Cybersecurity concerns surrounding healthcare organizations and hospitals have been brewing at the same time the novel coronavirus (COVID-19) has spread around the world. In fact, warnings from the FBI and Interpol indicate that hospitals are a target for a wide-range of cyber-attacks, from having medical records exposed to attacks that may involve ransomware — software built as a decoy to lock down a computer system until the ransom is paid. This happened on May 5th, 2020, when a reported ransomware attack on the Fresenius Group, a global healthcare company and one of the largest dialysis equipment providers in the U.S., impacted the company’s operations around the world. These attacks can not only cripple healthcare and hospital operations, but hackers and scammers can also put sensitive personal medical information at a high risk of fraud.
With the increased exposure of scams, hacks, and security incidents due to the COVID-19 pandemic, the U.S. Department of Homeland Security (DHS) recently issued a joint statement warning of continued exploitation by bad actors. According to DHS, “APT [Advanced Persistent Threat] actors are actively targeting organizations involved in both national and international COVID-19 responses. These organizations include healthcare bodies, pharmaceutical companies, academia, medical research organizations, and local governments.” The warning goes on to explain, “APT actors frequently target organizations in order to collect bulk personal information, intellectual property, and intelligence that aligns with national priorities.”
**Update (May 13, 2020): The healthcare giant, Magellan Health, has sent a notice to its patients explaining it has fallen victim to a ransomware scheme after a phishing scam. The information held for ransom included names, contact information, employee ID numbers, W-2 or 1099 information, including Social Security numbers or taxpayer identification numbers, as well as login credentials and passwords for employees.
Unfortunately, the exploitation trends of personal healthcare information we are seeing indicate that 2020 will be a year of another significant increase in medical data-oriented attacks, putting patients’ and employees’ Personally Identifiable Information (PII) and medical records at risk — including names, dates of birth, addresses, Social Security numbers, medical and treatment history, health insurance, and bank account information. This sensitive data may be held for ransom by cybercriminals or sold on the Dark Web where it can be used to perpetrate various forms of identity theft, including medical identity theft.
Scammers are Targeting Your Medical Information
When cybercriminals aren’t hacking into organizations to access a deluge of individual records, they are busy crafting new scams to target individuals for their money personal information. Fraudsters are exploiting the fears of individuals related to the coronavirus outbreak to steal the personal, financial, and medical information of those looking for knowledge, protection, and treatment for the viral infection. As of May 5th, the Federal Trade Commission (FTC) has recognized over 36,000 scam reports that relate to the coronavirus, with COVID-19 scam victims losing more than $24 million since January 1, 2020.
Remain vigilant of the following coronavirus scams targeting your information:
- Too-Good-to-be-True Travel deals
- Offers for COVID-19 related grants or economic impact payments
- Fake investment and charitable organizations
- Phony home inspectors from the CDC
- Sham sellers of coronavirus testing kits, protection, and vaccines
- Bogus offers for hard to obtain household supplies
- Offering to help run errands
- “You’ve been in contact with a victim of COVID-19” text message
- Fake job posting
- Imposter family members
The Toll of Medical Identity Theft
If your personal information is left unprotected through a data breach, cyber-attack, or a scam, especially your Social Security number or health insurance information, you become vulnerable to medical identity theft — that is, when someone steals your personal information to receive free medical care, goods, or prescription drugs. Pediatric offices full of children’s medical records are particularly attractive to identity thieves, posing a life-long threat of synthetic identity theft for those exposed in a data breach.
Here are six signs that you may be a victim of medical identity theft:
- You were denied health insurance benefits.
- You were notified that your medical benefits had exceeded the yearly limit.
- You had prescriptions obtained in your name that were not for you.
- You discovered another person’s information in your medical file/records.
- You had your insurance company contact or bill you for an unknown treatment.
- You had a medical provider; billing department or collection agency bill you for services never received.
You may not be able to keep organizations from being breached and exposing your personal information, but you can limit your risks and protect yourself and your family after a data security incident. IdentityForce provides you with peace of mind around your medical identity by offering comprehensive identity monitoring of your medical accounts like your medical insurance identification number and rapid alerts of suspicious activity.
Try a Free 30-Day Trial today!