Forget your credit card details, hackers make ten times more money from stealing your medical records... as hospitals have old computers with poor internet security

Former school cop 'shoots dead' teacher ex-wife in front of terrified students and 'murders' girlfriend at his home - on day he was due in court for impregnating 15-year-old and 'raping' her friend, 16,
Mistrial declared in case of Arizona rancher accused of murdering migrant on his land - as his lawyer reveals how many jurors thought he was innocent
Tragedy as family of five - including two children - are found dead inside a home 'by ten-year-old boy' in suspected murder-suicide as cops say they 'all died violently'
Jerry Seinfeld gives damning assessment on Hollywood and says 'confusion' and 'disorientation' has engulfed the movie business
The 'terrifying' Apple iPhone feature hardly anyone knows about - but it could save your life
The mind does not comprehend! Foreigners share things about the American lifestyle that leave them absolutely baffled
Anti-Israel protester armed with flares march toward NYPD headquarters after cops in riot gear stormed NYU to shutdown 'Gaza Solidarity' camp - arresting dozens of students and faculty
NYC author calculates exactly how much white privilege and racism has benefited her financially - and the amount will surprise you
Dental surgeon screwed tooth implant into father's BRAIN cavity in horrific blunder - then dumped him at a hospital and fled
OJ Simpson's reclusive daughter Sydney, 38, breaks cover carrying a child's car seat in Florida days after her infamous father was cremated - the first time she has been seen in six years
Royal fans are left disappointed by no new picture of Prince Louis as he turns six, as William and Kate's social media accounts stay silent in the early hours of his birthday
Rebel Wilson gives three clues to the identity of the Royal Family member who she claims invited her to a drug-fuelled orgy
Why Meghan's podcast has hit a snag before it even begins: Duchess's new Archetypes audio shows are put on ice 'until next year at the earliest' while she focuses on her lifestyle brand
How cheeky birthday boy Prince Louis won the hearts of a nation. CLAUDIA CONNELL celebrates six years of charming fun - and laughter - as the youngest Wales blows out his candles...
Terrifying moment bearded man carries away terrified woman crying for help before driving off in apparent kidnapping
Does the 10-2-20 workout really help you lose weight in just 20 minutes? Fitness buffs rave over simple exercise
Dermatologist reveals exactly how to tell if your hair loss is 'NORMAL' - or if your shedding tresses are a sign that 'you have a problem'
Patrick Mahomes' wife Brittany flashes major underboob in tiny orange bikini on a private yacht while enjoying a girls' trip to Cabo San Lucas
Biden campaign reveals why they think Joe can WIN Florida and how Trump's 'cruelty' has led to women 'driving for a day' to get an abortion
The morning after the night before: Georgia cops and volunteers clean up Tybee Island beach after raucous spring break partying cost the city $220K
Inside the exclusive Boston neighborhood where luxury homeowners flog their on-street parking spaces for an eye-watering $750,000
Elon Musk lashes out at Australia’s PM accusing country of ‘censorship’ after judge there demanded X remove videos of Sydney church stabbing
The boy in the attic: Mom's harrowing final words before she died of a broken heart are revealed as body of her 12-year-old is finally found four years after he went missing
Democratic Minnesota Senator and Air Force vet Nicole Mitchell, 49, is arrested for burglary after being caught 'breaking into her stepmother's home'

Hospitals and health care providers are 'easy targets' according to experts
Hackers make ten times more selling medical records than credit cards
Chinese hackers recently stole 4.5 million medical records from US firm
Hackers can steal thousands of dollars before irregularities are spotted

Published: 03:52 EDT, 25 September 2014 | Updated: 04:15 EDT, 25 September 2014

e-mail

Cyber criminals can make ten times more money hacking someone's medical information rather than their credit card details, new research has shown.

The FBI has warned US health care providers of the new threat after a group of Chinese hackers stole personal information from 4.5 million patients after targeting the computer network of Community Health Systems Inc.

Internet security experts believe the $3 trillion US healthcare industry is a ripe target for cyber criminals because many health care providers use older computers with inadequate tools to protect the confidential information.

Scroll down for video

Dave Kennedy, CEO of TrustedSEC said hospitals have low security so it is easy for hackers to get lots of data

Cyber criminals have discovered that stolen healthcare details are ten times more valuable than credit cards

Dave Kennedy, healthcare security expert and chief executive officer of TrustedSEC warned that too many providers underestimate the scale of the problem.

He said: 'As attackers discover new methods to make money, the healthcare industry is becoming a much riper target because of the ability to sell large batches of personal data for profit.

'Hospitals have low security, so it's relatively easy for these hackers to get a large amount of personal data for medical fraud.'

Interviews with nearly a dozen healthcare executives, cybersecurity investigators and fraud experts provide a detailed account of the underground market for stolen patient data.

The data for sale includes names, birth dates, policy numbers, diagnosis codes and billing information. Fraudsters use this data to create fake IDs to buy medical equipment or drugs that can be resold, or they combine a patient number with a false provider number and file made-up claims with insurers, according to experts who have investigated cyber attacks on healthcare organizations.

Medical identity theft is often not immediately identified by a patient or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected.

Stolen health credentials can go for $10 each, about 10 or 20 times the value of a US credit card number, according to Don Jackson, director of threat intelligence at PhishLabs, a cyber crime protection company. He obtained the data by monitoring underground exchanges where hackers sell the information.

The percentage of healthcare organizations that have reported a criminal cyber attack has risen to 40 per cent in 2013 from 20 per cent in 2009, according to an annual survey by the Ponemon Institute think tank on data protection policy.

The hacker access medical records and use the details to make fraudulent claims against insurance policies

Founder Larry Ponemon, who is privy to details of attacks on healthcare firms that have not been made public, said he has seen an increase this year in both the number of cyber attacks and number of records stolen in those breaches.

Fueling that increase is a shift to electronic medical records by a majority of US healthcare providers.

Marc Probst, chief information officer of Intermountain Healthcare in Salt Lake City, said his hospital system fends off thousands of attempts to penetrate its network each week. So far it is not aware of a successful attack.

He said: 'The only reason to buy that data is so they can fraudulently bill.'

Healthcare providers and insurers must publicly disclose data breaches affecting more than 500 people, but there are no laws requiring criminal prosecution. As a result, the total cost of cyber attacks on the healthcare system is difficult to pin down. Insurance industry experts say they are one of many expenses ultimately passed onto Americans as part of rising health insurance premiums.

Consumers sometimes discover their credentials have been stolen only after fraudsters use their personal medical ID to impersonate them and obtain health services. When the unpaid bills are sent on to debt collectors, they track down the fraud victims and seek payment.

Ponemon cited a case last year in which one patient learned that his records at a major hospital chain were compromised after he started receiving bills related to a heart procedure he had not undergone. The man's credentials were also used to buy a mobility scooter and several pieces of medical equipment, racking up tens of thousands of dollars in total fraud.

The government's efforts to combat Medicare fraud have focused on traditional types of scams that involve provider billing and over billing.

Fraud involving the Medicare program for seniors and the disabled totaled more than $6 billion in the last two years, according to a database maintained by Medical Identity Fraud Alliance.

Jeff Horne, vice president at cyber security firm Accuvant said: 'Healthcare providers and hospitals are just some of the easiest networks to break into.

'When I've looked at hospitals, and when I've talked to other people inside of a breach, they are using very old legacy systems - Windows systems that are 10 plus years old that have not seen a patch.'

KPMG partner Michael Ebert said security has been an afterthought for many medical providers - whether it is building encryption into software used to create electronic patient records or in setting budgets.

He said: 'Are you going to put money into a brand new MRI machine or laser surgery or are you going to put money into a new firewall?'