According to a warning issued to healthcare providers from the FBI cyber criminals in the underground economy, more commonly referenced as the black market, are more interested in medical records than credit card numbers. Security experts say hackers are more interested in targeting the trillion-dollar U.S. healthcare industry than they are retailers. Recently, Chinese hackers broke into the computer network of Community Health Systems, Inc. This is one of the largest hospital operators in the United States.
These hackers stole personal information of over four million patients. This prompted the warning to healthcare providers of the serious need to increase their security to guard against cyber attacks. The FBI said in the eyes of the black market medical information is worth 10 times more than individual credit card numbers. Dave Kennedy, CEO of TrustedSec, LLC and an expert on healthcare security, had this to say:
As attackers discover new methods to make money, the healthcare industry is becoming a much riper target because of the ability to sell large batches of personal data for profit. Hospitals have low security, so it’s relatively easy for these hackers to get a large amount of personal data for medical fraud.
Founder of the Ponemon Institute, Larry Ponemon, said he has seen an increase this year in the number of cyber attacks as well as the number of records stolen. The percentage of reported criminal hacks has risen in 2013 to 40 percent from 2009 where the percentage is recorded as 20. These numbers are derived from Ponemon Institute’s annual survey for healthcare organizations; they have access to information surrounding cyber attacks on healthcare firms that are not made public.
Cyber criminals prefer medical records because they have years to milk the credentials before they are caught. Medical identity theft is usually not recognized by a provider or the patient immediately. Credit cards are quickly cancelled once any fraudulent activity is detected or even suspected, but the medical world is totally different.
Once criminals have medical records they have access to patient names, billing information, birth dates and policy numbers. This makes it easy for them to create fake IDs to purchase drugs or medical equipment that can be resold. They even file made-up claims with insurance agencies by combining a false provider number with a patient number. Consumers fail to realize they have been affected until unpaid bills are sent to debt collectors on their behalf for services they did not receive.
It is difficult to pin down the total cost cyber criminals have on healthcare systems because there are no laws requiring criminal prosecution. Healthcare insurers and providers must disclose all data breaches which affect greater than 500 people, but there is no concrete standard for those that fall below 500. Experts in the industry feel the cost of such attacks is one of the many expenses that add to the increase in health insurance premiums.
The FBI issued a private industry notification (PIN) to healthcare providers warning them to increase their cyber-security networks. As compared to the networks of retail and financial sectors the healthcare industry’s security is not sufficient to ward of cyber criminals. This leaves Americans’ personal health insurance data and medical records vulnerable to cyber attacks.
Hackers prefer medical records above credit card numbers because their fraudulent activity is not easily identified. Cyber criminals use medical records to create fake claims, access bank accounts or obtain prescription for controlled substances to be sold or consumed. These criminals are creative and seem to constantly improve their strategy, it is important that everyone does their part to protect their themselves from cyber thieves.
By: Cherese Jackson (Virginia)