Medical Records: Valuable Assets
As each week passes, more medical facilities are compromised and an increasing number of consumer medical records are bundled for sale on the dark web. These to be sale-able, the medical records must hold value in some form. Without this, the medical records would not be targeted.
The attackers are able to use this for identity theft. These medical records contain obviously charting for the patient, but also full patient name, SSN, and other ID data, e.g. the state driver’s license number. There may also be present in the record the patient’s payment information, present in the record the patient’s payment information, including the credit card number. The patient record may also have the patient’s picture. With this information and data, credit card fraud and identity theft is moderately easy. This could occur repeatedly occur over the years. The records could be sold repeatedly over the years, repeating the cycle.
This theft may not be noticeable for years. The attackers tend to slowly and methodically extract value from this. In comparison, a credit card is cancelled and a new card issued relatively quickly after fraud is detected. The medical records may be used for Medicare Fraud. This may involve fraudulent billing and over-billing. With a mass-amount of records, this could be rather lucrative for the deviants.
The affected parties have a limited number of actions to take when this occurs. The consumer could contract with a third-party service to monitor their personal credit report. This has been met with mixed results as these services don’t always stop the credit reports from being pulled, as personally experienced. The other primary option is for the consumer to freeze their account. These options also have their own issues.
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.