While we've talked about the security of financial records and employment data in the past, today we're going to focus on another major target for cybercriminals: modern health care facilities. For many reasons, cybercriminals have homed in on health care facilities to harvest patient data and commit identity theft.
Discovering the threat of compromised health data
While there are rules and regulations mandating the secure storage of medical records, criminals often make direct efforts to take this information. Some of them succeed. This brings the necessary follow-up question: What happens next?
Protenus co-founder Robert Lord, writing for the Forbes Technology Council, recently placed medical data ahead of credit cards as an identity theft threat. He explained that criminals operate a thriving black market for medical data, encouraged by the wide range of data stored by various clinical entities. Not every health care system will own every type of information, but there are many ways to exploit the contents of:
- Insurance information may be listed, which could enable criminals to commit insurance fraud if they file illegitimate claims under a patient's identity.
- Payment data, when present, is a potential direct link between stealing a record and taking money.
- Personal medical details can be used to compromise individuals' privacy or blackmail them.
The many crimes that can be committed with stolen medical data has increased their value to as much as $100 per record when sold on the open market. Lord added that there are many ways for the private data to be stolen in the first place. For instance, if an individual who has access to medical data for work decides to become a bad actor and profit illicitly from the data, the information can be leaked quickly and without any notice.
Medical data is out there
Despite strict defensive measures in place, medical data continues to fall into the hands of criminals. According to Identity Theft Resource Center, 2016 and 2017 were especially tough on health care. Last year 374 breaches affected medical records, virtually identical to the 373 incidents in 2016 and way up from 275 in 2015. In fact, health care is the second-most breached industry, exceeded only by the general business sector.
As for the kinds of breaches that are afflicting companies today, the ITRC data places the blame squarely on intentional hacking as opposed to methods such as insider misuse, accidental exposure of records or the loss of a physical asset. With methods such as phishing remaining prominent from year to year, it's clear that criminals see a chance to undermine the security of medical records, and the results have put patient information at risk.
What can be done?
Records stolen from compromised medical providers are taken from systems maintained under strict data protection rules. Individuals who may be affected by such thefts in the future - a group encompassing just about anyone who's had medical care - can't improve the security of their health care providers. Instead, the way to protect their finances and identity information from theft and fraud is to turn attention to their own data, monitoring for irregularities and getting alerts if something is amiss.
Enroll in Identity Guard today to become better prepared for the real risk of fraud and identity theft, an important consideration in today's breach-intensive climate.