What Do Hackers Do With Stolen Healthcare Data

October 4, 2016 CyberCecurity Leave a comment

Why do hackers steal medical and health insurance information and what do they do with it? Why does your personal health information sell for 25 to 50 times what credit card information sells for?

The first answer? Your credit card information is typically toast within 30 days of the first use, sometimes sooner. And of course, credit cards expire on their own, even if the owner doesn’t suspect fraud. What this means is that the useful life of a stolen credit card is relatively short.

On the other hand, healthcare information is likely useful for years. After all, your blood type doesn’t change very often! For many people, your health insurance policy probably only changes when you change jobs.

What do they do with your information? One thing is to apply for durable medical equipment, home health care or hospice care – services that are never delivered but which are billed to the insurance company and paid to cooperating medical practices and ultimately, the hackers.

Another use is to provide medical care to people who don’t have insurance. When that happens, the healthcare record of the person who’s identity was used to pay for the treatment and the person who was treated are inextricably merged. The only way the person who’s medical identity was stolen would ever know about it would be if they saw the insurance explanation or if they went to the doctor and now they had a different blood type.

Unlike credit cards, there is no central repository for all your healthcare information. No requirement for everyone to report information to that central repository. There are efforts to build central medical information databases, but there is nothing like Experian. This makes it even more difficult for people to find out about fraudulent usage.

And since the healthcare information is good for a long time, the hackers can wait until the useless but free credit monitoring service that companies offer after a breach expires. Then they might even be able to use that information to mess with people’s credit.

On top of this, it is often the case that the health care provider doesn’t even know that they have been hacked. After all, they still have all the information – and so does the hacker.

All in all, this favors the attacker. In fact, the healthcare industry is operating at a serious disadvantage. For decades, healthcare information was stored in paper files in your doctor’s office. A hacker had to be in the same city and break into your doctor’s office to steal them. Now they can be half way around the globe. It is way easier for the hacker. And healthcare providers, operating on shrinking margins and in new territory are losing the battle.

And who pays for this – you do – in higher insurance rates, healthcare fraud and problems caused by all of that. Score one for the hackers.

Information for this post came from Health Data Management.