Experts Warn 2015 Could Be 'Year of the Healthcare Hack'

Advertisement
By Reuters | Updated: 12 February 2015 17:13 IST
Security experts are warning healthcare and insurance companies that 2015 will be the "Year of the Healthcare Hack," as cybercriminals are increasingly attracted to troves of personal information held by U.S. insurers and hospitals that command high prices on the underground market.

Anthem Inc, the No. 2 U.S. health insurer, last week disclosed a massive breach of its database containing nearly 80 million records, prompting investigations by state and federal authorities. That hack followed a breach last year at hospital operator Community Health Systems, which compromised some 4.5 million records.

"People feel that this will be the year of medical industry breaches," said Dave Kennedy, chief executive of TrustedSEC LLC.

Advertisement

In the past decade, cybercriminals focused their efforts on attacking banks and retailers to steal financial data including online banking credentials and payment card numbers. But as those companies boost security, using stolen credit card numbers has become more difficult.

Their prices on criminal exchanges have also dropped, prompting hackers to turn to the less-secure medical sector, just as the amount of digital healthcare data is growing dramatically, Kennedy said.

Advertisement

Stolen healthcare data can be used to fraudulently obtain medical services and prescriptions as well as to commit identity theft and other financial crimes, according to security experts. Criminals can also use stolen data to build more convincing profiles of users, boosting the success of scams.

"All of these factors are making healthcare information more attractive to criminals," said Rob Sadowski, marketing director at RSA, the security division of EMC Corp.

Advertisement

Monetizing stolen data
RSA Executive Chairman Art Coviello recently wrote in a letter to customers that he expected well-organized cybercriminals to turn their attention to stealing personal information from healthcare providers.

"A name, address, social and a medical identity ... That's incredibly easy to monetize fairly quickly," said Bob Gregg, CEO of ID Experts, which sells identity protection software and services. Identities can sell for $20 apiece, or more, he said.

Advertisement

Insurers, medical equipment makers and other companies say they have been preparing for breaches after seeing the waves of attacks on other industries.

Cigna Corp has looked to financial and defense companies for best practices, including hiring hackers to break into its systems, said Chief Executive David Cordani. Attempts to break into corporate systems to probe for information are a constant, he said in an interview.

St Jude Medical Inc CEO Daniel Starks said the company increased investment in cyber-security significantly over the last few years, to protect both patient data and the medical devices it manufactures.

"You may see from time to time law enforcement briefings on nation-based (intellectual property) issues, espionage," he said. "Those are things that we take very seriously and have been briefed on and that we work to guard against."

The FBI is investigating the Anthem breach alongside security experts from FireEye Inc.

The insurers UnitedHealth Group Inc and Aetna Inc have warned investors about the risks of cyber crime in their annual reports since 2011.

UnitedHealth has said the costs to eliminate or address the threats could be significant and that remediation may not be successful, resulting in lost customers.

In response to the Anthem attack, UnitedHealth spokesman Tyler Mason said in an emailed statement: "We are in close contact with our peers in ... the industry cyber-security organization, and are monitoring our systems and the situation closely."

Aetna has cited the automated attempts to gain access to public-facing networks, denial of service attacks that seek to disrupt websites, attempted virus infections, phishing and efforts to infect websites with malicious content.

Aetna spokeswoman Cynthia Michener said in a statement: "We closely follow the technical details of every breach that's reported to look for opportunities to continually improve our own IT security program and the health sector's information protection practices broadly."

© Thomson Reuters 2015

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Tecno's Camon 50 Ultra 5G Will Arrive in India on This Date via Amazon
  2. Apple Reviews iPhone 17 Demand as Costs Rise Due to Memory Shortage: Report
  3. Sony IER-M500 In-Ear Monitors Launched With 5mm Driver, Hi-Res Audio
  4. OTT Releases This Week: Peddi, Ikka, Balti, Dose, The Westies, and More
  5. Motorola Edge 70 Max to Launch in India On This Day
  6. Asus Expands AI PC Lineup in India With Refreshes Vivobook 14, Vivobook 15
  1. Tecno Camon 50 Ultra 5G India Launch Date Announced; Colourways and Amazon Availability Confirmed
  2. Apple Reportedly Reviews iPhone 17 Demand as Costs Rise Amid Ongoing Memory Shortage
  3. Interpol Traces $122 Million Crypto Wallet Connected to Romance Scam Network
  4. Hong Kong's Securities and Futures Commission Tightens Anti-Phishing Standards for Crypto Platforms
  5. Itel Zeno 100 Pro India Launch Date Announced as Company Teases Zeno 100 Lite Arrival, Key Features
  6. Sony RX10 V Compact Camera Launched With 20.1-Megapixel Sensor, 4K 120fps Video Recording and 25x Optical Zoom
  7. Motorola Edge 70 Max India Launch Date Announced; Design, Key Features Revealed
  8. Asus Vivobook 14, Vivobook 15 Refreshed With Intel Core Series 3 Processors: Price, Availability
  9. Call of Duty: Black Ops and Black Ops 2 Ports Released on PS4 and PS5
  10. Samsung Galaxy Z Fold 8, Z Fold 8 Ultra Prices Surface Ahead of Unpacked Launch Event
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.