Skip to main content
banner image
venafi logo

The Rising Threat of Healthcare Identity Fraud

The Rising Threat of Healthcare Identity Fraud

Medical Identity Theft
June 11, 2018 | Guest Blogger: Justin Sherman

Financial identity theft is a pretty well-known problem; we hear often about stolen credit cards, especially as breaches litter the news almost weekly. What most of us don’t realize, however, is that medical records are valued at 20 to 50 times more than financial identities on the black market. It’s perhaps for this reason – the return on investment in cyberattacks against healthcare providers – that healthcare identity fraud is a serious rising threat.

For the past several years, the healthcare industry has been at or near the top of industries most prone to cyberattacks.

Putting this all together, a 2017 Accenture survey found that healthcare data breaches have affected 26% of U.S. consumers. Twenty-six percent. This an astounding figure, compounded by the fact that 50% of these individuals subsequently experienced medical identity theft. Their average cost? $2.5 thousand, out-of-pocket, per person. (Perhaps equally astounding is that 88% of respondents still trusted their health provider to maintain security– as opposed to only 57% trusting technology companies and 56% trusting the government to do the same.)

With all of these statistics in front of us, it begs the question: how do we go about combating it?

Why do hackers steal medical records?

First, it’s important to understand the incentives for stealing medical records themselves. As articulated by Robert Lord, Co-Founder and President of anti-healthcare-fraud company Protenus, “there’s a metaphorical holiday feast of enticing data served up in your average health record.” He’s of course right. Dates of birth, addresses, employment information, emergency contacts, family members, insurance plans, and Social Security Numbers are just some of the data points that can comprise a singleindividual’s medical file.

Within the healthcare industry itself, this data is incredibly useful for identity theft. Illegally obtaining prescription drugs, filing false medical insurance claims, and charging someone else for one’s own medical expenses are just some of the wide-ranging uses of stolen medical information. It’s a viable dark-web industry.

But it doesn’t end there, as this wealth of information can also be used outside the healthcare industry; financial fraud and insurance fraud are just two examples. With the breadth and depth of data these records provide, the economic incentives to steal them are enormous. Hackers have increasingly stolen medical records over the past several years, and they will only continue to do so going forward.

What do we do about it?

Social engineering is a significant component of facilitating healthcare breaches. Phishing attacks, abandoned USB drives, and sometimes direct social manipulation can all enable hackers to breach a healthcare provider’s records. For this reason, all healthcare employees need a base level of training in cybersecurity and cyber safety – training that is gamified, simulation-based, and made relevant to their specific areas of work. Just as with major tech companies, hospitals and other healthcare providers should enforce a strong security culture and make sure secure behavior is positively enforced and rewarded.

On the technical side, hospitals are notoriously cyber-insecure in their use of old machines and outdated software; it’s a central reason why the WannaCry ransomware was so successfully used against UK hospitals last year. For this reason, healthcare providers need to require software patching and vulnerability assessments as part of the business lifecycle. While the return on investment may not be immediately obvious, putting money and resources into cybersecurity is a must – particularly considering the enormous financial costs of a medical record breach.

Along this vein, strong encryption, multifactor authentication, firewalls, antivirus programs, malware removal software, and intrusion detection systems are just some of the technologies that can fight medical record breaches. Machine learning is also becoming increasingly adept at intrusion detection and threat analysis, so invest in that as well. Constantly speak to cybersecurity leaders to learn about the latest technologies, and constantly read up on the latest threats. Don’t be afraid to increase your spending on security, inside and outside your IT budget. And to this point, hire employees whose sole, full-time responsibility is cybersecurity. It’s a twenty-first century necessity.

Finally, a major source of concern for healthcare providers is the security of encryption keys and the trust of certificates – as these directly affect the security of medical records. HIPAA, HITRUST, PCI DSS, and other regulations can further complicate this issue. To this end, secure key and certificate protection is a valuable investment. Quickly identifying key misuse and increasing trust in certificates themselves will help prevent a breach. Check out how Venafi can help.

Related posts

Like this blog? We think you will love this.
Featured Blog

Lloyd's Backs Off Insurance for State-Sponsored Cyberattacks

Cyber related businesses are ‘e

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Guest Blogger: Justin Sherman
Guest Blogger: Justin Sherman

Justin Sherman conducts technology policy research through Duke’s Sanford School of Public Policy; and he’s a cybersecurity contributor for the Public Sector Digest. Justin is certified in cybersecurity policy and corporate cybersecurity management.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more