Healthcare firms

 Healthcare firms are paying $6 billion per annum due to a rise in cyber attacks.   Doctors and hospitals are being attacked.  Organised criminals want medical records. They originally targeted retailers and financial firms.

91 percent of the healthcare organisations surveyed had one data breach during the past two years.  39 Percent experienced two to five breaches and 40 percent had more than five. Organised criminal gangs from Eastern Europe, Russia, China and Iran are trying to steal valuable information about medical insurance clients.

Criminal attacks against healthcare firms have more than doubled in the past five years  The average data breach is costing a hospital $2.1 million This is according to a study from the Ponemon Institute, a security research and consulting firm. Nearly 90 percent of healthcare providers were hit by breaches in the past two years. Half of them criminal in nature.

Intrusions have increased health awareness. An example is one exposing millions of consumers at healthcare firms Anthem Inc and hospital operator community Health Systems Inc.   Most of their peers are still unprepared for sophisticated data attacks. A Ponemon study survey found that nearly two thirds of healthcare providers and their business affiliates do not offer any protection services for patients whose information is stolen.

Medical identity theft victims spend an average of $13,500 to restore their credit. Furthermore to reimburse their healthcare provider for fraudulent claims.  In addition they have to correct inaccuracies in their health records.

Apparently  healthcare firms are being hunted and hacked by the elite financial criminal syndicates.  They had been targeting large financial institutions until they realised healthcare databases are more valuable .

Medical records, which often contain social security numbers, insurance IDs, addresses and medical bill details, sell for as much as 20 times the price of a stolen credit card number. Medical identity theft could actually kill you. For example, if an imposter uses your medical identity to have surgery done, their personal information such as blood type or allergies to medications could wind up in your medical file. You might never know that your file had been contaminated this way.

Thieves can use that information to take out a loan or open up a line of credit in the victim’s name.  Also for medical identity theft, where the victim’s insurance ID is used by an impostor seeking free medical care.

About half of healthcare organisations surveyed by Ponemon Institute said they do not have sufficient technology to prevent or quickly detect a breach, or the personnel with the necessary technical expertise.

Last year, health records on 88.4 million people were breached as a result of theft or hacking.  That is about twice as many as in 2010, according to a database kept by the Department of Health and Human Services.  The departent requires organisations to report breaches involving more than 500 patients.

The numbers this year are already in excess of last year.   Hackers accessed almost 80 million records from Anthem and 11 million from the health insurer Premera Blue Cross.

Data is resold on private forums that specialise in selling stolen credit cards or social security numbers.  On the dark web, users identities are hidden and transactions are in Bitcoins. Thieves sell thousands of records containing information on people who have been diagnosed with HIV or have liver damage from alcohol use.

1. Experienced hackers will use your base password to crack your other passwords. They know you are lazy and in fact are depending on it. A password manager provides you with strong, unique passwords for all of your accounts and keeps them in a secure encrypted vault on your own device.

2. Do not recycle user IDs and passwords.

3. Do not confirm or provide personal information in response to an email or text and do not click on links in unexpected messages.

4. Review credit card as well as bank statements often to see if there are charges that you do not recognise.

5. Check your credit reports every few months to find out if someone has opened credit in your name.

6. Use two factor authentication. This is an extra layer of protection beyond your password. First you enter your username and password as usual, then a code is sent to your phone via text, voice call or mobile app. Only after you enter that code will you be allowed to access your account.