Medical Records Worth More To Hackers Than Credit Cards

HughPickens.com writes Reuters reports that your medical information, including names, birth dates, policy numbers, diagnosis codes and billing information, is worth 10 times more than your credit card number on the black market. Fraudsters use this data to create fake IDs to buy medical equipment or drugs that can be resold, or they combine a patient number with a false provider number and file made-up claims with insurers, according to experts who have investigated cyber attacks on healthcare organizations. Medical identity theft is often not immediately identified by a patient or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected. Stolen health credentials can go for $10 each, about 10 or 20 times the value of a U.S. credit card number, says Don Jackson, director of threat intelligence at PhishLabs, a cyber crime protection company. He obtained the data by monitoring underground exchanges where hackers sell the information. Plus "healthcare providers and hospitals are just some of the easiest networks to break into," says Jeff Horne. "When I've looked at hospitals, and when I've talked to other people inside of a breach, they are using very old legacy systems — Windows systems that are 10 plus years old that have not seen a patch."

Government ineptitude

[rickb928]

If Medicare practiced fraud/risk control energy marginally as will as the payments industry, they could cut fraudulent claims by 70%.

- Does the zip code you are shipping durable equipment to when remotely match the patient's residence? If not, just a phone call might work to confirm the transaction.

- Does the durable equipment have use for any Diagnostic code used my the patient in past?

There are other triggers that could help.

Hospital networks are very vulnerable.

[140Mandak262Jamuna]

I have sat in many consulting rooms and examination rooms in the hospitals, with a lone pizza box computer with WindowsNT or Windows64 screen saver. All alone, the computer, its ports all freely available for me to plug anything I wanted, even spare RJ-45 ethernet ports next to it for me to plug in anything I wanted. It would be trivially simple to plug in an USB keylogger dongle to the back USB port.

Wondering if all the hospital networks are already compromised beyond repair. If the doctors use same passwords for their hospital account as well as their personal account, they too would be very vulnerable. Some of the doctors I know are surgeons who would wield a scalpel with great confidence and would think it is routine to make a 20 cm long incision across the stomach. But are scared of the stupid computer and were mortally afraid of changing the password, or the default screen saver.