Slashdot Mirror

← Back to Stories (view on slashdot.org)

Medical Records Worth More To Hackers Than Credit Cards

Posted by samzenpus on from the pills-please dept.

HughPickens.com writes Reuters reports that your medical information, including names, birth dates, policy numbers, diagnosis codes and billing information, is worth 10 times more than your credit card number on the black market. Fraudsters use this data to create fake IDs to buy medical equipment or drugs that can be resold, or they combine a patient number with a false provider number and file made-up claims with insurers, according to experts who have investigated cyber attacks on healthcare organizations. Medical identity theft is often not immediately identified by a patient or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected. Stolen health credentials can go for $10 each, about 10 or 20 times the value of a U.S. credit card number, says Don Jackson, director of threat intelligence at PhishLabs, a cyber crime protection company. He obtained the data by monitoring underground exchanges where hackers sell the information. Plus "healthcare providers and hospitals are just some of the easiest networks to break into," says Jeff Horne. "When I've looked at hospitals, and when I've talked to other people inside of a breach, they are using very old legacy systems — Windows systems that are 10 plus years old that have not seen a patch."

4 of 78 comments (clear)

  1. Perspective by jklovanc · · Score: 4, Insightful

    There is at least two ways to look at this issue.
    A. Using stolen health information is very lucrative due to the lack of security.
    B. Using stolen credit card information has become a lot less lucrative due to the increased security used by credit card companies.

    I suspect a little from column A and a little from column B.

  2. Government ineptitude by rickb928 · · Score: 5, Insightful

    If Medicare practiced fraud/risk control energy marginally as will as the payments industry, they could cut fraudulent claims by 70%.

    - Does the zip code you are shipping durable equipment to when remotely match the patient's residence? If not, just a phone call might work to confirm the transaction.

    - Does the durable equipment have use for any Diagnostic code used my the patient in past?

    There are other triggers that could help.

    --
    deleting the extra space after periods so i can stay relevant, yeah.
  3. myopic CIO doesn't understand hackers by Anonymous Coward · · Score: 2, Insightful

    "The only reason to buy that data is so they can fraudulently bill," Probst said.

    Uh, what? You don't think having access to the birthdate, employer, SSN, address and medical history has any use other than fraudulent billing? Good thing he is in the medical field so he can get a CT scan of his navel. Apparently this "CIO" doesn't understand the value of the data he is supposed to be keeping safe.

    This is all the more reason to NOT give healthcare providers your SSN, and to insist that insurance companies use a different customer ID.

  4. Re:Ironically, blame HIPAA by chispito · · Score: 1, Insightful

    If you think that a bill piling expensive requirements on an industry is the perfect excuse to pile more expenses on that industry, then you may have a promising career ahead of you in Congress.

    --
    The Daddy casts sleep on the Baby. The Baby resists!