Authored by a Symantec employee
Healthcare is Big Business for Cyber Criminals
The healthcare industry is a prime target for attackers because healthcare data is a treasure trove to cybercriminals. By targeting a hospital’s records rather than just a credit card number or financial data, an attacker can easily gather additional personal information from these sources, especially if their goal is identity theft. As a result, medical records are much more valuable to attackers than single credit card numbers. While a credit card can be canceled or changed, a person’s Social Security number, health history and other things cannot. This data retains its value to attackers over time, and can be used in multiple types of fraud.
Recently, UCLA Health announced that it was the victim of a criminal cyber attack, potentially affecting as many as 4.5 million patients. The health provider detected suspicious activity in its network in October of 2014, and began investigating the suspicious activity, partnering with the FBI.
While it does not look like any credit card or other financial information was accessed, it appears that the cyber criminals may have gained access to a database containing sensitive patient information such as names, addresses, dates of birth, Social Security numbers, medical record numbers, and health plan information. It is important to note that at this time, UCLA Health has no evidence that the criminals actually accessed or acquired any of the individuals’ personal or medical information data, based on a statement issued July 17, 2015. The event is currently under investigation, and UCLA will notify the patients that may have been compromised, and will provide one year of free credit monitoring.
According to Symantec’s 2015 Internet Security Threat Report: For the fourth year in a row, the healthcare sector reported the largest number of data breaches. There were 116 breaches for the healthcare industry, which accounted for more than a third of all breaches (37 percent).
Data breaches that are the result of hacking were up 82 percent in 2014, and it’s no surprise these numbers are rising every year.
There is a thriving underground economy for medical data, which can be used for a multitude of fraudulent activities, fetching a high price on the black market.
How Can I Stay Safe?
If you suspect that you could possibly be affected by this data breach, you can start to protect yourself proactively. Here are some things you can do:
- Be on the lookout for any notifications in the mail from UCLA Health. The organization stated that it will be mailing letters to the affected patients over the next few weeks. These letters will contain details on how to access their identity theft and restoration services that they will be providing.
- Keep a close eye on your credit report. You can even put a freeze on your credit report with the major reporting bureaus, which will not allow any new accounts to be opened in your name.
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
© 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.