Did you know your medical information is worth 10 times more than your credit card number on the black market?
Last year nearly 1.6 million people had their medical information stolen from healthcare providers, according to the U.S. Department of Health and Human Services Office for Civil Rights. Unlike credit card identity theft, where the card provider generally has a legal responsibility for account holders’ losses above $50, victims of medical identity theft often have no automatic right to recover their losses.
Also increasing the value of medical data is the fact that medical identity theft is often not immediately identified by a patient or their provider, giving criminals years to milk such credentials. Credit card fraud is usually noticed sooner by consumers, and the cards can be quickly canceled by banks once fraud is detected.
Stolen health credentials can go for $10 each, about 10 or 20 times the value of a U.S. credit card number, according to Don Jackson, director of threat intelligence at PhishLabs, a cyber crime protection company. He obtained the data by monitoring underground exchanges where hackers sell the information.
Cyberattacks costing US Healthcare Industry
Security experts say cyber criminals are increasingly targeting the $3 trillion U.S. healthcare industry, which has many companies still reliant on aging computer systems that do not use the latest security features.
Accenture estimates that one in 13 patients – roughly 25 million people – will have personal information, such as social security or financial records, stolen from technology systems over the next five years.
“What most health systems don’t realize is that many patients will suffer personal financial loss as a result of cyberattacks on medical information,” said Kaveh Safavi, M.D., J.D., managing director of Accenture’s global healthcare business. “If healthcare providers are complacent to safeguarding personal information, they’ll risk losing substantial revenues and patients as a result of medical identity theft.”
One in Six will be Affected
Accenture projects that of the patients likely to be affected by healthcare-provider data breaches over the next five years, 25 percent of patients – or 6 million people – will subsequently become victims of medical identity theft. One in six (16 percent) of the affected patients – or 4 million people – will be victimized and pay out-of-pocket costs totaling almost $56 billion over the same time period.
Addressing cybersecurity proactively can improve a provider’s ability to thwart attacks by an average of 53 percent, Accenture research shows. Yet, according to the Accenture report, there is a significant gap in how well prepared they are to deal with such inevitabilities. “In the end, when a breach occurs, the goal is not to say ‘what is our plan,’ but, ‘how is our plan working?’” Safavi said.
According to a Reuter’s article on the issue last year, the FBI warned healthcare providers to guard against cyber attacks after one of the largest U.S. hospital operators, Community Health Systems Inc, said Chinese hackers had broken into its computer network and stolen the personal information of 4.5 million patients.
UCLA Health System Attacked
This summer hackers obtained access to parts of the UCLA Health network that contained personal and medical information for its system. While there was no indication that any information was stolen, the hospital system said, it couldn’t rule that out.
UCLA said they are working with the FBI and have hired private experts to help secure information on its servers.
There is no word on who performed the attack, but investigators believe it was a highly sophisticated offshore group.
The percentage of healthcare organizations that have reported a criminal cyber attack has risen to 40 percent in 2013 from 20 percent in 2009, according to an annual survey by the Ponemon Institute think tank on data protection policy.
Founder Larry Ponemon, who is privy to details of attacks on healthcare firms that have not been made public, said he has seen an increase this year in both the number of cyber attacks and number of records stolen in those breaches.
The data hackers can sell includes names, birth dates, policy numbers, diagnosis codes and billing information. Fraudsters use this data to create fake IDs to buy medical equipment or drugs that can be resold, or they combine a patient number with a false provider number and file made-up claims with insurers, according to experts who have investigated cyber attacks on healthcare organizations.
MedCareerNews provides information about the medical field that will affect your career options, advice about moving your career forward, quizzes and more! Subscribe on the website today or follow Med Career News on Facebook, Twitter, Linked In or Google Plus. You can also get medical career targeted help with your cover letter, resume and sales plans at 306090 Medical Sales. For more leading healthcare news and career advice subscribe to our blog for free.