Why Hackers Want Health Care Data Most Of All

Who can forget some of the biggest cyber security breaches of our time?

During the holiday season of 2013, criminal hackers potentially gained access to 40 million Target customer credit cards.

Sony has suffered not one, but two major cybersecurity breaches where hackers erased data from systems, stole pre-release movies, and compromised people’s private information.

Even the IRS has had its share of problems with security, where stolen information was used to file fraudulent tax returns and collect more than $50 million in refunds before the problem was spotted.

Identity theft and stolen credit card information are something at the forefront of many people’s minds. It’s reported on so frequently, it’s become a natural place for worry. But increasingly there is a new focus for cybercriminals, and they can do far more damage with what they find.

Buried deep inside health records is a wealth of information. Names, date of birth, Social Security numbers, mailing addresses, telephone numbers, member identification numbers, financial account information, even claims information are available and waiting for potential hackers. And while financial data becomes worthless the second a customer realizes fraud has occurred and cancels a card or closes an account, health care records have a much longer life.

Social security numbers are not easily cancelled. Medical and prescription records are permanent. Which means it is growing into one of the largest markets for potential fraud. And it’s already happening.

Excellus has stated as many as 10 million records have been compromised during a recent attack. Over 80 million records were compromised by a recent Anthem security breach.

When criminals gain access to financial information, they typically want fast access to cash. With health records, they approach it in different ways. Most criminals are selling health care data to be used to access to free medical care. They use it to buy and sell addictive prescriptions. They use it to gain access to medical treatments they may not have been entitled to in other circumstances.

And what’s scariest of all is that criminals don’t have to act fast for potential rewards. Because medical data can’t be cancelled or changed, they merely wait until the most opportune moment to strike and use it to gain access to what they want most.

While retailers may have made the big news in the past for their security compromises, the coming years will be filled with headlines showing breached health care providers and the risks that brings to the general population. Health care providers and consumers as a whole simply are not prepared for the level of threats that are coming their way.

Are you?