Medical Records Selling for Big Bucks on the Dark Web

Fraudsters have been targeting financial institutions and organizations for years. However, as more and more healthcare organizations begin to embrace electronic medical records and interactive patient communication, these criminals have begun to shift focus. An indicator of this can be found in IDology’s annual Fraud Report results. In the 2013 report, only 33% of healthcare organizations reported experiencing suspected fraud. Conversely, IDology’s 2014 Fraud Report showed a marked increase in suspected fraud attempts, with 75% of healthcare respondents reporting suspected fraud.

In the wake of the recent Anthem data breach, it is clear that fraudsters have set out to steal medical data and then subsequently utilize this information for fraudulent purposes. One place that many criminals turn to after a data breach is the dark web. The dark web is a hidden marketplace where stolen information and/or illegal services are traded. Due to the fact that healthcare organizations store much more sensitive data about consumers, medical record information is fetching big bucks on the dark web. Check out our infographic for more information on what the dark web is and why it is a concern for consumers and businesses.

Medical records are appealing to fraudsters for many reasons. As criminals adapt and alter their focus into the healthcare industry, it is more important than ever for organizations to enable robust identity verification and fraud prevention programs that establish the legitimacy of each consumer.

Why Fraudsters Want to Obtain Stolen Medical Data

The reason that medical records are commanding high prices on the dark web is due to the abundance of information contained in the records that isn’t already available. Whereas credit card data and Social Security Numbers are sold to criminals for pennies on the dollar, medical records can fetch a much higher price tag. But what makes medical records so valuable to fraudsters?

• More than Just SSNs – A person’s medical record contains a wealth of information that goes into greater detail about the person’s life. This makes it easier for fraudsters to recreate or assume an identity, which they may use to access a bank account, file a tax return, apply for a loan, or purchase products.
• Policy Information – Insurance and medical policy numbers are especially attractive because they can be used by a fraudster to make false claims in order to collect a payout or access prescriptions for painkillers or other drugs.
• Personal Details – Family member names, birthdays, addresses, and other data is useful to criminals that are looking to bypass security measures set up by an organization. This information helps someone seem credible because they may present personal details that aren’t widely known during authentication.
• Phishing – Stolen email addresses can be used for phishing scams where a fraudster will set up fake email accounts or websites with the goal of getting consumers to enter more detailed confidential data, such as passwords and account information.

Ways to Prevent Abuse of Information and Potential Fraud

Since customer information is being stolen using a variety of methods and from many different sources, it is necessary for organizations to be cautious and thorough during the identity verification process in order to minimize risk. IDology’s ExpectID solution allows a company to gain confidence that they are working with a legitimate customer and not a fraudster using his or her credentials. At the same time, ExpectID helps reduce business costs while driving revenue and customer acquisition by increasing the level of verification only in cases that warrant further review based on an organization’s preset rules. To learn more about the ExpectID solution and how your organization can benefit, contact a representative at (866) 520-1234 to set up an online demonstration today.