2015 will be the “Year of the Healthcare Hack” as cybercriminals are increasingly attracted to troves of personal information held by U.S. insurers and hospitals that command high prices on the underground market.

Anthem Inc, the No. 2 U.S. health insurer, last week disclosed a massive breach of its database containing nearly 80 million records, prompting investigations by state and federal authorities. That hack followed a breach last year at hospital operator Community Health Systems, which compromised some 4.5 million records.

In the past decade, cybercriminals focused their efforts on attacking banks and retailers to steal financial data including online banking credentials and payment card numbers. But as those companies boost security, using stolen credit card numbers has become more difficult.

Prices on criminal exchanges have also dropped, prompting hackers to turn to the less-secure medical sector, just as the amount of digital healthcare data is growing dramatically.

Stolen healthcare data can be used to fraudulently obtain medical services and prescriptions as well as to commit identity theft and other financial crimes. Criminals can also use stolen data to build more convincing profiles of users, boosting the success of scams.

“A name, address, social and a medical identity … That’s incredibly easy to monetize fairly quickly,” said Bob Gregg, CEO of ID Experts, which sells identity protection software and services. Identities can sell for $20 apiece, or more, he said.

Insurers, medical equipment makers and other companies say they have been preparing for breaches after seeing the waves of attacks on other industries.

Click here to read the full article.

February 11, 2015 by Caroline Humer and Jim Finkle, Reuters