A recent advertisement from the Dark Net for "uniquely high quality American identities" with "Name, SSN, DOB, Address, Phone number and Medical Insurance Policy Numbers."
Cybercriminals have even developed a lucrative technique for using the identities of people with low or no credit. Healthcare records, specifically medical IDs, can be used to purchase narcotics and pharmaceuticals with a high street value. They have also implemented sophisticated scams where they use the identities of deceased doctors to bill insurance companies for fake procedures against the identities of legitimate patients. This technique alone can net fraudsters over $100,000 per incident.
The graph demonstrates the prevalence of fraud in online prescription services by showing the average value of legitimate transactions vs. fraudulent transactions across different vertical markets.
The inherent value of Protected Health Information (PHI) to criminals is these types of records can be recycled over and over again. Changing a credit card account is as easy as calling your bank or filling out a form online. You can't dial into a call center and ask them to change your identity.
Cybersecurity is the arms race of this and future generations. Unlike modern warfare which has thousands of years of history on which to build rules of engagement, we are in the position of developing many of these rules as the technology and resulting threats develop rapidly. As the information age continues to grow, mature, and innovate so will its criminal class. We, as corporations and nations, need to begin taking the fight to the enemy. I am not talking about preventative or detective controls, processes, or even hack backs. I am talking about putting people in jail. Steve Santorelli, former Scotland Yard cybercrime detective, now director of analysis and outreach at Team Cymru, sums it up nicely:
Couple our industries traditional propensity to hide incidents wherever possible, for fear of bad publicity, with the relatively recent trend towards mandatory breach reporting in several of these key areas, and you have a group of victims that are reeling from the impact. The offenders here are really thriving and we're helping them with our antiquated systems that will take aeons to evolve.
Sign up for Computerworld eNewsletters.