Cybersecurity concerns surrounding healthcare organizations and hospitals have been brewing while the novel coronavirus (COVID-19) has spread around the world. In fact, warnings from the FBI and Interpol indicate that hospitals are a target for a wide range of cyberattacks, from having medical records exposed to attacks that may involve ransomware — software built as a decoy to lock down a computer system until the ransom is paid. This happened on May 5th, 2020, when a reported ransomware attack on the Fresenius Group, a global healthcare company and one of the largest dialysis equipment providers in the U.S., impacted its operations around the world. These attacks can not only cripple healthcare and hospital operations, but hackers and scammers can also put sensitive personal medical information at a high risk of fraud.
Coronavirus Has Hackers Focused on Healthcare Industry
With the increased exposure of scams, hacks, and security incidents due to the COVID-19 pandemic, the U.S. Department of Homeland Security (DHS) recently issued a joint statement warning of continued exploitation by bad actors. According to DHS, “APT [Advanced Persistent Threat] actors are actively targeting organizations involved in both national and international COVID-19 responses. These organizations include healthcare bodies, pharmaceutical companies, academia, medical research organizations, and local governments.” The warning goes on to explain, “APT actors frequently target organizations in order to collect bulk personal information, intellectual property, and intelligence that aligns with national priorities.”
**Update (May 13th, 2020): Magellan Health Ransomware Attack: The healthcare giant, Magellan Health, has sent a notice to its patients explaining it has fallen victim to a ransomware scheme after a phishing scam. The information held for ransom included names, contact information, employee ID numbers, W-2 or 1099 information, including Social Security numbers or taxpayer identification numbers, and login credentials and passwords for employees.
**Update (October 6th, 2020): Blackbaud Ransomware Attack: Fundraising database management company Blackbaud, a vendor for non-profits and educational institutions, became victim to a ransomware attack beginning in February 2020, which remained undetected until May of 2020. Even after paying the ransom, cybercriminals copied sensitive data from over 6 million donors, potential donors, patients, and community members, and it was revealed in a September SEC filing that hackers gained access to more unencrypted data than originally reported, including Social Security numbers, financial accounts, and payment information. Hundreds of Blackbaud’s clients, first notified in August of 2020, continue to disclose the impact of the data incident on their donors, including health organization Inova Health.
Unfortunately, the exploitation trends of personal healthcare information we are seeing indicate that 2020 will be a year of another significant increase in medical data-oriented attacks, putting patients’ and employees’ Personally Identifiable Information (PII) and medical records at risk — including names, dates of birth, addresses, Social Security numbers, medical and treatment history, health insurance, and bank account information. This sensitive data may be held for ransom by cybercriminals or sold on the Dark Web, where it can be used to perpetrate various forms of identity theft, including medical identity theft.
Scammers are Targeting Your Medical Information
When cybercriminals aren’t hacking into organizations to access a deluge of individual records, they are busy crafting new scams to target individuals for their money and personal information. Fraudsters exploit the fears of individuals related to the coronavirus outbreak to steal the personal, financial, and medical information of those looking for knowledge, protection, and treatment for the viral infection. As of May 5th, the Federal Trade Commission (FTC) has recognized over 36,000 scam reports related to the coronavirus, with COVID-19 scam victims losing more than $24 million since January 1st, 2020.
Remain vigilant of the following coronavirus scams targeting your information:
- Too-Good-to-be-True Travel deals
- Offers for COVID-19 related grants or economic impact payments
- Fake investment and charitable organizations
- Phony home inspectors from the CDC
- Sham sellers of coronavirus testing kits, protection, and vaccines
- Bogus offers for hard to obtain household supplies
- Offering to help run errands
- “You’ve been in contact with a victim of COVID-19” text message
- Fake job posting
- Imposter family members
The Toll of Medical Identity Theft
If your personal information is left unprotected through a data breach, cyber-attack, or a scam, especially your Social Security number or health insurance information, you become vulnerable to medical identity theft — that is, when someone steals your personal information to receive free medical care, goods, or prescription drugs. Pediatric offices full of children’s medical records are particularly attractive to identity thieves, posing a life-long threat of synthetic identity theft for those exposed in a data breach.
6 Signs You May be a Victim of Medical Identity Theft
- You were denied health insurance benefits.
- You were notified that your medical benefits had exceeded the yearly limit.
- You had prescriptions obtained in your name that were not for you.
- You discovered another person’s information in your medical file/records.
- You had your insurance company contact or bill you for unknown treatment.
- You had a medical provider, billing department, or collection agency bill you for services never received.
You may not be able to keep organizations from being breached and exposing your personal information. Still, you can limit your risks and protect yourself and your family after a data security incident. IdentityForce provides you with peace of mind around your medical identity by offering comprehensive identity monitoring of your medical accounts like your medical insurance identification number and rapid alerts of suspicious activity.
Try a Free 30-Day Trial today!