What industry gets its data hacked more than any other?
Banks and credit card companies? Nope.
Government? Nope.
Big movie studios, like Sony? Wrong again.
“Healthcare is by far the largest sector of where data breaches are occurring.”
That explanation comes from Mike Bruemmer. He’s with Experian, the credit report guys. They also have a whole wing of their operation dedicated to consumer protection, where Bruemmer’s a VP.
According to the identity theft resource center, in 2014, 43% of the major
data breaches were from the health care industry. A recent example: the hack of Partners Healthcare, where information about as many as 3,300 of their patients was stolen.
But why?
It’s pretty obvious why someone would steal your credit card number, or the login and password for your bank account.
But what does a hacker do with your medical information?
Turns out, they can do a lot.
First, consider who is doing the hacking, says Al Paquale, director of fraud security at Javelin, a research-based consulting firm.
In recent months, millions of medical records have been stolen from big-time healthcare providers including Blue Cross, Anthem, and Community Health.
“So,” says Pasquale, “there was a lot of concern that that meant that all those identities were at risk, but what we found with those breaches is that they actually were conducted, or believed to be conducted, by China state services.”
Not to commit fraud, but to steal information as they build their own healthcare system. But not all healthcare hacks are acts of cyber-espionage. Indeed, good old-fashioned fraud does still drive a lot of it. And these days, on the Internet black market, your medical records are worth way more than your credit card.
Well to really put it in perspective, when you can go online and buy a name, address and a card number for $5 at the most basic level. For a full medical identity, that’s about $50.
One reason for this is the permanence of the info. You can change your bank login with a few keystrokes. But your social security number? Your 35 years as a non-smoker with a bill of clean health? Not so much. Sometimes your medical identity is sold whole cloth. And Broemmer notes, there are buyers for that.
People that have a preexisting condition that couldn’t otherwise get coverage unless they use someone else’s identity or someone who has no insurance cover so they steal someone else’s identity to get medical coverage.
But, increasingly, medical records are also being stored, and used in concert with data from other hacks, to create something called “synthetic identities.”
So it might be my social security number with your name, address and zip code, but someone else’s credit card information and a third person’s insurance ID card. All of those pieces being valid but combined into one unique individual.
Scary stuff. Add to that the fact that last year, there were twice as many records stolen as the year before and you might be ready to hit the panic button. But not so fast, says Pasquale. Even though breaches are on the rise, fraud is actually on the decline. In 2013, if you got a breach notification, there was a 1 in 3 chance that you’d also be a victim of fraud.
“In 2014, that dropped from basically 30.5% to - I think - around 14% percent, so it was a huge decline.”
That’s thanks to increasingly aggressive post-breach responses. Financial institutions now quickly and liberally replace cards, and state officials have pressed companies to offer immediate identity protection in the wake of hacks.
There is no protection unless you take action. So if you’re offered identity theft protection, credit monitoring, identity respiration, make sure that you sign up.
Otherwise, your next trip to the doctor’s office might be taken by somebody else.
