The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Cybercriminals Target Health Care Organizations for Patient Medical Data

Posted By on Oct 20, 2014

The value of patient’s confidential medical data has risen to ten times that of credit card numbers on the black market according to recent Reuters reports. Medical data can be used by cyber criminals to fraudulently obtain products and services – as with credit cards – although medical data theft has the advantage of being harder to detect than other cyber crime activities such as credit card phishing.

Hackers are now targeting health organizations in an attempt to obtain confidential patient data and other personally identifiable information from their websites, databases and internal computer systems. The threat of attack has prompted the FBI to issue warnings to a wide range of organizations in the health care sector alerting them to the risk of cyber theft of data.

The warning was issued following the theft of 4.5 million patients’ data by a group of hackers in an attack on Community Health Systems. The theft ranks as the biggest HIPAA data breach by hackers and the second largest data breach in history. In this case the data obtained was non-medical in nature, although it is still being sold on by cyber criminals.

The FBI warning states that the agency “has observed malicious actors targeting health care-related systems, perhaps for the purpose of obtaining protected health care information and/or personally identifiable information.”

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Credit card details can be sold on for $1-2$ a number, while medical data with identifiable patient information has a value in excess of $10, making it highly attractive to thieves. The data can be used to create false identities and obtain medical prescriptions for the thieves to sell on the black market.

With information such as a billing address, date of birth, insurance policy number and diagnosis codes, thieves can purchase medical equipment and make false insurance claims by using real patient numbers with false provider numbers.

Reuters reports that one of the main problems for law enforcement officers is the difficulty in identifying the cybercriminals activities quickly. Claims are made, medical equipment and drugs obtained and it is only when the bills go unpaid and the bailiffs are sent in that the victim becomes aware of the fraud.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist