Health Industry Needs Urgent Cyber Surgery

Uploaded on 2015-06-15 in FREE TO VIEW, BUSINESS-Services-Health & Welfare

SHORT-TERM-HEALTH-INSURANCE-resized.png

Cyber hackers have taken their vitamins and are aiming at the healthcare sector in 2015. Anthem recently reported a breach where hackers accessed close to 80 million records (roughly 25% of Americans). Now we are learning the details of the recent Premera Blue Cross hack in which 11 million patients’ data has been compromised. 
This hack is especially alarming in that the hackers gained access to insurance claim data, banking account numbers, clinical information, and even valuable diagnostic codes. Social Security Numbers, birth dates, and other patient identifiers were also compromised. The attack reportedly began back in May of 2014 and is the worst breach to date involving patient medical information. Even though the Anthem hack had a much larger number of medical records compromised, the hackers did not gain access to medical information as with the Premera hack, which was only uncovered recently on Jan. 29, 2015
You might wonder why are hackers so interested in medical records?
If you lurk around in the dark Web, you will quickly learn medical records are highly valuable and often used for insurance fraud scams, which is extremely lucrative. There are so many stolen credit cards available for purchase in the dark Web, and are currently selling for about one dollar per card. Contrast this with the average stolen health credentials fetching up to ten times that and you quickly see the value to cyber thieves and hackers.
What is in a typical medical record that the cyber thieves want?
First, there are great details about an individual’s life—details that some people will not share on social networks. Once a hacker has captured this compromised information, they may effectively use it to access a victim’s bank account information, modify and file a tax return, or even apply for a loan in their name. Hackers often will use medical policy numbers to file false medical claims and attempt to collect a payout and utilize the diagnostic codes. Some of these hackers will even access prescriptions for painkillers to sell illegally. When hackers have detailed family member names, addresses, and birthdays, they can easily socially engineer a situation in which they sound credible. Having access to medical data also allows for effective targeted email phishing attacks where convincing attachments lure unsuspecting individuals to click and reveal further data such as usernames and passwords.
Hackers are lazy and opt for the easy targets.
The credit card companies have invested heavily into advanced fraud detection because of so many compromised credit cards in 2014. Consumers are also beginning to learn the importance and being trained to regularly check their credit card statements for any suspicious activity. The healthcare industry continues to concentrate on patients’ health and not on patients’ security. Security will have to become another metric of healthcare in order for patients to choose providers, make informed decisions and most importantly, keep their medical information secure and private.
What can you do to protect your medical data?
Don’t provide your social security number on the forms at the doctor’s office and hospital. Just leave it Blank. If they insist on you providing your SS#, you can find another doctor or hospital or Only put down the last four digits. Often they claim it is required, but this is not the case as the doctors and hospitals only want your SS# in the event you do not pay your bill and the SS# makes debt collection easier. Medicare and your health insurance company do require your Social Security number S#. If they ask for your driver’s license for ID, give them another form of photo ID with less detailed information on it if they insist.
Remember next time you are asked for more information at the doctor’s office, be careful what you provide as you may be aiding in a cyber hacker’s car payment.
Connected World:  http://bit.ly/1GHhR4W

« Instilling a Culture of Cyber Security
Dark Web Drug Dealers Specialised in ‘party packs’ »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium was created to encourage use-inspired research, training and technology awareness in cybersecurity.

OpenSphere

OpenSphere

OpenSphere is an IT company providing security consultancy, information system risk management and security management services.

Rogue Wave Software

Rogue Wave Software

At Rogue Wave, our mission is to simplify your hardest problems, improve software quality and security, and shorten the time it takes to deliver value.

SAS Institute

SAS Institute

SAS is a leader in business analytics software and services providing solutions for a wide range of critical business areas including risk management, compliance and fraud prevention.

Garrison Technology

Garrison Technology

Garrison SAVI® is a unique technology for secure remote browsing that can dramatically change the risk profile for enterprise cyber security.

Secure Soft

Secure Soft

Secure Soft are experts in Computer and Information Security with a presence in Peru, Colombia and Ecuador.

Lexsynergy

Lexsynergy

Lexsynergy is a global domain name management and online brand protection company.

Axxum Technologies

Axxum Technologies

Axxum Technologies is a premier provider of Network Communications and Information Technology Security Solutions.

SIRP Labs

SIRP Labs

SIRP is a Risk-based Security Orchestration, Automation and Response (SOAR) platform that fuses essential cybersecurity information to enable a unified cyber response.

Prism Infosec

Prism Infosec

Prism Infosec is an award-winning independent cyber security consultancy, CREST STAR, NCSC CHECK member, CAA ASSURE audit provider and PCI Qualified Security Assessor.

Etisalat and (e&)

Etisalat and (e&)

Etisalat Group is one of the world’s leading telecom groups in emerging markets.

GM Sectec

GM Sectec

GM Sectec is the world's largest independent Cyber Defense and Fraud Prevention firm laser focused on payment security.

Lavabit

Lavabit

Lavabit's Dark Internet Mail Environment is a secure, open-source, secure end-to-end communications platform for asynchronous messaging across the internet.

Vali Cyber

Vali Cyber

Vali Cyber was founded in 2020 with the mission of addressing the specific cybersecurity needs of Linux.

Intelequia

Intelequia

Intelequia SOC is the Security Operations Center your company needs. 24x7 monitoring, protection and automated response to cyber threats.

Razilio

Razilio

Razilio is a boutique cybersecurity consultancy located in Sydney, Australia and serving the world.