Health care offers attractive growth opportunities for cyber criminals looking to steal reams of personal information, as the hacking of a database maintained by the second-largest U.S. health insurer proves. The latest breach at health insurer Anthem Inc. follows a year in which more than 10 million people were affected by health care data breaches. Health care hacking is becoming more of a focus as retailers and other businesses have clamped down on security after massive breaches at companies like Target and Home Depot. That has made it more difficult in some cases for cyber thieves to infiltrate their systems. As a result, they’ve turned their attention toward health care. Experts say health care companies can provide many entry points into their systems for crooks to steal data. And once criminals get that information, they can pull off far more extensive and lucrative schemes.
With medical records and a social security number, it’s not so simple.
Tony Anscombe, a security expert with the cyber-security firm AVG Technologies
Criminals who obtain stolen Social Security or health insurance account numbers have shown more sophistication than the average credit-card fraudster, according to Pam Dixon, executive director of the World Privacy Forum, a consumer advocacy group. Rather than use the information right away, she said some crooks will sit on Social Security or health insurance files for a year or more before using them to create new identities and apply for benefits. Anthem Inc. said late Wednesday that hackers broke into a database storing information on 80 million people in an attack the company discovered last week. The insurer, which covers more than 37 million people, said credit card information wasn’t compromised, and it has yet to find any evidence that medical information was targeted.