Healthcare in the Crosshairs
Is Healthcare the new Target? Recently I've received a number of 'I am writing to inform you that we were the target of a sophisticated cyber attack and some of your personal information may have been accessed by the attackers..' letters for myself and my family. I especially hate the ones that start, 'To the parents of...' because my daughter has a rare genetic condition. You probably got one of these letters too since the Anthem breach could have disclosed medical records for as many as 80 million people. Medical identity theft is big business and has become a huge target over the last few years. The attackers are not really interested in that sprained ankle or those 25 stitches from last summer. They want the personally identifiable information. Names, addresses, birthdays, and social security numbers. Stuff you can actually use to open accounts, commit insurance fraud and create fake identities - using real information. Healthcare info also goes for a premium on black market sites. One expert noted that recently that at one underground auction, a patient medical record sold for $251 while credit cards are selling at .33 cents. With all the recent retail breaches, credit cards have flooded the underground, plus they can get cancelled quickly. I also know that fraudsters are already trying to entice people with fake emails and calls regarding the breaches - I've gotten a bunch of them recently. More than ever, do not click the email link unless you're expecting something. The interesting phenomenon for me is all the identity theft protection offerings from various credit bureaus. One breach, sign up here...another breach, sign up there. It is important to take advantage of the services to stay alert on your identity but you also have to include the very same sensitive info that was just compromised to yet another entity. I'm waiting on the breach of one of these identity protection sites. I mean the thieves must be thinking, 'well, we missed them in the medical grab but maybe we can get them through the protection app.' According to Ponemon Institute, about 90% of healthcare organizations have reported at least one data breach over the last two years with most due to employee negligence or system flaws but more, as we've seen recently, are due to criminal behavior. Certainly, there will be more of these healthcare hiccups in the coming years especially with the push to digitize medical records. Great for patient access but a huge risk for unauthorized peeks. With the Premera breach hot on Anthem's heels, I hope providers are getting the message that the bad guys are coming for ya. ps Related Massive breach at health care company Anthem Inc Anthem Data Breach: Potential Game Changer for Healthcare Health care data breaches have hit 30M patients and counting Data Breach at Anthem May Forecast a Trend Premera breach: Are hackers targeting more health records as credit card companies improve security? The Hacker Will See You Now Lost Records a Day Shows Doctors are Blasé The Top 10, Top 10 Predictions for 2015 . Technorati Tags: healthcare,records,pii,breach,patient,silva,security,privacy,f5,medical Connect with Peter: Connect with F5:The Internet of...(Drum Roll Please)...Band-Aids?!?
Last week I told you about my family's experience with an under the skin glucose sensor that tracks blood sugar levels. While this Internet of Things trend often takes the form of a thermostat, light bulb or coffee machine, the medical field has been using sensors for a while and it is about to get even more connected with your skin. We're talking skin tags of a different kind. First up is a sensor filled smart bandage. Ed Goluch, an assistant professor of chemical engineering at Northeastern University is working on a smart band-aid that will monitor infections and alert the person. He was investigating how individual bacteria cells behave by using a sensor. The sensor measured the produced toxins and how cells reacted to antibiotics when the idea hit. Next they build an electrochemical sensor with computer chips to detect Pseudomonas aeruginosa, a bacteria that commonly takes advantage of people with compromised immune systems. For this particular bacteria, it can detect of an infection is starting before symptoms show and the patient can put an antibiotic on the wound to heal it. So far the testing has only occurred in the lab and the next step is humans and animals. Pretty Cool. In Japan, University of Tokyo, in cooperation with JST, has introduced the world’s very first flexible wireless organic sensor. This paper-thin, water proof sensor can also be used for band-aids but also a few other health situations. Like urine. OMG! Did he just write the word for pee in a blog post?!? Yup, we all do it but back to the story. The idea is to be able to detect the chemical compound for health related matters. The circuit was actually tested on a wet diaper where it was successfully able to transmit the needed data and receive power from a nearby source. The cool thing about this sensor is that they wanted to develop something that is easy to make, use, dispose and replace. Instead of expensive components, they went for simple detectors for thing like humidity and air pressure. Being small and low cost, they could be used for such disposable things like diapers or bandages. Next up is a microchip that can now be printed directly on the skin. Originally designed for sports physicians, MC10 has created a health sensor that is formed with spray-on bandage material. Since it is essentially a second skin, it can detect hydration levels and temperature of the wearer. It lasts about two weeks on the body even while bathing or swimming and it is 1/30 the size of previous sticker sensors. Lastly, the iPhone 6 and it's NFC (near field communications) chip has been one upped by a human. Robert J. Nelson has had a NFC chip implanted in his hand! We've seen stories the past couple years about body modification with chips so he isn't the first but for $99 he picked up a chipset and got someone to implant it. In his story he states, 'I should make it clear that I am not trying to become a cyborg or anything like that. For me, getting this implant came down to having a strong interest in technology and the connected space, and more to the point is that I am someone who likes seeing technology integrated into life. Or in this case, my body' Seriously, wouldn't be cool if you twisted your ankle and your sock would tell you how bad the sprain was? And then sent the data to your doctor for an appointment if it was serious? Or just quickly cooled down so you have ice around the sprain? Dizzying, all the applications for this. Forget about the internet being this thing we use to look up stuff and email...soon we all will be part of the internet with our connected bodies. The Internet of You! ps Related: A Smart Bandage To Let You Know When Your Wounds Are Infected My Sensored Family Cheap wireless organic circuits may soon make band-aids smart MC10's New Biometric Health Sensor Is Like a 'Second Skin' High-Tech 'Band-Aids' Call Doctors Wearable Technology That Feels Like Skin NFC chip implants: First Apple, now this guy Here's why I implanted an NFC chip in my hand Technorati Tags: iot,sensors,things,healthcare,medical devices,skin,silva,smart bandaids,f5 Connect with Peter: Connect with F5:Identity Theft Hits Close to Home
While certainly not the likes of having SWAT show up at my house like Krebs or even Honan's fiasco, we've had some ID theft attempts occurring for the past few months...actually my wife has. It all started innocently enough at a child's birthday party. We were invited to a now ex-friend's house for a kid's birthday party this past April. We were told it would be a small gathering of a few close friends. Usually, when we attend things like this, my wife will leave her purse covered, locked in the car. In this instance, thinking it was a small group, she took her purse in. To our surprise, this was not some small get-together, as we were told, but a big party with numerous parents, kids and jump bouncers in back. Many people we had never met. That's cool, meet some new families with kids around the same age. Almost immediately, the 'host' told my wife that she would put her purse in the home office where it would be 'safe.' At the time, we didn't think anything of it since we had been to this house numerous times and had trusted the family. The following week, my wife mentioned that she couldn't find a couple credit cards but thought she had misplaced them. 'They gotta be around somewhere.' You know the phrase. After another week of not being able to locate them, she called the card companies and requested replacements. At that point, nothing, as far we knew was amiss. A couple weeks later, we get a letter from the credit card company (the one we replaced) saying they were not able to change the mailing address of our cards since certain security verification was not provided. This was for the old, just replaced card. Clearly not knowing that we had already cancelled and replaced the card, the thief attempted to change the mailing address for our account. What?!? But couldn't provide a photo ID with the new address or the secret squirrel settings so it was denied. Nice. We asked the card company for details and they could only provide the basics: it happened, verification failed, it stopped. But don't you have caller ID?...Can't you go back and look?....What question failed? Nothing. See, while potential fraud was potentially attempted, it never actually occurred since it was not successful...thus no investigation. I can understand. We locked and froze and alerted the credit community. Another couple weeks go by and due to the alerting in place, my wife gets a call asking if she's currently attempting making a purchase of some high end sunglasses online. She wasn't. Add to that, whoever apparently entered the wrong billing address. Denied. This was a different credit card than the address change attempt. We got the CC transaction ID and hoped, maybe, that the online vendor could correlate. What address did they enter?...Can you get any meta information from the transaction logs?...Can I talk to your IT department? As you probably know, CC transaction numbers do not always match the merchant's transaction ID and neither was able to correlate the other's. They did their best providing what they could but nothing to connect the two incidents...even though we had our suspicions. Change of address request could come from anywhere and purchasing online...well it is the world wide web. There was no way to tentatively finger someone but we did file a police report. And then last week, my wife gets a call from our local pharmacy informing her that the doctor had denied her cough medicine refill and that she needed to make an appointment with the doctor if she needed the medicine. The only problem was that she hadn't requested a refill. This was for some codeine laced cough syrup that was scripted over a year ago. The caller had her name, doctor and birthday...plus knew exactly what medication to request and which store to request it from. Big mistake. The geographic region of the perpetrator just shrunk from world wide to our area. There was/is only one person who would have all that info - the host of the birthday party. It was her doctor (recommended to my wife) and she went with my wife when the cough medicine was prescribed. I told the pharmacy to just fill something with grape juice and hold whoever tries to pick it up. Yeah, ahh, they don't do that. I guess a sting operation is outside the realms of a pharmacy but sounded good to me. Now we've added an 'attempted' medical ID theft with a controlled substance sidebar. Another police report filed. While we do not have a video of the individual attempting the crimes, all indications point to one person. Some of you might know that my wife is a retired Federal Investigator. She spent some time hunting fugitives as a US Marshall and protected past #2s while in the Secret Service. So she went down every other possible investigative path. The only one who had access to her purse, who also likes to purchase expensive sunglasses and would know specifically my wife's birthday, our pharmacy, and that particular medication along with who prescribed it? It finally sunk in. According to ITAC, more than 1.5 million consumers were victims of familiar fraud, which is fraud when victims know the fraudster. Back in 2006, the FTC Identity Theft report noted that 2% of thieves were co-workers of the victim, 6% were relatives or family members and 8% were friends, neighbors or in-home employees. For medical ID theft, Ponemon's 2013 Survey on Medical Identity Theft said a family member took the personal identification or medical credentials without consent 28% of the time. Unfortunately, many of these crimes go unreported due to the perpetrators being friends and family. Identity theft is on the rise and if I remember correctly, medical ID theft is the fastest growing segment. I'm certainly not suggesting to keep your personal secrets locked from your trusted, long time best friend or a family member. But for us, this experience will make us think twice about divulging certain information to fly by friends. ps Reporter’s Identity Stolen The World Has No Room For Cowards Largely a family affair, medical identity theft on the rise I challenged hackers to investigate me and what they found out is chilling Identity Fraud by Friends or Family Identity Thief Is Often Found in Family Photo ITRC Fact Sheet 115 - When You Personally Know the Identity Thief Who Commits Identity Theft? Your Identity Thief Could Be Your Sibling or Child Parental Identity Theft Statistics Technorati Tags: identity theft,medical,privacy,security,friends,family,credit card,silva Connect with Peter: Connect with F5:
