Why hackers are more & more interested in heath care data
Health care records can be more valuable because they have a longer shelf life than financial data, which becomes worthless once the fraud is detected and the payment card is cancelled or blocked.
With health care credentials you can get “free” health care as someone else is paying for the insurance. Unlike credit card numbers, healthcare information is non recoverable, and potentially lethal in the wrong hands.
Learning a patient’s medications and diagnoses means that a hacker can order expensive drugs or equipment and resell them.
▻http://www.infoworld.com/article/2983634/security/why-hackers-want-your-health-care-data-breaches-most-of-all.html
Social Security numbers can’t easily be cancelled, and medical and prescription records are permanent. There’s also a large market for health insurance fraud and abuse, which may be more lucrative than simply selling the records outright in forums.
[...]
criminals monetize health care data in a different way than they cash in on financial data. Most forums selling health care data tend to be more specialized than the carding forums where payment card information is sold. Stolen health care data forums operate more like drug cartels, where health records are not sold outright, but rather used to buy and sell addictive prescriptions,
[...]
It makes sense that governments would be interested in getting their hands on this data because it can be useful for building dossiers that reflect a deeper understanding of the target population. Medical and insurance records provide insights about where people live, what medical treatments they had, who their family members are, and who they work for.
▻http://www.bloomberg.com/news/articles/2015-06-05/u-s-government-data-breach-tied-to-theft-of-health-care-records
The disclosure by U.S. officials that Chinese hackers stole records of as many as 4 million government workers is now being linked to the thefts of personal information from health-care companies.
▻http://resources.infosecinstitute.com/hackers-selling-healthcare-data-in-the-black-market
Many healthcare organizations do not perform encryption of records within the internal networks. They also do not use encryption of data at rest and transit. This interest the hackers since the attack surface area is very huge. Health insurance information can be used to purchase drugs or medical equipment, which are then resold illegally, or even to get medical care. The latter can have consequences that go far beyond the financial.
And the Internet of Things with all the quantifying self data is not going to make it any better
#health_care
#hack
#social_security
#identity_theft
#data_breach
#security
#dark_net #darknet #dark_web
( Athem, Excellus Blue Cross Blue Shield, CareFirst Blue Cross, LifeWise )