Children' Identities and Their Future, Stolen.

in #security8 years ago (edited)

A breach with greater risks than financial data breach is on the rise, the details of the catastrophic results that Victims could experience are pretty much untold.

A large amount of seemingly "unimportant" data are easily stolen from healthcare sectors- insurance companies, hospitals etc. Many of you shrug and say to yourself that if the hackers want to know about your health status, let them hack since the doctor's visit for a minor surgery is going on Facebook anyway. This post may lead you to think again.

If this is how much the healthcare data breaches could cost the healthcare sector [1]...

...Estimated $6.2 Billion In Data Breaches...
Nearly 90% of healthcare organizations were slammed by a breach in the past two years...

... then have you ever wondered why the worth or how exactly do the hackers and fraudsters generate money with stolen healthcare data?

Why are risks greater?

Adult Victims

Financial data breach will cost Victims their money with their Financial Institutes, but a healthcare data breach will potentially cost Victims more than just that, because:-

  • New accounts with financial institutions can be opened with stolen data;
  • Once opened, linking the account to Victim's other financial accounts would be easier;
  • Government's accounts for use in filing taxes and medical reimbursements;
  • Perpetually blackmail of money;
    In short, the Fraudsters will then be able to act as if he is the "rightful owner" of Victim's identity.

The "rightful owner" has the capabilities to do these and land Victim in instances like these:-



source

  • (Fraudster) May acquire prescription drugs in Victim's name.
    So, to all potential Victims out there, don't be mad if the next time you are unable to obtain your Xanax at the prescription counter because you had already did. And where are the Xanax now? On sale in The Darknet's black market. So perhaps you will have to buy some BTC and make your purchase there.
    |Oppz, sorry, a bad joke!|

  • Debts not incurred by yet accrued in Victims' names.
    Victims may receive the letter of demands from the banks' credit collection without any knowledge of accounts' existence or medical bills.
    Such fraudulent acts are pretty much beyond Financial Institutes' detections because the Fraudsters have all of Victim's private information to verify themselves as the "legit identity" (including the information that Financial Institutes do not, such as your claims history and others [2]).

  • (Fraudsters) May receive medical care in your name, at your expense.
    This may cause you delays for treatments, or becomes uninsurable, due to in the medical records from Fraudsters' use. The opposite is true, that medical records can be hacked to modify medical histories, thus making someone at becoming insurable again (at the cost of insurance companies).

  • (Fraudsters) May forged documents and then reimburse government healthcare benefits in Victim's name.
    Your medical claims limits would be exhausted in no time, and should you need it in time of emergencies... Or, worse, you may get yourself arrested for "fraudulent claims and forgery".

  • (Fraudsters) May make insurance claims
    Both on Victim's existing policies that are legitly owned by the Victim or from new policies that the Fraudsters purchased in Victim's name. I am pretty sure that you will get very mad if you are dead and have a counterfeit death certification that facilitates the sum assured to the Fraudsters' pockets.

  • Tax claims etc...

  • Blackmail for life.
    Heard of cyber-bullying and its devastating impact on lives of victims? The depressing thoughts that run wildly in the victims' heads due to trolls' abuse on the social media? Embarrassments caused by cyber-bullies who uploads your private pictures on the Internet? How about the medical or rehabilitation records held as ransom for ongoing payments? The frowned-upon HIV illness is one good example in this case. Sufferers of this seemingly "shameful" illness would be pressurized to give in to threats and payments to prevent "public shaming" threats by the cyber- bullies. The mental stress that it will bring along with the treats may cost a life.

So, why the limited attention to such severities seen above?
Other than difficulties in detections, healthcare organizations that were hacked seem to only do some surface improvement for cyber hygiene. And other than getting fines, the reputational damages are somewhat little and quickly forgotten by the public.

But for the victims? Identities remain stolen, forever.

To be fair to the Healthcare Industry, data stolen are not solely and always obtained from their huge databases although to steal bulk data is a quicker way for hackers. These days, you do not need to be a geeky person with advanced IT skills to be a 'professional hacker', as the geeky hackers have improvised their tools (just like how we have 'drag-and-drop' user's interface tools to make websites creation easy) to assist hackers-to-be in being as 'pro' as themselves[3].


source

Data in the deep web's economy.
It is not something new regarding personal data like credit card information, email addresses' passwords etc, are stolen by hackers and then sold to fraudsters in The Darknet's black market.


What goes unaware by many are the invite-only forums which sell detailed stolen personal data- from allergies to blood type to the entire medical history.



source: icitech.org

How convenient it would be for Person A to attempt murder on Person B, should Person A get hold of information such as a life threatening allergy of Person B, and then get away scot-free?
|Sounds far-fetched, but it does present some risks.|

After the purchase of Victim's details (in softcopy) from the Hackers, the Fraudsters will turn to other sites on the deep web (through Hackers' referral perhaps) to purchase the counterfeit physical copy of the i.e. Birth Certificate, from other vendors.



source: icitech.org

Final step is to obtain counterfeit documents that are 'certified', 'embossed' and 'valid' for use for those activities you have read above.

Parents' Nightmare

Child Victims

Children's information could be more valuable than adults, because like mentioned above, data remains stolen forever. It could to a life-long exploitation.


source: icitech.org

  • A scenario where a child's information, together with the parents', were stolen in a healthcare data breach. The Fraudsters can now consume the identities of the whole family and can commit similar fraudulent activities described earlier. The younger a child is, the tougher it is to prove their real identity and in order to, i.e. lodge a report that a fraudulent death claim on a child has been made, you have to first find out. But how? Even if the fraud was discovered, the amount of time and extensive work the parents have got to do to reclaim identity (in a death claim scenario), and also to prove that the parents were not part of the fraud setup, can be tedious.

  • With the explicit use of social media, and giving up of privacy (or being made to give up through others' postings and tagging), it allows Fraudsters to remotely monitor the children's movements and lifestyle habits. Knowing their whereabouts, and together with counterfeit documents made (i.e. passports), a new and ready avenue is being opened up for kidnapping and human trafficking of children into the pedophile ring etc.

Kidnappers may not be the preconceived kind of dangerous-looking person who is armed, grabs and runs away with children. Kidnappers may jolly well be social engineering experts. Especially after monitoring the children's daily life through social media, approaching children without raising passerby's suspicions, these children are headed towards walking their life away, fully unaware.

With the data breaches coming from every corner these days, the pandora's box to regrettable heartaches and monetary losses to the uncalled-for is only a yard away.

Although it is too late to implement security measures since damage is done, but we can hope for the better for the children yet to come.

If you can think of other areas that could potentially impact people, please comment and share.

For a 54-pages PDF write-up on "Deep Web Exploitation of Health Sector Breach Victims", click here.

~End~







onlyanopinionFT.png
Knowing that no one pleases everyone and there is a flip side to every coin, including Bitcoin. Whether you agree, agree to disagree, or the opposite, do not just take my words for it, be sure to look it up.



Thank You SteemVerify

Uploaded via gifyu.com

  1. http://www.darkreading.com/threat-intelligence/healthcare-suffers-estimated-$62-billion-in-data-breaches/d/d-id/1325482

  2. http://www.infoworld.com/article/2983634/security/why-hackers-want-your-health-care-data-breaches-most-of-all.html

  3. http://news.softpedia.com/news/hacker-selling-651-894-patient-records-on-the-dark-web-505680.shtml

#hacker #health #darknet #life
8 years ago in #security by
$0.00
    6 votes
    Reply 0

    Coin Marketplace

    STEEM 0.20
    TRX 0.12
    JST 0.028
    BTC 65231.23
    ETH 3491.62
    USDT 1.00
    SBD 2.48