Get Hip to HIPAA: Hackers Want Your Health Data

I have a question for you. What do hackers want more—your Social Security number or your health information?

If you guessed Social Security, you’re wrong. Here’s another fact I learned by writing fiction. The answer is health data, and criminal hackers are busy stealing it every chance they get.

Despite this alarming trend, there is some protection in place for patient privacy. In 1996, the United States legislature passed the Health Insurance Portability and Accountability Act  known as HIPAA. This act provides for data privacy and security provisions for safeguarding medical information.

The passage of this act was meant to protect patients’ privacy, but it means nothing to a criminal hacker whose day job is stealing your health data. The law has emerged into greater prominence in recent years with the proliferation of health data breaches caused by cyberattacks and ransomware attacks on health insurers and providers.

Hackers can fetch only around $15 a pop on the web for a Social Security number, but a medical record with personal information attached can go for $60 or more. 

Criminals can use health data to create fake identities that allow them to buy and resell medical equipment or drugs, to file fake claims with insurers, or to file fake tax returns. Hackers will use stolen hospital records for extortion—the patient must pay to keep from having their records sold on the dark web.

One reason health data fetches more dollars is that medical identity theft can go undetected for years. The modern practice of electronically storing medical records rather than using paper charts has resulted in a bonanza for criminal hackers. They can sneak in with a few taps on a keyboard, grab the data, and sneak out without being detected.,

How is this possible? One explanation is that medical facilities and private practices tend to put patient care items first when considering expenditures. If the budget is tight, money is not spent to replace aging computer systems, hire IT consultants, and upgrade security infrastructure. These cost-cutting practices make hackers’ work remarkably easy.

Visit these sites for more complete information on this topic:

https://www.dhcs.ca.gov/formsandpubs/laws/hipaa/Pages/1.00WhatisHIPAA.aspx

https://www.healthit.gov/sites/default/files/YourHealthInformationYourRights_Infographic-Web.pdf\

https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html

The security of health data is a recurring theme in the hospital-based Aimee Machado Mystery series published by Camel Press, an imprint of Epicenter Press. Available in print and eBook formats from Amazon, Barnes & Noble and by request at your local bookstore. http://camelpress.com/