In early 2015, Anthem Health Insurance revealed it had been the victim of a data breach affecting millions of customers and employees. In the wake of this major breach, a lot of people are wondering why hackers would target a health insurance company instead of a bank or credit card company. If you work in the health care industry, here is what you need to know about data breaches.
Many health care workers are surprised that computer hackers would target an insurance company. After all, hacking into a credit card database would likely yield millions of Social Security numbers and credit card numbers. Getting into a bank database would give hackers access to millions of account numbers and plenty of personally identifiable information. Fortunately, credit card companies and banks have excellent data security systems. These systems are capable of identifying a data breach quickly and closing down affected accounts within a matter of minutes.
In August 2014, the Federal Bureau of Investigation issued a warning stating that health care organizations are at risk for cyber attacks. The FBI issued this warning following the high-profile data breach at Community Health Systems. In this data breach, hackers were able to steal 4.5 million medical records, giving them access to names, addresses, Social Security numbers and other pieces of data. FBI representatives believe hackers are targeting health care organizations because they want access to personally identifiable information.
Hackers tend to execute cyber attacks against weak systems. Because credit card companies and banks have tightened up their data security, health care organizations are now one of the weakest targets in the market, making them very attractive to hackers. Once a hacker creates a data breach, millions of medical account numbers are available for the taking. Hackers sell these numbers to people who use them to order medical equipment and drugs. Some criminals even use the medical account numbers to create fake medical ID cards. They sell these cards to people who cannot afford medical care.
Because credit card companies and banks have such excellent security, they are able to identify and close breached accounts very quickly. This isn't the case with the medical account numbers stolen from hospitals, insurance companies and other health care organizations. No one knows criminals are making purchases with the account numbers until one of the people affected by the data breach starts receiving invoices for medical supplies or prescriptions he never purchased. Because it takes so long to process insurance claims, it might be several months before someone realizes criminals have been using his name to make purchases.
Health care IT systems are full of personally identifiable information that can be used to steal identities and make fraudulent purchases. Because of vulnerabilities in health care databases, every hospital, clinic, private practice and health insurance company is at risk of a data breach. Health care executives and IT professionals must work together to tighten security and make it harder for hackers to steal valuable information.
Photo courtesy of Stuart Miles at FreeDigitalPhotos.net