In August, Chinese hackers had penetrated the computer network of one of the United States’ largest hospital operators, resulting in nearly five million personal health information of patients divulged to malicious actors in the black market.
Ponemon Institute recently released a report that indicated cyber attacks on healthcare organizations increased from 20 percent in 2009 to 40 percent in 2013. As to why cyber criminals keep on targeting the healthcare industry in the United States lies in the total worth of this market: $3 trillion. That means a patient’s medical information has a value 10 times higher than that of the credit card as far as transaction in the black market goes.
Another reason why it is always easy for attackers to target the healthcare industry is the lack of modern security software protecting their computer systems. Their networks still run old anti-malware features that are no longer capable of coping with modern and advanced threats. And the ease with which large volumes of data from health repository can be sold in the black market is an added attraction.
In most cases the data stolen are names, policy numbers, billing address, and birth dates. Why would attackers be interested in these pieces of information? These data are used to make fake identifications that malicious actors utilize in order to purchase medical equipment and medicines while increasing the billing for the victim patient. Those data can also be combined with a fake provider number and file false claims with the insurance provider.
It has also been hard to healthcare organizations to detect medical identity theft, thus these unfortunate events can go on for months or years before proper actions are taken such as canceling a credit card for fraudulent transactions. On the part of consumers, they are only able to learn of the breach once their medical ID is found to be involved in a series of fraudulent transactions, and months later they would just be surprised to receive huge billing costs even when they had not purchased medical services.
Part of the driving factor for the increase in the theft of healthcare data is the transition to electronic medical records by most healthcare providers in the United States. Although it is a mandatory requirement for healthcare and insurance providers to disclose cases of data breaches, but there currently are no regulatory laws that impose criminal charges against those who would not be able to comply with it.
Most operating systems involved in poor computer networks are old Windows systems.