail time, a South Korean political pundit said Supporters of impeached South Korean President Yoon Suk-yeol yesterday stormed a Seoul court after a judge extended the impeached leader’s detention over his ill-fated attempt to impose martial law. Tens of thousands of people had gathered outside the Seoul Western District Court on Saturday in a show of support for Yoon, who became South Korea’s first sitting head of state to be arrested in a dawn raid last week. After the court extended his detention on Saturday, the president’s supporters smashed windows and doors as they rushed inside the building. Hundreds of police officers charged into the court, arresting dozens and denouncing an
CYBERSCAM: Anne, an interior decorator with mental health problems, spent a year and a half believing she was communicating with Brad Pitt and lost US$855,259 A French woman who revealed on TV how she had lost her life savings to scammers posing as Brad Pitt has faced a wave of online harassment and mockery, leading the interview to be withdrawn on Tuesday. The woman, named as Anne, told the Seven to Eight program on the TF1 channel how she had believed she was in a romantic relationship with the Hollywood star, leading her to divorce her husband and transfer 830,000 euros (US$855,259). The scammers used fake social media and WhatsApp accounts, as well as artificial intelligence image-creating technology to send Anne selfies and other messages
RSS