Why stolen personal health information is so valuable

Thieves will pay 10x as much for stolen personal health information than for a stolen credit card. I think I know why.

According to The New Hacker Economics, in the New York Times:

Company e-mail, business documents and personal health information are the new targets of choice for illegal hackers, according to Finjan, a San Jose-based maker of Web security software and appliances…

“Money is the motivation for criminal hackers, and it is this kind of information that has become most valuable,” [Finjan CEO, Yuval Ben-Itzhak] said.

A couple of years ago, credit card numbers and bank account PINs sold for $100 or more on sites selling stolen information, Mr. Ben-Itzhak said. Now, the price is down to $10 or $20, compared to $150 to $200 for some of the newer documents.

The article didn’t explain why personal health information is so valuable, so I did a quick web search to get some ideas. The Coalition Against Insurance Fraud has a list of scams, which include:

  • Illegal and bogus treatment by corrupt providers or fake clinics
  • Purchase of drugs for use by addicts or resale
  • Obtaining free treatment by impersonating a health plan member

The site suggests various ways to counteract the theft of personal health information including:

  • Examining explanation of benefits forms (EOBs)
  • Monitoring benefits by asking for a list of claims paid
  • Checking medical records and correcting inaccuracies

The high market value of personal health information relative to credit cards and bank PINs is quite telling. All else being equal access to a credit card or bank account should be much more valuable because it allows a crook to get cold hard cash, which can be used for anything.

The clues to the value of personal health information can be found in the remedies available to consumers. If my credit card or ATM card is stolen I can call my bank 24-hours a day and have it stopped instantly. Worst case I’ll see the problem clearly on my next monthly statement.

Contrast that with the suggestion to look at your EOBs! The forms are completely incomprehensible in addition to being delayed and often inaccurate. I usually toss mine right in the trash.

I’m sure my insurer would provide me with a list of claims paid, but it’s not something a person would routinely request.

The site freely admits that correcting medical records is tough:

But be warned. Correcting records can be hard. In general, federal law lets patients correct medical records created only by the medical provider or insurer that now maintains your information. A hospital or insurer that later receives your information doesn’t have to correct its records,”even when they’re wrong.

So crooks are apparently taking advantage of the fact that stolen health information is likely to be useful for much longer than stolen financial information. Until that changes –and don’t hold your breath– health information is likely to continue to grow in popularity among thieves.

Looking on the bright side, maybe health plans will figure out a way to make EOBs more readable, useful, and timely. That would be a relief for members and also improve fraud detection.

0 thoughts on “Why stolen personal health information is so valuable

  1. Clinton Walker III

    This is a great article to keep people informed about the dangers of stolen information. Many individuals use their insurance without checking the charges. It is important to keep in contact with your provider.

    Reply
  2. Pingback: » Blog Archive » Health Wonk Review: Post-Memorial Day Edition

  3. Pingback: Who’s afraid of the big, bad web-based EHR? | Walking Heart~2~Heart

  4. Pingback: Health Business Blog » Blog Archive » Finjan finds “crimeware” servers hosting medical and business data

  5. Julia Shing

    The web is no longer safe. You wouldn’t want your personal health information falling into the wrong hands.
    Besides you can always keep your own health tracking record at home. Make sure the place where you plan to exercise is clean first. No one would plan of looking for you there.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s