Dive Brief:
- Consumer health information is increasingly showing up for sale on the black market as hackers access health organizations, according to an NPR "all tech considered" report.
- The data is appearing on "cyber underworld" websites that don't turn up from a Google search—with names ending in .su and .so—advertising things like Medicare IDs. Furthermore, a criminal online rating system helps indicate the validity of the offers.
- Greg Virgin, CEO of the security firm RedJack, speculates to NPR that hackers could also be using health data for corporate extortion. "A breach happens at one of these companies. The hackers go direct to that company and say, 'I have your data.' The cost of keeping this a secret is X dollars and the companies make the problems go away that way," he says.
Dive Insight:
Security provider Symantec reports that healthcare companies saw a 72% increase in cyberattacks between 2013 and 2014, and healthcare companies have disclosed more than 270 large data breaches during the past two years, NPR reports.
Healthcare security expert Jeanie Larson says organizations such as hospitals, labs and insurers lack sufficient cyber-security standards, and skirt the intention of HIPAA rules by interpreting them too loosely and avoiding basics such as data encryption.
"The financial sector has done a lot with automating and creating fraud detection type technologies, and the healthcare industry's just not there," she told NPR.