Your medical information is worth 10 times more than your credit card number on the black market.
Last month, the FBI told healthcare providers to guard against cyberattacks after one of the largest US hospital operators, Community Health Systems Inc, said suspected Chinese hackers had broken into its computer network and stolen the personal information of 4.5 million patients.
Security experts say cybercriminals are increasingly targeting the US$3 trillion US healthcare industry, which has many companies still reliant on aging computer systems that do not use the latest security features.
“As attackers discover new methods to make money, the healthcare industry is becoming a much riper target because of the ability to sell large batches of personal data for profit,” said Dave Kennedy, an expert on healthcare security and CEO of TrustedSEC LLC. “Hospitals have low security, so it’s relatively easy for these hackers to get a large amount of personal data for medical fraud.”
Interviews with nearly a dozen healthcare executives, cybersecurity investigators and fraud experts provide a detailed account of the underground market for stolen patient data.
The data for sale includes names, birth dates, policy numbers, diagnosis codes and billing information. Fraudsters use this data to create fake IDs to buy medical equipment or drugs that can be resold, or they combine a patient number with a false provider number and file made-up claims with insurers, according to experts who have investigated cyberattacks on healthcare organizations.
Medical identity theft is often not immediately identified by a patient or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected.
Stolen health credentials can go for US$10 each, about 10 or 20 times the value of a US credit card number, according to Don Jackson, director of threat intelligence at PhishLabs, a cybercrime protection company. He obtained the data by monitoring underground exchanges where hackers sell the information.
The percentage of healthcare organizations that reported a criminal cyberattack had risen to 40 percent last year from 20 percent in 2009, according to an annual survey by the Ponemon Institute think tank on data protection policy.
Fueling that increase is a shift to electronic medical records by a majority of US healthcare providers.
Healthcare providers and insurers must publicly disclose data breaches affecting more than 500 people, but there are no laws requiring criminal prosecution. As a result, the total cost of cyberattacks on the healthcare system is difficult to pin down. Insurance industry experts say they are one of many expenses ultimately passed onto US citizens as part of rising health insurance premiums.
Consumers sometimes discover their credentials have been stolen only after fraudsters use their personal medical ID to impersonate them and obtain health services. When the unpaid bills are sent on to debt collectors, they track down the fraud victims and seek payment.
The US government’s efforts to combat Medicare fraud have focused on traditional types of scams that involve provider billing and over billing. Fraud involving the Medicare program for seniors and the disabled totaled more than US$6 billion in the past two years, according to a database maintained by Medical Identity Fraud Alliance.
“Healthcare providers and hospitals are just some of the easiest networks to break into,” said Jeff Horne, vice president at cybersecurity firm Accuvant, which is majority-owned by private equity firm Blackstone Group.
KPMG partner Michael Ebert said security has been an afterthought for many medical providers — whether it is building encryption into software used to create electronic patient records or in setting budgets.
“Are you going to put money into a brand new MRI machine or laser surgery or are you going to put money into a new firewall?” he said.
OPTIMISTIC: A Philippine Air Force spokeswoman said the military believed the crew were safe and were hopeful that they and the jet would be recovered A Philippine Air Force FA-50 jet and its two-person crew are missing after flying in support of ground forces fighting communist rebels in the southern Mindanao region, a military official said yesterday. Philippine Air Force spokeswoman Colonel Consuelo Castillo said the jet was flying “over land” on the way to its target area when it went missing during a “tactical night operation in support of our ground troops.” While she declined to provide mission specifics, Philippine Army spokesman Colonel Louie Dema-ala confirmed that the missing FA-50 was part of a squadron sent “to provide air support” to troops fighting communist rebels in
PROBE: Last week, Romanian prosecutors launched a criminal investigation against presidential candidate Calin Georgescu accusing him of supporting fascist groups Tens of thousands of protesters gathered in Romania’s capital on Saturday in the latest anti-government demonstration by far-right groups after a top court canceled a presidential election in the EU country last year. Protesters converged in front of the government building in Bucharest, waving Romania’s tricolor flags and chanting slogans such as “down with the government” and “thieves.” Many expressed support for Calin Georgescu, who emerged as the frontrunner in December’s canceled election, and demanded they be resumed from the second round. George Simion, the leader of the far-right Alliance for the Unity of Romanians (AUR), which organized the protest,
ECONOMIC DISTORTION? The US commerce secretary’s remarks echoed Elon Musk’s arguments that spending by the government does not create value for the economy US Secretary of Commerce Howard Lutnick on Sunday said that government spending could be separated from GDP reports, in response to questions about whether the spending cuts pushed by Elon Musk’s Department of Government Efficiency could possibly cause an economic downturn. “You know that governments historically have messed with GDP,” Lutnick said on Fox News Channel’s Sunday Morning Futures. “They count government spending as part of GDP. So I’m going to separate those two and make it transparent.” Doing so could potentially complicate or distort a fundamental measure of the US economy’s health. Government spending is traditionally included in the GDP because
Hundreds of people in rainbow colors gathered on Saturday in South Africa’s tourist magnet Cape Town to honor the world’s first openly gay imam, who was killed last month. Muhsin Hendricks, who ran a mosque for marginalized Muslims, was shot dead last month near the southern city of Gqeberha. “I was heartbroken. I think it’s sad especially how far we’ve come, considering how progressive South Africa has been,” attendee Keisha Jensen said. Led by motorcycle riders, the mostly young crowd walked through the streets of the coastal city, some waving placards emblazoned with Hendricks’s image and reading: “#JUSTICEFORMUHSIN.” No arrest
RSS