5 Reasons Why Medical Identity Theft is Increasing

Philip Bates 09-11-2015

Scammers want your personal details and bank account information – but did you know that your medical records are also of interest to them?


In fact, they’re positively sought-after, worth more than even your credit or debit card number!

It’s only getting worse: examples of these scams and data breaches are increasing, with the Ponemon Institute’s Fifth Annual Benchmark Study on Patient Privacy and Data Security concluding that:

“Criminal attacks on healthcare organizations are up 125 percent compared to five years ago… replacing lost laptops as the leading threat.”

But why? And what can you do about it?

They’re Worth Relatively Large Sums


The greater amounts information can be sold on for, the more worthwhile it is for hackers to spend time obtaining.


You might be surprised: your details, even the seemingly-insignificant ones, can fetch quite a bounty on the Dark Web Here's How Much Your Identity Could Be Worth on the Dark Web It's uncomfortable to think of yourself as a commodity, but all of your personal details, from name and address to bank account details, are worth something to online criminals. How much are you worth? Read More . You may shrug at finding out that Personally Identifiable Information (PII) can only garner around $1 a line, but according to Reuters, medical information is worth ten or even twenty times the amount offered for credit card details.

PhishLabs’ Don Jackson says such credentials can go for $10 each – which might seem insubstantial, but this sort of information is stolen in bulk, meaning one hack can result in masses of fraud victims.

Scammers can sell details on with shocking ease on the Dark Web: that is, a part of the un-indexed Deep Web Journey Into The Hidden Web: A Guide For New Researchers This manual will take you on a tour through the many levels of the deep web: databases and information available in academic journals. Finally, we’ll arrive at the gates of Tor. Read More , with information stored on onion sites only accessible using the Tor browser. There are of course ways a beginner can scour onion sites How to Find Active .Onion Dark Web Sites (And Why You Might Want To) The Dark Web, in part, consists of .onion sites, hosted on the Tor network. How do you find them and where to go? Follow me... Read More , but typically hackers are well-versed already. This Dark Web offers people the chance to buy and sell all sorts of things, including drugs, weapons, and your personal details.

It’s Often All-Encompassing



Why is this sort of information worth a high sum? The core reason is that gaining medical data is a ‘full’ scam, ie. It contains all the information needed to impersonate you. That includes PII, but also billing and insurance material.

You trust medical companies with a hefty package of private data, and this can be a tantalizing bounty for cybercriminals.

Even tiny bits of information can be used to gather a lot about you: you tell social media an awful lot What Does Facebook Know About You? Why You Should Delete Facebook What does Facebook really know about you? One thing's for sure: if you want online privacy, Facebook is best avoided. Read More , and from that, one could even guess at your passwords – especially if it’s something generic Dissecting the 25 Worst Passwords in the World [Weird & Wonderful Web] There are many simple ways to create easy to remember, but difficult to break passwords. But not everyone gets it. As this list of the weakest passwords prove, it is a large tribe. Read More . Take a look at Digital Shadow Digital Shadow Exposes What Facebook Really Knows About You While it began as a mere marketing stunt, Ubisoft's Digital Shadow remains a very useful (and potentially scary) application that shows you how much people can find out about you from Facebook. Read More : that picks through your Facebook profile and automatically suggests passwords you might use for PayPal, Internet shopping 7 Scams to Watch Out for on Black Friday and Cyber Monday While you shop for deals this Black Friday and Cyber Monday, scammers will be looking for YOU. Here's how to shop safely online. Read More , or online banking.

Now imagine what a fraudster could do Medical ID Theft: How Scammers Use Records To Steal Your Identity Read More with a more complete profile of you.


While the BBC stated that the number of identity theft victims rose by almost a third in January- March 2015, compared the same period in 2014, Javelin Strategy & Research reported that $16 billion was stolen from 12.7 million victims in the USA last year.

The more accurate a picture of you, the more absolute the identity theft.

It Can Go Unnoticed

The duration scammers can get away with fraudulent activity is typically greater than the time it takes for you to realize there’s something fishy going on with your credit card. Banks are always on the look-out for questionable activity going through your account: any queries and your card can be on hold or cancelled altogether.


But medical identity theft isn’t always obvious. It can’t go unnoticed forever, but often, you only become aware of someone impersonating you for health purposes once it’s too late. What’s worse, you become responsible for the red-letter bills; you have to pay the debt lumped on you by people you don’t even know.

That’s the consequence of not being as fussed about healthcare data breaches as you would be at learning of your financial information being accessed.

It may come as a surprise to know how little information can result in identity theft. Amy Krebs told Forbes how she became a victim herself:

“I don’t know who she is. I had never heard of her in my life. She lives a town over from me. She was using my maiden name and a 10-year-old address — so perhaps at some place in my community I trusted, like a school or a doctor’s office or employer, she came across that information. I can only make assumptions and jump to conclusions at this point… She hardly knew anything about me but was able to get credit from utility companies and stores.”

It’s An Emotive Subject


We all worry about our health; if you receive an email delivering bad news, or containing worrying results, you’re bound to panic. Scammers use that fear to gain leverage over you.

If hackers have your details, the more information they can convey to you, the more likely it is that you’ll fall for such a hoax.

One particular scam saw hundreds of thousands of emails sent out to people worldwide supposedly from medical institutions – emails which contained malware The Complete Malware Removal Guide Malware is everywhere these days, and eradicating malware from your system is a lengthy process, requiring guidance. If you think your computer is infected, this is the guide you need. Read More called Dridex. Don Smith, Technology Director at the company which revealed this fraud, Dell SecureWorks, told The Independent:

“[The gang of cybercriminals responsible] were opportunistic and used any means to get people to inadvertently install malware so they could steal money. They would use any ploy – however weird or wacky – to persuade people to do that.”

This purportedly included telling would-be victims that they had tested positive for cancer.

You wouldn’t get such medical data through your email, but such a message could easily make you panic and fall into the cybercriminals’ trap. The Dridex malware 10 Steps To Take When You Discover Malware On Your Computer We would like to think that the Internet is a safe place to spend our time (cough), but we all know there are risks around every corner. Email, social media, malicious websites that have worked... Read More would activate when the victim used online banking Is Online Banking Safe? Mostly, But Here Are 5 Risks You Should Know About There's a lot to like about online banking. It's convenient, can simplify your life, you might even get better savings rates. But is online banking as safe and secure as it should be? Read More ; they would then either be presented with a fake banking page or details would be collected and sent to the hackers.

It’s such an emotive topic that there were reports of a phone scam, whereby you get a call saying a relative has been in an accident abroad and need their medical bills paying urgently before they can be treated!

Sometimes, They’re Easy Targets

This doesn’t apply to all medical institutions, obviously, but many have insufficient security systems – certainly considering the wealth of information they hold about you! Healthcare security expert, Dave Kennedy confirmed:

“As attackers discover new methods to make money, the healthcare industry is becoming a much riper target because of the ability to sell large batches of personal data for profit. Hospitals have low security, so it’s relatively easy for these hackers to get a large amount of personal data for medical fraud.”

With limited funds, you can’t really blame them for spending their budgets on medical equipment over a stronger firewall, for instance.

The Ponemon Institute states that more than 90% of hospitals and healthcare facilities in their annual study had suffered a data breach (costing an average of more than $2.1 million per organization); and 40% had had five or more over the past two years. They further point to the possibility of malicious insiders as having leaked information.

Jeff Horne, vice president of cybersecurity company, Accuvant, said:

“Healthcare providers and hospitals are just some of the easiest networks to break into. When I’ve looked at hospitals, and when I’ve talked to other people inside of a breach, they are using very old legacy systems – Windows systems that are 10 plus years old that have not seen a patch.”

Additional concerns were raised over medical professionals accessing data using unsecure networks on mobile devices.

What Can You Do?

You may think a lot of this is out of your hands, but there are a few measures you can carry out to limit the damage.

If there’s been a data breach affecting more than 500 people, medical institutions need to inform their patients. Contact them if you’re concerned about their security – they’re unlikely to take you through all their arrangements, but you can at least raise your worries.

Create strong passwords 13 Ways to Make Up Passwords That Are Secure and Memorable Want to know how to make up a secure password? These creative password ideas will help you create strong, memorable passwords. Read More , and beware of phishing and malware scams What Exactly Is Phishing & What Techniques Are Scammers Using? I’ve never been a fan of fishing, myself. This is mostly because of an early expedition where my cousin managed to catch two fish while I caught zip. Similar to real-life fishing, phishing scams aren’t... Read More . Always shred unwanted medical reports Here Are 6 Pieces of Paper You Should Always Shred We know that important documents must be shredded, but complacency is easy: 'it doesn't really matter.' But should you go to extremes and destroy all records? Which documents do you really need to shred? Read More . Stay skeptical of any messages informing you of medical problems, and keep a cool head. Would your hospital really email you to let you know bad news?

You can also use to keep track of any data breaches – large or small.

What tips do you have? Have you ever been victim yourself?

Image Credits: Harvard Medical School by Cliff; Identity Theft by Don Hankins; and Medical/Surgical Operative Photography by Phalinn Ooi.

Related topics: Identity Theft, Online Fraud.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Anonymous
    November 10, 2015 at 2:18 pm

    "What Can You Do?"
    Unfortunately anything an individual can do is pretty useless when hospitals do not secure their databases properly and sufficiently.

    • Philip Bates
      November 30, 2015 at 5:02 pm

      You're absolutely right, I'm afraid. As I say, the best you can do really is to contact them and raise your concerns.