By Katie Wike, contributing writer
Security experts say this year healthcare could experience an increase in security breaches leading to stolen health information as hackers target medical records.
Hackers are turning their attention to health information, and one reason could it be that the data is worth 10-20 times that of credit card information. Stolen credit card numbers can be sold on the black market for pocket change, while in a recent case a set of Medicare ID numbers for 10 beneficiaries was sold for about $4,700.
iHealth Beat explains stolen information can’t be found just by using a search engine, but websites often offering stolen goods such as this do exist and even have a ratings system so buyers know if the seller is “legit.”
“There are a lot of sites that have this information, and it's tough to tell the health records from the financial records,” Greg Virgin, CEO of the security firm RedJack told NPR.
Experts like Virgin are warning the healthcare industry to expect more breaches in the coming year. Dave Kennedy, chief executive of TrustedSEC LLC says, “People feel that this will be the year of medical industry breaches.”
Reuters reports there a number of reasons hackers are turning from financial information to medical information. One reason is that credit card companies have increased their security and stealing credit card information is becoming harder. Healthcare companies on the other hand, “They don't have the internal cybersecurity operations,” explains Jeanie Larson, a healthcare security expert. “A lot of health care organizations that I've talked to do not encrypt data within their own networks, in their internal networks.”
Another reason healthcare is being targeted is that the prices on criminal exchanges have also dropped. Kennedy explains that this is prompting hackers to turn to the less-secure medical sector, just as the amount of digital healthcare data is growing dramatically.
Third, health information can be used for more than just financial gain. Medical records also give their users the opportunity to fraudulently obtain medical services and prescriptions. “All of these factors are making healthcare information more attractive to criminals,” said Rob Sadowski, marketing director at RSA, the security division of EMC Corp.