Why Chinese Hackers Would Want US Hospital Patient Data

itwbennett (1594911) writes In a follow-up to yesterday's story about the Chinese hackers who stole hospital data of 4.5 million patients, IDG News Service's Martyn Williams set out to learn why the data, which didn't include credit card information, was so valuable. The answer is depressingly simple: people without health insurance can potentially get treatment by using medical data of one of the hacking victims. John Halamka, chief information officer of the Beth Israel Deaconess Medical Center and chairman of the New England Healthcare Exchange Network, said a medical record can be worth between $50 and $250 to the right customer — many times more than the amount typically paid for a credit card number, or the cents paid for a user name and password. "If I am one of the 50 million Americans who are uninsured ... and I need a million-dollar heart transplant, for $250 I can get a complete medical record including insurance company details," he said.

Re:I'm not so sure....

[Jason+Levine]

Maybe, but maybe not. I know someone whose identity was stolen and used by a criminal who was arrested. Despite the fact that the guy looks NOTHING like the criminal in question (different height, weight, skin color, etc), he found himself fired from his job for having a criminal record and harassed by police officers who just assumed he was the criminal. It took him years to get anyone to even listen to him and even then it took years to fix the problem as one fixed system would get "re-infected" as the bad data flowed back in from other systems.

Re:Less likely government

[SydShamino]

I'm amazed at how skillfully the finance and corporate community has ingrained "identity theft" into consumer's minds. (And yes, I'm using "consumer" instead of "citizen" on purpose.)

If someone uses a fake credit card to buy items from a store, they have defrauded the store and the credit card company. It should be irrelevant whether the name on that card is fake, or belongs to some other uninvolved third party.

And yet, the industry has managed to redirect the mindset and conversation to shift much of the blame onto that uninvolved third party, making them feel like they are the ones violated by this process, and leaving them with the mess to clean up while those defrauded only write off their losses after the third party goes through hoops to "prove" their own innocence. Meanwhile, there's rarely effort to go after the actual criminal at all.

I understand the reasons why there is a credit market, but I reject the notion that what was once called fraud, perpetrated against a business that is responsible for their losses, is now theft against an unrelated third party that is guilty until proven innocent by the corporate megaliths that run the financial world.