Health care organizations have increasingly become the target of hackers.

The data breach of Anthem, the second-largest U.S. health insurer, was among the major headlines of 2015. The breach, which exposed private data of as many as 78.8 million customers, was the result of a cyberattacks attributed earlier this year to someone acting on behalf of a foreign government.

While health care industry breaches of this magnitude may be infrequent, health care organizations have increasingly become the target of hackers. One of the reasons is the value of medical identity records on the dark web.

Because they have a much richer data set—everything from birthdates and Social Security numbers to physical characteristics and billing information—they fetch around $50 to $70 and in some cases as much as $500. For comparison, W-4 employee records can be bought for under $20 and credit card numbers for $1-$2.

For victims, consequences can range from misdiagnosis due to erroneous health records, to loss of insurance. In many cases, victims are also on the hook for paying thousands of dollars in bills for services they didn’t receive.

When banking or credit card accounts are compromised, or a person’s identity is stolen, there are mechanisms for raising red flags. There is no equivalent for flagging a stolen medical identity, which means bad actors can exploit it for a long time before the theft is detected.

The Medical Identity Fraud Alliance suggests not oversharing health-related information on social media, as fraudsters are good at aggregating information. And if you’re part of the craze of using a mobile app or wearable fitness tracker, check to see how those companies are collecting, storing and using your info—they don’t fall under the same rules as medical providers.

Click here to read the full article.

By Rodika Tollefson, KP News, August 1, 2017