By Caroline Humer and Jim Finkle
Reuters

Your medical information is worth 10 x over your debit card number over the illegal hacking community.

Last month, the FBI warned healthcare providers to safeguard against cyber attacks after one of the largest U.S. hospital operators, Community Health Systems Inc, said Chinese hackers had burgled its computer network and stolen the personal information of 4.5 million patients.

Security experts say cyber criminals are increasingly individuals $3 trillion U.S. health care industry, containing many companies still reliant on aging pc\’s that don\’t makes use of the latest safety measures.

“As attackers discover new strategies to generate income, the healthcare industry is becoming a substantially riper target a result of the capability sell large batches of personal data for profit,” said Dave Kennedy, an experienced on healthcare security and CEO ofTrustedSEC LLC. “Hospitals have low security, so it’s relatively simple of these hackers to have a massive amount of important data for medical fraud.”

Interviews with nearly 14 healthcare executives, cybersecurity investigators and fraud experts offer a detailed account with the underground promote for stolen patient data.

The data available for purchase includes names, birth dates, policy numbers, diagnosis codes and billing information. Fraudsters use this data to develop fake IDs to obtain medical equipment or drugs which can be resold, or they combine a client number using a false provider number and file made-up claims with insurers, experts say who\’ve investigated cyber attacks on healthcare organizations.

Medical identity fraud is sometimes not immediately identified by the patient or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit lines, which are often quickly canceled by banks once fraud is detected.

Stolen health credentials might opt for $10 each, about Ten or twenty times the power of a U.S. credit card number, reported by Don Jackson, director of threat intelligence at PhishLabs, a cyber crime protection company. He obtained your data by monitoring underground exchanges where hackers sell the results.

ATTACKS To the RISE

The quantity of healthcare organizations that have already reported a criminal cyber attack has risen to 40 % in 2013 from 20 percent during the past year, based on a survey with the Ponemon Institute think tank on data protection policy.

Founder Larry Ponemon, who\’s aware about specifics of attacks on healthcare companies which were not publisised, said he\’s seen a growth at the moment inside the amount of cyber attacks and number of records stolen in those breaches.

Fueling that increase is often a shift to emr by a greater part of U.S. healthcare providers.

Marc Probst, chief information officer of Intermountain Healthcare in Salt Lake City, said his hospital system fends off numerous attempts to penetrate its network per week. So far it\’s not at all concious of a booming attack.

“The one reason to order that information and facts are to enable them to fraudulently bill,” Probst said.

Healthcare providers and insurers must publicly disclose data breaches affecting much more than 500 people, but there are not any laws requiring justice. For that reason, the all inclusive costs of cyber attacks about the healthcare technique is hard to pin down. Insurance specialist state they are one of many expenses ultimately passed onto Americans together with rising medical insurance premiums.

Consumers sometimes discover their credentials are actually stolen only after fraudsters use their personal medical ID to impersonate them and obtain health services. If the unpaid bills are sent up on loan companies, they track down the fraud victims and seek payment.

Ponemon cited a situation during the past year by which one patient discovered that his records for a major hospital chain were compromised after he soon began receiving bills related to a heart procedure he previously not undergone. The man’s credentials were also used to get yourself a mobility scooter and many fecal material medical equipment, racking up hundreds and hundreds of dollars in whole fraud.

MEDICARE FRAUD

The government’s efforts to combat Medicare fraud have centered on traditional kinds of scams which involve provider billing and more than billing. Fraud involving theMedicare program for seniors as well as disabled totaled over $6 billion within the past two years, depending on a database maintained by Medical Identity theft Alliance.

“Healthcare providers and hospitals are some of the most convenient networks to kick into,” said Jeff Horne, second in command at cybersecurity firm Accuvant, which happens to be majority-owned by private equity firm Blackstone Group.

“When I’ve investigated hospitals, then when I’ve spoke with other people in a breach, these are using very old legacy systems – Windows systems which are 10 plus yoa which may have not seen an area.”

KPMG partner Michael Ebert said security has been an afterthought for many people medical providers – jewel building encryption into software utilized to create electronic patient records or perhaps in setting budgets.

“Do you want to purchase a different MRI machine or laser surgical procedure or do you want to purchase a whole new firewall?” he was quoted saying.