Quick HITs: Health data’s allure to hackers
It’s a mantra security experts and reporters repeat so frequently that it’s a given, a fact-by-repetition, a subjective opinion so true it can’t be false: Hackers love health data because it’s worth so much more than financial data.
But why? Can you really explain why? Yes, some underserved individual patients so desperate for treatment (or, perhaps, access to controlled substances) might look for opportunities to steal data and impersonate someone with health insurance. That happens. But what motivates organized syndicates – some sponsored by foreign governments – to steal health data on the scale of millions or even tens of millions of large payer or provider customers?
In an article at InfoWorld this week, senior writer Fahmida Y. Rashid gives some strong rationales for why bad actors on the Internet are coming after your (or your parents’ or your children’s) health records:
- Longer shelf life: Credit card data changes when hacks are detected, and Rashid reports, it’s abundant on the black market. Health data, on the other hand, is sticky. You don’t change your genetic makeup or health history just because you’re hacked.
- It’s richer: Stealing someone’s password or credit card number offers some of the jigsaw puzzle pieces needed for identity theft. Health data, on the other hand, offers many more details to commit that crime.
- Narcotics access: A credit card number can’t be used to acquire a narcotics prescription. Posing as the chronic pain patient with a standing OxyContin script can.
- Intel for spying: Perhaps the most interesting of Rashid’s points was this: “It makes sense that governments would be interested in getting their hands on this data because it can be useful for building dossiers that reflect a deeper understanding of the target population. Medical and insurance records provide insights about where people live, what medical treatments they had, who their family members are, and who they work for.”
Couple stolen government-employee medical data with the recent U.S. Office of Personnel Management data breach, she continues, and then you get a shot at infiltrating the federal government – all the better that you can identify who possesses the highest security clearances.
This is the time for healthcare to get its data security act together. While retail hacks and corporate victims like Target might have exposed weaknesses in their own network security, it’s not the same. In healthcare, the stakes are higher, and the victims are patients – who often have their hands full recovering from an illness or recurring chronic condition.
“Quick HITs” analyzes a recent feature or ongoing news item the MSLGROUP healthcare IT team is following. Are you getting into the right conversations? Contact Doug Russell at 781-684-0770 or firstname.lastname@example.org for more information. Image courtesy of Justin Grimes at Flickr.