The Spokesman-Review Newspaper
The Spokesman-Review Newspaper The Spokesman-Review
Spokane, Washington  Est. May 19, 1883
Current Temperature
53°F
Current Conditions
Broken clouds
View complete weather report

Color Scheme

Subscribe now

Hackers see rewarding targets in health care companies

Tom Murphy And Brandon Bailey Associated Press

Health care offers attractive growth opportunities for cyber criminals looking to steal reams of personal information, as the hacking of a database maintained by the second-largest U.S. health insurer proves.

The latest breach at health insurer Anthem Inc. follows a year in which more than 10 million people were affected by health care data breaches – including hacking or accidents that exposed personal information, such as lost laptops – according to a government database that tracks incidents affecting at least 500 people. The numbers, compiled by the Department of Health and Human Services, show that last year was the worst for health care hacking since 2011, when more than 11 million people were affected.

Health care hacking is becoming more of a focus as retailers and other businesses have clamped down on security after massive breaches at companies like Target and Home Depot. That has made it more difficult in some cases for cyber thieves to infiltrate their systems. As a result, they’ve turned their attention toward health care.

Experts say health care companies can provide many entry points into their systems for crooks to steal data. And once criminals get that information, they can pull off far more extensive and lucrative schemes.

“If someone steals your credit card and home address, they might be able to buy something, but you can usually get that locked down quickly,” said Tony Anscombe, a security expert with the cybersecurity firm AVG Technologies. “With medical records and a Social Security number, it’s not so simple.”

Anthem said Wednesday that hackers broke into a database storing information on 80 million people in an attack the company discovered last week. The Blue Cross Blue Shield insurer said the hackers gained access to names, birthdates, email address, employment details, Social Security numbers, incomes and street addresses of people who are currently covered or have had coverage in the past.

The insurer, which covers more than 37 million people, said credit card information wasn’t compromised, and it has yet to find any evidence that medical information was targeted. Anthem doesn’t know how many people were affected by the attack, but a spokeswoman said that number was probably in the “tens of millions.”

The impact could be far-reaching. The hackers may have simply been probing Anthem’s defenses with plans to plant malware that steals information or to come back with a much larger attack, said Eran Barak, CEO of another cybersecurity firm, Hexadite.

Other experts caution that the hackers may have indeed made off with medical information, and that has not been discovered yet.

Criminals who obtain stolen Social Security or health insurance account numbers have shown more sophistication than the average credit-card fraudster, according to Pam Dixon, executive director of the World Privacy Forum, a consumer advocacy group.

Rather than use the information right away, she said, some crooks will sit on Social Security or health insurance files for a year or more before using them to create new identities and apply for benefits.

“What they like to do is season the data for a time, to allow the credit monitoring subscription to expire, and wait until people get sloppy or complacent” about monitoring their own accounts for fraud, she said.

Anthem said hackers executed a “very sophisticated” attack on its system, and it contacted the FBI and made “every effort” to close the security vulnerability once it discovered it.

The federal government also is investigating whether the personal information of Medicare and Medicaid beneficiaries was stolen. Those government programs are a major business for Anthem.