April V. Taylor
Data and reports compiled by the FBI have revealed that stealing a person’s medical information is worth 10 times more to thieves and hackers than a credit card number is on the black market. Just as recently as last month, the FBI warned healthcare providers about guarding themselves against cyber attackers after Community Health Systems Inc., one of the country’s largest hospital operators, was broken into by Chinese hackers who stole the personal information of 4.5 million patients.
Part of what makes the U.S. healthcare industry vulnerable is the use of aging computer systems that do not have up to date security features to protect people’s personal information. Dave Kennedy, an expert on healthcare security and CEO of TrustedSEC LLC states, “As attackers discover new methods to make money, the healthcare industry is becoming a much riper target because of the ability to sell large batches of personal data for profit. Hospitals have low security, so it’s relatively easy for these hackers to get a large amount of personal data for medical fraud.”
According to healthcare executives, cybersecurity investigators and fraud experts, the data hackers and thieves sell includes names, birth dates, policy numbers, diagnosis codes and billing information. This data is then used to purchase medical equipment and drugs for resale or to file fake claims with insurance companies. One of the things that makes thieves difficult to catch is that they can use stolen credentials for years before being caught. This is in part what makes medical information more valuable than credit cards, which are usually have fraudulent transactions discovered much more quickly.
In terms of the dollars paid for stolen information, medical records are also more valuable than credit card numbers. Stolen medical information can go for $10 a record which is 10 to 20 times more than what a stolen credit card number goes for in the United States. These numbers are based on PhishLabs monitoring of underground exchanges where hackers sell stolen information.
Statistics compiled from an annual survey conducted by the Ponemon Institute show that theft of medical records is on the rise going from 20 percent of healthcare organizations reporting attacks in 2009 to 40 percent in 2013. To protect yourself from medical identity theft, use strong passwords, protect your health information, and dispose of prescription information properly.