Social Security and Health Insurance Data Breached
Posted by: Timothy Weaver on 03/10/2016 10:20 AM
[
Comments
]
The Federal Bureau of Investigation has asked 21st Century Oncology to delay notification of patients that their information had been taken when a third-party gained unauthorized access to one of its databases.
Pilfered was names, Social Security numbers, diagnoses, treatment data, insurance details and doctors' names. According to Kevin Watson, CEO of Netsurion, the info “could unlock the potential for significant medical fraud.”
Watson said: If, as 21st Century Oncology claimed, “insurance plan information was stolen along with identity information, data thieves would have a good indicator on which identities hold a higher value, based on the value of the insurance plan. If thieves focus on the individuals with the highest plan costs, these are likely to be people who are more established in their lives, have families, higher incomes and better credit, meaning their identities are worth even more on the black market.”
The FBI alerted the clinic to the cyber trespass on Nov. 15 but asked for its cooperation in keeping the breach under wraps until the agency could wrap up its investigation and 21st Century Oncology complied.
“The fact that many of these breaches are reported by the FBI, rather than discovered by the company that holds the data, speaks to the heart of the problem – many organizations do not have sufficient technical expertise and capabilities in place to protect data and respond in a timely manner in the event of a breach,” Chenxi Wang, chief strategy officer for Twistlock, said. “This is becoming an increasingly pressing problem for the entire industry.”
Paul Jespersen, vice president of Enterprise Business Development at Comodo, said: “Any business, organization or institution that keeps social security numbers, medical data and other personal information online is a potential goldmine for the cybercriminal because they can get a massive amount of valuable information in a very short period of time. Hospitals, medical practices, schools and even governments are at particular risk due to the high likelihood of handling private data that criminals would find attractive.”
The cancer clinic, in its statement, urged patients to “regularly review the explanation of benefits that they receive from their health insurer” and report “any services they did not receive.”
Source: SCMagazine
Pilfered was names, Social Security numbers, diagnoses, treatment data, insurance details and doctors' names. According to Kevin Watson, CEO of Netsurion, the info “could unlock the potential for significant medical fraud.”Watson said: If, as 21st Century Oncology claimed, “insurance plan information was stolen along with identity information, data thieves would have a good indicator on which identities hold a higher value, based on the value of the insurance plan. If thieves focus on the individuals with the highest plan costs, these are likely to be people who are more established in their lives, have families, higher incomes and better credit, meaning their identities are worth even more on the black market.”
The FBI alerted the clinic to the cyber trespass on Nov. 15 but asked for its cooperation in keeping the breach under wraps until the agency could wrap up its investigation and 21st Century Oncology complied.
“The fact that many of these breaches are reported by the FBI, rather than discovered by the company that holds the data, speaks to the heart of the problem – many organizations do not have sufficient technical expertise and capabilities in place to protect data and respond in a timely manner in the event of a breach,” Chenxi Wang, chief strategy officer for Twistlock, said. “This is becoming an increasingly pressing problem for the entire industry.”
Paul Jespersen, vice president of Enterprise Business Development at Comodo, said: “Any business, organization or institution that keeps social security numbers, medical data and other personal information online is a potential goldmine for the cybercriminal because they can get a massive amount of valuable information in a very short period of time. Hospitals, medical practices, schools and even governments are at particular risk due to the high likelihood of handling private data that criminals would find attractive.”
The cancer clinic, in its statement, urged patients to “regularly review the explanation of benefits that they receive from their health insurer” and report “any services they did not receive.”
Source: SCMagazine
Comments
