Why Chinese Hackers Would Want US Hospital Patient Data

← Back to Stories (view on slashdot.org)

Why Chinese Hackers Would Want US Hospital Patient Data

Posted by timothy on Tuesday August 19, 2014 @02:09AM from the makes-great-gift-wrapping-too dept.

itwbennett (1594911) writes In a follow-up to yesterday's story about the Chinese hackers who stole hospital data of 4.5 million patients, IDG News Service's Martyn Williams set out to learn why the data, which didn't include credit card information, was so valuable. The answer is depressingly simple: people without health insurance can potentially get treatment by using medical data of one of the hacking victims. John Halamka, chief information officer of the Beth Israel Deaconess Medical Center and chairman of the New England Healthcare Exchange Network, said a medical record can be worth between $50 and $250 to the right customer — many times more than the amount typically paid for a credit card number, or the cents paid for a user name and password. "If I am one of the 50 million Americans who are uninsured ... and I need a million-dollar heart transplant, for $250 I can get a complete medical record including insurance company details," he said.

35 of 171 comments (clear)

Min score:

Reason:

Sort:

Time for medicare for all in the usa by Joe_Dragon · 2014-08-19 02:20 · Score: 3, Insightful

Time for medicare for all in the usa also the million-dollar heart transplant is loaded with markup where you can likely go out side of the usa and pay way less for it.
also due to court rulings in favor of inmate care you can just go to prison / jail to get one as well.
http://www.cbsnews.com/news/pr...
1. Re:Time for medicare for all in the usa by DigiShaman · 2014-08-19 02:51 · Score: 2
  
  Hah! And when the US economy collapse because of it, we will drag China down with us. What comes around goes around.
  
  --
  Life is not for the lazy.
2. Re:Time for medicare for all in the usa by Charliemopps · 2014-08-19 02:52 · Score: 5, Informative
  
  Yes, because the single payer systems in Europe of trouble free right?
  I'm not saying we don't have an issue, but your 1 step solution is a joke. The same corruption, greed and poor administration that afflicts us now would continue in the new system. It would just include all the problems of government waste and politics as well.
  The problem in the US is states have enacted their own laws governing what treatment is required by law. So states that are pro-patient rights oppose allowing patients being able to seek insurance outside of the state as that would be an end run around their laws. As a result, patients cannot for any meaningful patients rights groups of a large enough size to make a difference in the healthcare market. There aren't enough doctors because younger doctors can make more money doing plastic surgery and other cosmetic specialty work, and the older doctors get pair so much they only feel the need to work 2 days a week. Tuition to medical schools in this country is borderline insane.
  This is a very complex issue and throwing black and white solutions at it while calling your opponents stupid will get your no-where.
3. Re:Time for medicare for all in the usa by Richard_at_work · 2014-08-19 03:20 · Score: 3, Insightful
  
  What unemployment thing? We are a few tenths of a percentage point behind the US on unemployment, nothing major.
4. Re:Time for medicare for all in the usa by jellomizer · 2014-08-19 03:24 · Score: 3, Insightful
  
  You don't pay taxes?
  It isn't free, it is just that your money that you are paying is being placed in an other category.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
5. Re:Time for medicare for all in the usa by the+eric+conspiracy · 2014-08-19 03:36 · Score: 3, Insightful
  
  Don't be daft. You are paying for your medical care in your tax bill and in all the other goods and services you buy that have taxes embedded in their prices.
  There is no free lunch (2nd law of thermodynamics).
6. Re:Time for medicare for all in the usa by Anonymous Coward · 2014-08-19 03:37 · Score: 2, Insightful
  
  Please fact-check before throwing negative comments someones way.
  US Unemploymnent : 6.3%
  UK Unemploymnent : 6.4%
7. Re:Time for medicare for all in the usa by Richard_at_work · 2014-08-19 03:43 · Score: 3, Insightful
  
  I never said it was free, but we all pay taxes while only some of us don't have to fork out ridiculous additional sums for medical cover.
  For example, I will never be hit with a bill for medical treatments my insurance won't cover. There isn't a moment I have to worry about getting charged for my stay in hospital. I don't have to worry about whether my insurance will cover the drugs my doctor has prescribed me, the most I will pay is £8.05, even if the drug costs £10,000 a course.
8. Re:Time for medicare for all in the usa by Megol · 2014-08-19 04:21 · Score: 2
  
  Yes that is true. What's also true is that most people doesn't need the most expensive type of treatment which makes the total less than a medical insurance in the US. The difference is that those that can't afford paying for an insurance still can get the necessary care. And if one want to and can afford it - go for it and get an insurance too and get that unnecessary CT scan or MRI whenever you feel like!
9. Re:Time for medicare for all in the usa by jklovanc · 2014-08-19 04:28 · Score: 3, Interesting
  
  Take a look at this comparison. Even though the US government pays much more per capita than Canada it does not cover everybody it while Canada does. Here is a possible reason;
  
  A 1999 report found that after exclusions, administration accounted for 31.0% of health care expenditures in the United States, as compared with 16.7% of health care expenditures in Canada.
  Single payer systems make administration much simpler.
10. Re:Time for medicare for all in the usa by Anonymous Coward · 2014-08-19 05:25 · Score: 3, Insightful
  
  Yes, because the single payer systems in Europe of trouble free right?
  I'm not saying we don't have an issue, but your 1 step solution is a joke. The same corruption, greed and poor administration that afflicts us now would continue in the new system. It would just include all the problems of government waste and politics as well.
  "Government waste"? Every other health care system in the world has lower costs that the US as a percentage of GDP and per capita:
  http://www.theguardian.com/news/datablog/2012/jun/30/healthcare-spending-world-country
  You would reduce waste by going with single-payer.
  And these costs don't even get the US the highest life expectancy or lowest child mortality rates.
  I'm sure there are good arguments against single payer, but worries about waste are not one of them.
11. Re:Time for medicare for all in the usa by radarskiy · 2014-08-19 05:33 · Score: 4, Insightful
  
  "Yes, because the single payer systems in Europe of trouble free right?"
  1) Where did the OP claim that it was trouble free?
  2) Why does it have to be trouble free before it can be useful?
12. Re:Time for medicare for all in the usa by ColdWetDog · 2014-08-19 06:27 · Score: 2
  
  Please fact-check before throwing negative comments someones way.
  US Unemploymnent : 6.3%
  UK Unemploymnent : 6.4%
  Imperial or US percentages?
  
  --
  Faster! Faster! Faster would be better!
13. Re:Time for medicare for all in the usa by ColdWetDog · 2014-08-19 06:32 · Score: 2
  
  Ah, no. It has helped. Somewhat. Mostly it's shuffled the deck a bit. Still a whole bunch of people with essentially no way to pay for healthcare. The ACA was never designed to completely solve the problem, only improve it. And improve it a bit it has, with quite a bit of collateral damage.
  The really sad part about the ACA is that the big winners were the insurance companies. They had to suck up and drop the pre existing conditions clause and had to allow for children to stay on their parent's insurance until age 26, but they got 5 years of near uncontrolled price increases and lots and lots of paybacks from the feds.
  Score: US citizens 1, US Government 0, Insurance Industry 10, Big Pharma 4.
  Oh, and the lawyers, they always seem to win extra points all the time.....
  
  --
  Faster! Faster! Faster would be better!
uh-huh by Anonymous Coward · 2014-08-19 02:22 · Score: 5, Insightful

Are there documented cases where the uninsured poor have bought blackmarket medical records to get healthcare? This seem preposterous.
1. Re:uh-huh by Anonymous Coward · 2014-08-19 02:44 · Score: 5, Informative
  
  Um, No. In a Government funded Health system Such as in NZ, well below your predicted 1mil.
  Quote; You might also have a hard time pointing the finger at the real crooks here.
  not really, the crooks are your govt selling your health care to the highest bidder.
  cardiac bypass (heart surgery): $37,000-$45,000
  valve replacement (heart surgery): $43,000-$53,000
  angiogram (diagnostic test): $3600-$4400
  angioplasty with 2 stents (heart surgery): $17,000-$20,000
  total hysterectomy (surgery): $10,000-$13,000
  laparoscopic excision of endometriosis (surgery): $4900-$6000
  prostate removal (cancer surgery): $10,000-$12,000
  prostate brachytherapy (cancer surgery): $21,000-$25,000
  excision of cancerous skin lesion: $1000-$1500
  colonoscopy (diagnostic test): $1500-$1800
  radical mastectomy (breast cancer surgery): $8300-$10,000
  radiation therapy (one course of treatment): $15,000-$27,000
  gastroscopy (diagnostic test): $1100-$1300
  laparoscopic cholecystectomy (gall bladder surgery): $6800-$8400
  total hip replacement (surgery): $18,000-$22,000
  total knee replacement (surgery): $19,000-$23,000
  cataract removal (eye surgery): $3500-$4000
  thyroidectomy (surgery): $8300-$10,200
  endoscopic sinus surgery: $6500-$7900
  wisdom teeth removal: $1900-$2400
  varicose veins (both legs): $6300-$7800
  hernia repair: $5400-$6600
  knee arthroscopy: $4000-$5000
  biopsy: $1000-$1500
  MRI scan: $1000-$1200
  CT scan: $600-$800
  ultrasound: $150-$200.
  Link, http://www.everybody.co.nz/page-56d7ef0e-9e87-46ad-9ab9-843e76f8301e.aspx
2. Re:uh-huh by Anonymous Coward · 2014-08-19 02:55 · Score: 4, Interesting
  
  This seem preposterous.
  As a person in the medical billing field, I've regularly seen faked insurance cards, but they're easy to weed out thanks to electronic eligibility verification. Given that people will walk right up to the counter with their "Homana" insurance card printed on cheap paper, I can absolutely believe that we've treated people who claim to be Jane Doe, have an insurance card with Jane Doe's name, group and policy # on it, and know Jane Doe's DOB (sufficient information to pass eligibility verification). The only way the insurance company would figure it out is if the real Jane Doe was being seen by a doctor somewhere else that day, or if Jane Doe actually read any of the paperwork she gets past the line "This is not a bill".
3. Re: uh-huh by jd2112 · 2014-08-19 03:51 · Score: 2
  
  Point your finger in any direction. There are enough crooks in the healthcare industry that you will probably be ponting at one of them.
  
  --
  Any insufficiently advanced magic is indistinguishable from technology.
I'm not so sure.... by ColdWetDog · 2014-08-19 02:30 · Score: 5, Insightful

The thesis is that you can waltz into a doctor's office AND a hospital with faked records and get the treatment needed. Basically the important bit is the insurance info - what has happened to "you" is less important than what you want to eventually happen to you (in the example given, a heart transplant).
I kinda doubt this, at least in a general sense. First off, you can show all the insurance cards and 'insurance info' to the medical provider all you want. The provider is going to query the insurance company before doing anything expensive. Fine, you say, call them all you want, the 'patient' is insured (it's just not the right patient). Now comes the hard part. The minute that the insurance company starts getting claims from both Peoria and Trenton, NJ flags are going to go up. Other old records would be sought (for something big like a transplant or joint replacement) which would likely not match.
Anything remotely resembling a heart transplant is going to fall apart unless both the real and fake patient have nearly identical physiques, ages and problems. More routine issues could go undetected for a while but persistent discrepancies would show up and as soon as the insurance company flagged the claim as problematic, big ticket items would be placed on hold until things go cleared up. When I worked in an early Medicaid HMO in the 1980's we had some problems with folks 'sharing' the Medicaid ID card (no picture, just a printout basically). It was pretty obvious when the patient's weight varied 30 pounds every other week. We soon insisted on photo ID.
And, in fact, the feds also insist on photo ID these days. Yes, if you're bleeding out we don't ask for it up front but as soon as your blood pressure normalizes we're poking around to figure out just who you are.
So it's possible that that full on medical records might be of value, but it's going to be much harder to monetize than a credit card number and likely would be of limited use. That doesn't mean that the information shouldn't be sealed up, of course. I'm just not sure how big a deal this is. And, in the case of the Community breach, they apparently did not get that information anyway.

--
Faster! Faster! Faster would be better!
1. Re:I'm not so sure.... by Technician · 2014-08-19 02:53 · Score: 4, Informative
  
  Some hospitals are taking photos of patients with higher cost proceedures as early as 6 years ago. My photo is in my medical records. A stolen ID would be spotted by any staff reviewing my medical history.
  
  --
  The truth shall set you free!
2. Re:I'm not so sure.... by Jason+Levine · 2014-08-19 03:01 · Score: 5, Interesting
  
  Maybe, but maybe not. I know someone whose identity was stolen and used by a criminal who was arrested. Despite the fact that the guy looks NOTHING like the criminal in question (different height, weight, skin color, etc), he found himself fired from his job for having a criminal record and harassed by police officers who just assumed he was the criminal. It took him years to get anyone to even listen to him and even then it took years to fix the problem as one fixed system would get "re-infected" as the bad data flowed back in from other systems.
  
  --
  My sci-fi novel, Ghost Thief, is now available from Amazon.com.
bass akwards by Iamthecheese · 2014-08-19 02:34 · Score: 2

Medical records are insecure... so it's time to migrate to a system like the UK where they contain comprehensive information about each person? Am I actually reading this?

Until patient confidentiality is enshrined into laws with real teeth and my insurance company, employer, or local black market guru can't get their hands on them I think I'll pass.

--
If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
1. Re:bass akwards by Richard_at_work · 2014-08-19 03:08 · Score: 3, Informative
  
  Moving to the UK's system means no insurance company, and your employer et al do not have access to your medical records. In-fact, most doctors do not have access to your medical records - they are only now bringing in a system where your medical records are shared on an on-demand basis with other hospitals and surgeries. Walk into an A&E department and they won't have your medical records.
Re:Parasites in Congress by alen · 2014-08-19 02:39 · Score: 3, Informative

and how many times have people, especially women have gone to the doctor and been ignored or told their symptoms were nothing? when the doctor should have done a test or procedure based on the patient's complaint? or in my wife's case a lower doctor wanted to do a c-section without doing the right tests first and her doctor who was the chief of obgyn at the hospital said no and after they did the tests it was found a c-section was not required
even then it's hard to sue for malpractice. the lawyers who do this have nurses on staff who review the charts and only a small percentage end up in a lawsuit.
Re:Biometric security - Copyrighted by cgfsd · 2014-08-19 02:52 · Score: 3, Funny

Sorry, our DNA is copyrighted and adding it to our records would be an infringement on the copyright.
Bulls3#!t by TRRosen · 2014-08-19 03:09 · Score: 3, Interesting

This isn't being collected for individuals. That's to much work. It will be used for bulk insurance fraud. A portfolio of bogus patients to be mixed into a doctors insurance billing.
Uninsured? by Anonymous Coward · 2014-08-19 03:10 · Score: 2, Funny

No one is uninsured now. Obamacare magically fixed that on January first, 2014. This article must be all FUD and spin.
1. Re:Uninsured? by Ralph+Wiggam · 2014-08-19 05:40 · Score: 5, Insightful
  
  More than 7 million people now have insurance because of Obamacare.
  That's 7 million more people than would be insured under the Republic plan of "Fuck you. Walk it off."
2. Re:Uninsured? by Microlith · 2014-08-19 06:27 · Score: 3, Insightful
  
  Too bad we couldn't fix it the right way. But that would be eeeeevil soshialisums even more than the not-actually-socialism socialism that Obamacare put into place.
  The poor should just die in the streets of preventable illnesses, right?
3. Re:Uninsured? by pslytely+psycho · 2014-08-19 07:34 · Score: 4, Interesting
  
  Obamacare is hardly a socialist program. In fact, calling Obama socialist or liberal is a stretch.
  Obama, one of the better republican presidents we have had.
  
  Hopefully we get a real liberal next time instead of a poser.
  
  --
  Donald Trump, on a crusade to make Nixon look respectable
4. Re:Uninsured? by Ralph+Wiggam · 2014-08-19 08:22 · Score: 2
  
  But if you change the meaning of Socialism to "stuff I don't like", then all kinds of things can become "Socialist".
5. Re:Uninsured? by pslytely+psycho · 2014-08-19 09:01 · Score: 4, Interesting
  
  And this has been true throughout our history.
  
  In the 1930's the right cried 'socialism' to the building of the Grand Coulee dam. It was supposed to boost farming in the middle of Washington State. It was way more electricity and water than would be needed (and we really didn't need that much extra food production at the time).
  A few years later WWII happened, and it went from 'socialist' to 'forward thinking' when it allowed the mass production of aluminum for the war effort. (oddly the biggest socialist program in the country, the freeway system, met little opposition as it meant pork for every state, so like you said, they liked it, so it wasn't socialism)
  
  Fortunately for us living here, it currently means very inexpensive electricity (8.8 cents per kwh per my last bill).
  
  --
  Donald Trump, on a crusade to make Nixon look respectable
Re:Less likely government by SydShamino · 2014-08-19 03:12 · Score: 5, Interesting

I'm amazed at how skillfully the finance and corporate community has ingrained "identity theft" into consumer's minds. (And yes, I'm using "consumer" instead of "citizen" on purpose.)
If someone uses a fake credit card to buy items from a store, they have defrauded the store and the credit card company. It should be irrelevant whether the name on that card is fake, or belongs to some other uninvolved third party.
And yet, the industry has managed to redirect the mindset and conversation to shift much of the blame onto that uninvolved third party, making them feel like they are the ones violated by this process, and leaving them with the mess to clean up while those defrauded only write off their losses after the third party goes through hoops to "prove" their own innocence. Meanwhile, there's rarely effort to go after the actual criminal at all.
I understand the reasons why there is a credit market, but I reject the notion that what was once called fraud, perpetrated against a business that is responsible for their losses, is now theft against an unrelated third party that is guilty until proven innocent by the corporate megaliths that run the financial world.

--
It doesn't hurt to be nice.
Re:Biometric security by ShanghaiBill · 2014-08-19 05:16 · Score: 2

Time to add DNA information to our medical records!
That is not necessary. All they need to do is ask for a government issued photo ID card, and make sure the name on the card matches the name on the insurance form. My experience is that about 100% of doctors and hospitals already do that. TFA claims that just knowing an SSN and DOB is enough, and that is not true.
Re:Less likely government by Jason+Levine · 2014-08-19 05:37 · Score: 3, Interesting

I agree that it is fraud and that it's ridiculous that the result of Identity theft is up to the affected person to prove/clean up. I don't think that the name "Identity theft" puts the blame on the victim, though, any more than "car theft" puts the blame on the owner of the stolen car. (Before someone complains "identity theft isn't theft because you still have your identity", imagine if someone kept "borrowing" your car while you slept but returned it every morning with more scratches and dings. You'd still have use of it when you wanted it, but the value of the car would drop quickly and it would be up to you to pay the repair costs. This is what identity thieves do to your credit.)
Sadly, as was my experience during my identity theft, the companies just don't care. The credit card companies see the fraud as something to write off as a cost of doing business and then they move on. Capital One actively blocked both me and the police from investigating. They told me "we can't give you the address on the card with your name on it because if you go and kill the person, we'd be liable." They would just ignore when the police called. (Calls routed to a voicemail box that was never answered.) The credit agencies are even worse. They see your credit file as a profit engine. New lines of credit on your credit file help drive their profits. Anything that blocks this is bad for business. So protecting against identity theft is bad for business. As far as the fraud goes? Well, that's the little people's concern, not theirs. (I was lucky that I caught it when I did or I'd have been fixing the problem for a long, long time.)

--
My sci-fi novel, Ghost Thief, is now available from Amazon.com.