The recent cyber attacks on Anthem and most recently Premera Blue Cross, a health insurance company, are clear indications of what hackers are up to at present: your health care data.
Health care firms such as the service providers and insurance companies, which basically have a rich enclave of health care information, are increasingly becoming the major target of cyber attackers. The reason for this perhaps lies in the fact that the personal information associated with health care records cost princely sums in underground markets.
Premera Blue Cross recently reported that some 11 million customers had their personal data, including medical claims information, compromised following a hack on the company’s IT system. This came hot on the heels of the same, if wider, attack on Anthem that exposed the personal data of more than 78 million clients and employees.
The scale of attack is breathtaking, although nothing new. In recent years, attackers have been turning their focus to the medical records of thousands to millions of individuals, turning them into cash. In most cases, these health care records are used to circumvent corporate antifraud regulations. In other cases, attackers use the vast amount of data to apply for credits.
The types of information contained in those medical records vary from email addresses, Social Security numbers (which could cost up to a hundred dollars), telephone numbers, member identification numbers, postal addresses and birth dates. Each of these data comes from different sectors, and thus they have different values attributed to them by hackers. For instance, attackers consider credit card numbers cheaper than Social Security numbers because these data are easy to replace than Social Security.
Another reason why attackers are shifting to medical records is that they are no longer able to cash in on credit card and Social Security numbers are profitably as before since regulators have found a way to easily remedy the situation once these pieces of information are stolen.
What the health care companies need to do is upgrade their security infrastructure in order to combat the rising threat landscape. At present, the healthcare industry’s cybersecurity posture is less secure compared to those of the financial sector, which explains why even large health insurance firms such as Anthem and Premera Blue Cross remain susceptible to attacks.
The attacks on Anthem and Premera Blue Cross are yet again linked to the Chinese government. Security researchers concluded that the method of attacks suggests that it has been perpetrated by Deep Panda, which is associated with China.