Cybercriminals' new target? Your medical records

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.cnbc.com/id/101535352

Could your identity be stolen at your next doctor's appointment? About 30
million Americans have had their personal health information breached or
inadvertently disclosed since 2009, according to cybersecurity company
Redspin. And that's just the number of breaches reported to the U.S.
secretary of Health and Human Services.

Cyberthieves aren't interested in medical conditions and prescriptions.
Instead, they target billing and insurance records, which house valuable
data including Social Security numbers, addresses and credit card info--all
in one place.

According to a study released this month by the Ponemon Institute,
cybercriminal attacks on health-care organizations, like hospitals and
clinics, are up 100 percent during the past three years.

The institute's first study of patient privacy and data security in 2010
found 20 percent of those surveyed had experienced a breach. In 2013, 40
percent had experienced a breach, according to the institute, a research
center on information security policy.

"A financial identity can be worth $5 to $10 if you have all the info. A
medical identity can be five to 10 times that amount just because how easy
it is to monetize that information once that bad guys get it," said Robert
Gregg, chief executive of ID Experts, a cybersecurity firm that sponsored
the Ponemon Institute survey.


Mobile device risks

More medical professionals also are accessing medical data through mobile
devices, which poses other security risks.

Forty percent of those surveyed by the Ponemon Institute said they rely
heavily on the cloud for services such as backup, storage and file sharing.
Yet, only one-third are confident or very confident that their cloud is
secure.

"Health care is substantially behind the financial services industry in
terms of protecting identities and it's particularly concerning because
these are the most vulnerable identities we're looking at," said Gregg of
ID Experts.

Protecting your medical records

If you're worried about your medical data getting breached, here are some
red flags to look out for. The following are signs your identity may have
been compromised, according to Federal Trade Commission:

- Bill for medical services you didn't receive
- Call from a debt collector about a medical debt you don't owe
- Medical collection notices on your credit report that you don't recognize
- Notice from your health plan saying you reached your benefit limit
- Denial of insurance because your medical records show a condition you
don't have

If you notice these or any other suspicious signs, contact your health
insurance provider for your medical records. After careful review, report
any errors to your insurance company. You should also report the fraud to
the three credit reporting agencies, Equifax, Experian and TransUnion.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!