Health Industry Needs Urgent Cyber Surgery

SHORT-TERM-HEALTH-INSURANCE-resized.png

Cyber hackers have taken their vitamins and are aiming at the healthcare sector in 2015. Anthem recently reported a breach where hackers accessed close to 80 million records (roughly 25% of Americans). Now we are learning the details of the recent Premera Blue Cross hack in which 11 million patients’ data has been compromised. 
This hack is especially alarming in that the hackers gained access to insurance claim data, banking account numbers, clinical information, and even valuable diagnostic codes. Social Security Numbers, birth dates, and other patient identifiers were also compromised. The attack reportedly began back in May of 2014 and is the worst breach to date involving patient medical information. Even though the Anthem hack had a much larger number of medical records compromised, the hackers did not gain access to medical information as with the Premera hack, which was only uncovered recently on Jan. 29, 2015
You might wonder why are hackers so interested in medical records?
If you lurk around in the dark Web, you will quickly learn medical records are highly valuable and often used for insurance fraud scams, which is extremely lucrative. There are so many stolen credit cards available for purchase in the dark Web, and are currently selling for about one dollar per card. Contrast this with the average stolen health credentials fetching up to ten times that and you quickly see the value to cyber thieves and hackers.
What is in a typical medical record that the cyber thieves want?
First, there are great details about an individual’s life—details that some people will not share on social networks. Once a hacker has captured this compromised information, they may effectively use it to access a victim’s bank account information, modify and file a tax return, or even apply for a loan in their name. Hackers often will use medical policy numbers to file false medical claims and attempt to collect a payout and utilize the diagnostic codes. Some of these hackers will even access prescriptions for painkillers to sell illegally. When hackers have detailed family member names, addresses, and birthdays, they can easily socially engineer a situation in which they sound credible. Having access to medical data also allows for effective targeted email phishing attacks where convincing attachments lure unsuspecting individuals to click and reveal further data such as usernames and passwords.
Hackers are lazy and opt for the easy targets.
The credit card companies have invested heavily into advanced fraud detection because of so many compromised credit cards in 2014. Consumers are also beginning to learn the importance and being trained to regularly check their credit card statements for any suspicious activity. The healthcare industry continues to concentrate on patients’ health and not on patients’ security. Security will have to become another metric of healthcare in order for patients to choose providers, make informed decisions and most importantly, keep their medical information secure and private.
What can you do to protect your medical data?
Don’t provide your social security number on the forms at the doctor’s office and hospital. Just leave it Blank. If they insist on you providing your SS#, you can find another doctor or hospital or Only put down the last four digits. Often they claim it is required, but this is not the case as the doctors and hospitals only want your SS# in the event you do not pay your bill and the SS# makes debt collection easier. Medicare and your health insurance company do require your Social Security number S#. If they ask for your driver’s license for ID, give them another form of photo ID with less detailed information on it if they insist.
Remember next time you are asked for more information at the doctor’s office, be careful what you provide as you may be aiding in a cyber hacker’s car payment.
Connected World:  http://bit.ly/1GHhR4W

« Instilling a Culture of Cyber Security
Dark Web Drug Dealers Specialised in ‘party packs’ »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IoT Security Foundation (IoTSF)

IoT Security Foundation (IoTSF)

IoTSF is a collaborative, non-profit organisation with a mission to raise the quality and drive pervasive security in the Internet of Things.

Oxford BioChronometrics

Oxford BioChronometrics

By building profiles based on electronically Defined Natural Attributes, or e-DNA, Oxford BioChronometrics protects digital networks, communities, individuals and other online assets from fraud.

H3C Group

H3C Group

H3C provides a full range of Computer, Storage, Networking and Security solutions.

Balbix

Balbix

Balbix BreachControl™ is the industry’s first system to leverage specialized AI to provide comprehensive and continuous predictive assessment of breach risk.

Randori

Randori

Randori is an attack platform that provides "red-teaming" as a service - basically, staging simulated hack attacks to test for vulnerabilities and gaps in the security response.

ZeroNorth

ZeroNorth

ZeroNorth provides a new approach to improve software and infrastructure security, simplify continuous compliance reporting and to create more cost-effective risk management programs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Thrive

Thrive

Thrive delivers the experience, resources, and expertise needed to create a comprehensive cyber security plan that covers your vital data, SaaS applications, end users, and critical infrastructure.

Privacyware

Privacyware

Privacyware's ThreatSentry combines a state-of-the-art Web Application Firewall and port-level firewall with advanced behavioral filtering to block unwanted IIS traffic and web application threats.

Sentor Managed Security Services

Sentor Managed Security Services

Sentor Managed Security Services is a cybersecurity company that enables organizations to exist in a digitally connected world.

ZARIOT

ZARIOT

ZARIOT's mission is to restore order to what is becoming connected chaos in IoT by bringing unrivalled security, control and quality of service.

Toka Group

Toka Group

Toka empowers government agencies with critical and previously out-of-reach digital forensics, force protection and Intelligence capabilities, tackling the fields' most pressing challenges.

Cloud Seguro

Cloud Seguro

Cloud Seguro are leaders in the development of cloud solutions, Ethical Hacking, Privacy and Information Security.

ID North

ID North

ID North is a Nordic service provider offering identity security to its customers by providing world class expertise and best-in-class solutions and services.

Port443

Port443

Port443 specialises in providing Security Orchestration, Automation and Remediation (SOAR) "as a service".

Rapifuzz

Rapifuzz

At Rapifuzz, our goal is to help organizations test and secure their APIs enabling trust, innovation and Seamless Secured Digital Experiences.

Surf Security

Surf Security

SURF Security has transformed the browser into your strongest security asset while providing complete end-user privacy – all with full compliance.