BreachExchange mailing list archives
Why Do Hackers Want Your Health Data?
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 10 Sep 2015 19:33:41 -0600
http://www.popsci.com/why-do-hackers-want-your-health-data Yesterday, major health insurance providers Lifetime Healthcare Companies and its subsidiary BlueCross BlueShield announced that they had been hacked, affecting a total of 10.5 million patients. These aren’t the first healthcare companies to be hacked this year, and they certainly won’t be the last; though data breaches have become an unfortunate reality for many companies, health information is especially at risk. Healthcare data is the cash cow of the hacker world. A hacker will get $10 on the black market for each individual healthcare profile, 10 or 20 times the amount they would receive for credit card information, according to a report from Reuters published last year. Learning a patient’s medications and diagnoses means that a hacker can order expensive drugs or equipment and resell them, or file made-up claims with insurance companies and get money in return. They can even commit medical identity theft to seek free medical care for themselves. And unlike credit card companies, healthcare providers don’t usually vigilantly monitor this activity, so hackers can continue to reap benefits from the same data for years. As a result, healthcare companies and hospitals find themselves under constant digital assault, and it’s costing them a total of $6 billion per year, Bloomberg reports. The companies find themselves ill prepared to ward off these attacks—81 percent of healthcare organizations have been subject to attacks in the past two years, according to a survey published last month by tax audit company KPMG. Earlier this year, healthcare providers were required to switch over to electronic medical records, making more patients vulnerable to attacks than ever. Hospitals and insurance companies are slowly beefing up their digital security, aided by organizations like the FBI, but the process is slow. In response to this most recent attack, Christopher Booth, the CEO of Lifetime Healthcare (the parent company of Excellus BlueCross BlueShield) says that his organization has, “already taken aggressive steps to remediate our IT system of issues raised by this cyberattack,” by hiring a digital security firm to evaluate its current setup, according to a press release. Apparently, preventing digital attack can only go so far—healthcare providers seem to only be increasing their security measures once a breach has already happened. Both BlueCross BlueShield and Lifetime Healthcare Companies have begun notifying patients of the security breach and will offer free identity theft protection and credit monitoring services to those affected.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Why Do Hackers Want Your Health Data? Audrey McNeil (Sep 11)