Medical

On Alert for Identity Theft Committed Via Medical Data

Back to News & Insights

Health care data is an exciting target for hackers today because of its versatile criminal uses.

When people or companies lose control of their data, the threat of identity theft can increase. Not all compromised personal data is stolen from digital lockboxes. Some of it is plucked from insecure locations or accidentally handed over to bad actors while passing between good ones.

While we’ve talked about the security of financial records and employment data in the past, today we’re going to focus on another major target for cybercriminals: modern health care facilities. For many reasons, cybercriminals have homed in on health care facilities to harvest patient data and commit identity theft.

Discovering the threat of compromised health data

While there are rules and regulations mandating the secure storage of medical records, criminals often make direct efforts to take this information. Some of them succeed. This brings the necessary follow-up question: What happens next?

Protenus co-founder Robert Lord, writing for the Forbes Technology Council, recently placed medical data ahead of credit cards as an identity theft threat. He explained that criminals operate a thriving black market for medical data, encouraged by the wide range of data stored by various clinical entities. Not every health care system will own every type of information, but there are many ways to exploit the contents of:

  • Insurance information may be listed, which could enable criminals to commit insurance fraud if they file illegitimate claims under a patient’s identity.
  • Payment data, when present, is a potential direct link between stealing a record and taking money.
  • Personal medical details can be used to compromise individuals’ privacy or blackmail them.

The many crimes that can be committed with stolen medical data has increased their value to as much as $100 per record when sold on the open market. Lord added that there are many ways for the private data to be stolen in the first place. For instance, if an individual who has access to medical data for work decides to become a bad actor and profit illicitly from the data, the information can be leaked quickly and without any notice.

Medical data is out there

Despite strict defensive measures in place, medical data continues to fall into the hands of criminals. According to Identity Theft Resource Center, 2016 and 2017 were especially tough on health care. Last year 374 breaches affected medical records, virtually identical to the 373 incidents in 2016 and way up from 275 in 2015. In fact, health care is the second-most breached industry, exceeded only by the general business sector.

As for the kinds of breaches that are afflicting companies today, the ITRC data places the blame squarely on intentional hacking as opposed to methods such as insider misuse, accidental exposure of records or the loss of a physical asset. With methods such as phishing remaining prominent from year to year, it’s clear that criminals see a chance to undermine the security of medical records, and the results have put patient information at risk.

What can be done?

Records stolen from compromised medical providers are taken from systems maintained under strict data protection rules. Individuals who may be affected by such thefts in the future – a group encompassing just about anyone who’s had medical care – can’t improve the security of their health care providers. Instead, the way to protect their finances and identity information from theft and fraud is to turn attention to their own data, monitoring for irregularities and getting alerts if something is amiss.

Enroll in Identity Guard today to become better prepared for the real risk of fraud and identity theft, an important consideration in today’s breach-intensive climate.

1 "2018 Identity Fraud: Fraud Enters a New Era of Complexity," Javelin Strategy & Research, 2018
2 ath Power Consulting, February 2018
3 "2017 Child Identity Fraud Study," Javelin Strategy and Research, 2017
** Identity Theft Insurance underwritten by insurance company subsidiaries or affiliates of American International Group‚ Inc. The description herein is a summary and intended for informational purposes only and does not include all terms‚ conditions and exclusions of the policies described. Please refer to the actual policies for terms‚ conditions‚ and exclusions of coverage. Coverage may not be available in all jurisdictions.
If you do not cancel your membership within the free trial period, your card will be charged either a monthly or annual fee, depending on the membership plan you choose. You may cancel your membership anytime simply by contacting us.
No one can prevent all identity theft.
INTERSECTIONS‚ IDENTITY GUARD‚ PRIVACY NOW AND ASSOCIATED DESIGNS ARE TRADEMARKS OR FEDERALLY REGISTERED TRADEMARKS OF INTERSECTIONS INC IBM WATSON IS A TRADEMARK OF INTERNATIONAL BUSINESS MACHINES CORPORATION, REGISTERED IN MANY JURISDICTIONS WORLDWIDE.