Your medical record is worth more to hackers than your credit card

http://www.reuters.com/article/2014/09/24/us-cybersecurity-hospitals-idUSKCN0HJ21I20140924?feedType=RSS&feedName=healthNews

From the article:

Your medical information is worth 10 times more than your credit card number on the black market.

Last month, the FBI warned healthcare providers to guard against cyber attacks after one of the largest U.S. hospital operators, Community Health Systems Inc, said Chinese hackers had broken into its computer network and stolen the personal information of 4.5 million patients.

Security experts say cyber criminals are increasingly targeting the $3 trillion U.S. healthcare industry, which has many companies still reliant on aging computer systems that do not use the latest security features.

“As attackers discover new methods to make money, the healthcare industry is becoming a much riper target because of the ability to sell large batches of personal data for profit,” said Dave Kennedy, an expert on healthcare security and CEO of TrustedSEC LLC. “Hospitals have low security, so it’s relatively easy for these hackers to get a large amount of personal data for medical fraud.”

Interviews with nearly a dozen healthcare executives, cybersecurity investigators and fraud experts provide a detailed account of the underground market for stolen patient data.

The data for sale includes names, birth dates, policy numbers, diagnosis codes and billing information. Fraudsters use this data to create fake IDs to buy medical equipment or drugs that can be resold, or they combine a patient number with a false provider number and file made-up claims with insurers, according to experts who have investigated cyber attacks on healthcare organizations.

Medical identity theft is often not immediately identified by a patient or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected.

When I saw the breach of Community Health Systems a couple of months ago… My first thoughts is the pharmacy counter… I have written many times before how easy it is to get a fake ID and that the PMP will only catch those people who are too dumb, lazy, cheap to get a fake driver’s license… Now it appears that fraudulent insurance billing is going to go hand in hand with how abusers and diverters gets their hands on drugs… and now they no longer have to pay much cash.. since they will have a way to bill it to a third party. More cash in the crooks pocket and more out of the taxpayers pockets !

Filed under: General Problems