Cybercrime , Fraud Management & Cybercrime , ID Fraud

Report: Threat Landscape Growing Scarier for Healthcare

Health-ISAC Warns of Cybercrimes Involving Synthetic Accounts, 'Product Abuse'
Report: Threat Landscape Growing Scarier for Healthcare
Image: Getty

Threats that traditionally menaced other industries - including synthetic accounts and abuse of IT product platforms - are among the top emerging worries for the healthcare sector, warns an industry report.

See Also: FRAML Challenges: A New Risk Era for Mid-Market Banks and Credit Unions

Synthetic accounts, which have been long used by cybercriminals to fraudulently obtain loans and credit lines, are now increasingly being used for committing healthcare fraud and other crimes, says the report, a collaboration between analysts at the Health Information Sharing and Analysis Center and consulting firm Booz Allen Hamilton.

"I saw plenty of this in the banking and finance sector, and it certainly happens in the healthcare sector with the creation of fake medical providers and fake businesses that bill insurers and the government for services never delivered," Errol Weiss, Health-ISAC chief security officer, told Information Security Media Group.

"What's new here is the abundance of stolen PII in criminal forums plus the commodity use of artificial intelligence tools that fuel the creation of massive numbers of synthetic IDs."

The full report was released last month for H-ISAC members, but the organization released an executive summary for the public this week.

In terms of "product abuse" threats, healthcare organizations with internet-facing websites "are easy targets for actors that employ compromised user credentials, proxy networks, and customizable crimeware to carry out account takeovers, or unauthorized access" to systems such as health record systems, the report says.

"Despite efforts to secure healthcare organization environments and implement improved controls, threat actors are extremely adaptable and recognize that information they can steal can be used in more ways than one to generate monetary gain."

Growing Concerns

Other experts are also predicting a similar evolution among cybercriminal activities affecting the healthcare sector.

"Threat actors - other than those who are politically motivated - will certainly continue to do whatever they think will make them money in the easiest way possible," said attorney Erik Weinick, co-founder of law firm Otterbourg P.C.'s privacy and cybersecurity practice and a member of the U.S Secret Service's Cyber Fraud Task Force Steering Committee.

"Since organizations are much less likely to pay ransomware demands than in the past, we can fully expect to see a shift to a greater number of smaller thefts, such as through billing fraud - such as redirecting reimbursement checks or insurance payments or fraudulently obtaining prescription medications that are then resold," he said.

Exploits that allow for product abuse are also concerning for a number of reasons, Weinick said.

Anytime healthcare systems are compromised, there is a risk of disruption to patient care, according to Weinick. But these types of compromises can result in direct monetary losses for providers, insurers, the government and patients alike through redirection of payment instructions, he said.

Information exfiltrated from patient files can be used for identity fraud, Weinick said. And, he added, "important intellectual property and other monetizable information can be exfiltrated from healthcare systems."


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.