Medical Records are New Target for Cybercriminals

 medical records

Cybercriminals don’t have any scruples when it comes to gathering personal data. They have been known to steal credit card information as well as personal identification such as a social security number.  Now we can add medical identity theft to the list of things that cybercriminals are eager to steal from unsuspecting victims.

Redspin, a cybersecurity company, reports that approximately 30 million Americans have had their personal health information breached or disclosed since 2009. Redspin’s report also claims that 4 million records were breached in the single largest incident.

Health data is becoming increasingly vulnerable to cyber thieves because of the migration of information to mobile devices. Medical professionals use laptops, tablets and other mobile devices to access personal medical data which puts the data at risk if it isn’t encrypted properly or secured properly.

“This should be a clarion call to the healthcare industry,” reports Respin. “The trajectory is predictable yet preventable. With PHI data on more portable devices used by more “under-educated” employees, it is a virtual certainty that there will be more breaches. Mitigating that risk must become a higher priority throughout the entire industry.”

Cybercriminals who hack medical information are looking to steal everything from prescription information to Social Security numbers and credit card information. Medical billing records contain almost all of this information in one place.

Medical data is sought after for numerous reasons by thieves. Last year, CNBC ran a report about medical identity theft targeting victims in order to receive medical services, devices or prescription drugs.  It could take years before the theft of information is noticed.

Robert Gregg, chief executive of ID Experts, a cyber security firm, compared the value of different types of identity thefts for CNBC. He said, “A financial identity can be worth $5 to $10 if you have all the info. A medical identity can be five to 10 times that amount just because how easy it is to monetize that information once the bad guys get it.”

Signs that your medical information may have been breached:

-Unexpected medical bills for services not performed.

-Notice of health plan benefits saying benefit limit has been reached.

-Medical records show a condition you don’t have.

Review your medical history, report anything out of the ordinary, and never share medical information or personal identification information.

--------

Steam Family Sharing Available to Users

Valve has announced that “Family Library Sharing” is now available to all Steam users. The Steam Family Library Sharing allows family and guests to play one another’s games. It is used by players who share computers and who want to share their available library of games with one another. Players can save their own achievements and progress in the game to the Steam Cloud.

How does it work?

Players enable Family Library Sharing on their shared computers. The familiar accounts that log in to them can be authorized for game sharing. A request is made to the friend or family member that you want to share a game with. One you are authorized, the games become available for “access, download and play,” according to Steam.

How much sharing is allowed?

Authorization for Family Library sharing can be given on up to 10 devices at a given time, and for up to five accounts. Simultaneous usage of an account is prohibited. Some Steam community members have begun to complain about this issue. They have suggested that it isn’t sharing when a friend borrows a game and is given a “few minutes” to purchase the game or quit because the owner of the game wants to play it at the same time.

What happens with game data?

Steam allows individual members to save game places, earn achievements and save application data in the Steam Cloud. According to GameSpot, “Lenders can’t access games that aren’t available in their region or games that require a third-party key, account or subscription.”

Is it safe?

Keeping your account and game libraries safe should be a priority. Sharing any kind of data through multiple devices can open the way for hacking to occur. Steam can revoke and close an account if your library is used to cheat.  Make sure the only people you share your game library with are ones that you trust.  Steam recommends that you only authorize familiar computers that are known to be secure and that you never give your password to anyone.

--------

Bitcoins Vanish and Mt. Gox Goes Dark

Bitcoin is a buzz word in the news lately.  Almost half a billion US dollars worth of bitcoins vanished into thin air last week when the bitcoin exchange Mt.Gox went dark.  It helps to understand what bitcoins are to understand why customers are upset about the disappearance of virtual funds.

What are bitcoins?

Bitcoins are virtual currency that approximate cash on the internet. The coins are purely digital and not linked to any government entity. The coins are not backed by any bank or government.  The virtual coins are mathematical algorithms that are exchanged directly between two parties online with no middle man. That means no bank, no government, and no other authority over the printing, distributing or mining of the coins.

What is a bitcoin worth?

According to a Simple Bitcoin Converter, 1 bitcoin is worth $657.60 USD at the time of this post. The exchange rate does fluctuate.

What is the idea behind bitcoins?

The idea behind bitcoins was to create a currency that is completely segregated from a country’s government. For example the United States has no control over the creating, distributing or backing of bitcoins as it does with American currency. Bitcoin was aiming to become a universal currency that changed the current economic system.

What happened?

A rumor appeared that several hundred thousand bitcoins disappeared from one of the dominant exchanges for bitcoin trading.  Slowly the rumor unraveled to become fact. Mt. Gox CEO Mark Karpeles bowed in apology at a news conference in Toyko after revealing that it had lost almost 750,000 of its customers’ bitcoins. On top of the large amount lost, which equates to almost half a billion dollars in US currency, Mt. Gox also lost 100,000 of its own bitcoins.

Karpeles said that technical issues and “some weakness in the system” opened the way for the fraudulent withdrawals.  He did not delve into detail about what the “weakness” or address what the technical issues were.

What is being done for victims of the fraud?

Customers who lost bitcoins have assumed a risk by using a currency not backed by any central bank.  There are no regulations in place. Mt. Gox has shut its operation down and is filing for bankruptcy protection. Some victims are attempting to bring about a class action suit against the once popular exchange.

According to Wall Street Journal, Gregory Green filed a claim with an Illinois District Court seeking damages and restitution.  The claim alleges that Mt. Gox engaged in “unlawful, deceptive, and unfair conduct that is immoral, unscrupulous, and causes substantial injury to consumers.”

Recourse might be very difficult for the victims of the vanishing bitcoins because the exchange was never regulated and never backed by any government or bank. In the meantime, bitcoin enthusiasts believe that the missing coins can be found and are hunting them down themselves.

 

--------

PSN Hackers Target PS4 Users, Sony Stays Silent

In December of 2013, PlayStation 4 users began seeing a problem with “irregular activity” on their accounts.  Sony reset PlayStation Network passwords after noticing the irregular activity that users were complaining about. Several users saw charges being made to their accounts while their game system was off.  According to Gaming Bolt, users are still reporting the same issues that were reported months ago.  And there seems to be a direct link with FIFA games.  In FIFA games there are several things you can buy with real money. Some users link their credit cards to the games in order to buy the things wanted or needed in the game being played.

Many users have complained that it wasn’t just PlayStation Network hackers targeting PS4 users. Some Xbox 360 users have faced similar hacking attempts. One user claimed, “Something similar happened to me on Xbox 360, was charged $135 and they bought FIFA and season pass and crap. Microsoft cleared it all but it took 3 weeks and they temporarily closed my account during the investigation.”

Sony isn’t talking. Although the hacks began months ago the big gaming giant has yet to say anything about the hack attempts.  No one knows if Sony is working on the problem or whether any effort has been made to make PSN secure.

PSN users need to make sure their accounts can’t get hacked. One way that users can prevent hackers from stealing their information is to create a complex password that isn’t used anywhere else. Users should also change that password frequently. Users should report any suspicious activity as soon as possible and they should never, ever give out personal information like credit card numbers or social security numbers.

--------

U.S. Secret Service Investigating Possible Data Breach at Sears?

Sears Holdings Corp. is launching an investigation in the wake of cyber attacks on other retail stores.  Sears, the retailer run by Edward Lampert, has not revealed any details of an actual attack or security breach.

Sears spokesman Howard Riefs said in a press statement, “There have been rumors and reports throughout the retail industry of security incidents at various retailers and we are actively reviewing our systems to determine if we have been a victim of a breach.”

Riefs added that there has been no information to indicate a breach so far which completely contradicts a report made by Bloomberg News.  Bloomberg News, using an un-indentified source, reported that the U.S. Secret Service was involved in investigating a secret breach at Sears.  The U.S. Secret Service is remaining quiet on whether or not it is actually investigating a breach at the retailer.

What is known is that the U.S. Secret Service is leading the investigation into last year’s cyber attack on Target and last year’s attack on Neiman Marcus.  The Target breach lead to the theft of approximately 40 million credit/debit card numbers and over 70 million pieces of personal data.  Neiman Marcus has also faced the harm of a data breach.  The luxury retailer had 1.1 million credit and debit cards hacked by malware that infiltrated terminals point of sale systems.

Target, Neiman Marcus and other retailers who have experienced data breaches are attempting to gain back customer support by doing a lot of damage control. Target has offered free credit monitoring  and identity theft protection to customers for free for one year as part of its damage control efforts.

The rumor that Sears is investigating a possible security breach may still harm the retailer.  Lampert has struggled to make Sears profitable after 28 straight quarters of declining sales. A tarnished image from a potential data breach isn’t going to make shoppers rush out to buy anything from the retailer.

Original reports of the Target and Neiman Marcus breaches made clear that it could take months to confirm that breaches were made, how many victims were affected, and account for what data was stolen.

--------

Stolen Identity Refund Fraud: Who, What and Why

Stolen Identity Refund Fraud (SIRF) is a category that falls under identity theft. It involves the theft of the “tax” identity of the victim. As the tax filing season descends upon us we need to be aware of the very real threats of having an identity stolen.

Victims of stolen identity refund fraud have had their lives ruined. The criminal steals the “tax” identity of an individual for the purpose of filing a tax return. The criminal will obtain information about the victim and use it to obtain his or her social security number. The thief will then submit a false tax return in the name of the victim claiming a tax return. Forbes report claims that “unfortunately, in many instances the refunds are issued.”

The victims are left to discover the fraud when they go to file their tax returns. The IRS refuses to send out a refund because a return was already filed under the name of the individual.  The burden of proof rests on the individual to prove that their identity was actually stolen and that they did not file a return in the first place. It can be a very lengthy process for an individual to get straightened out with the IRS and it can be an even lengthier amount of time for any resolution to happen.

Sadly, stolen identity refund fraud victims are the elderly and individuals who are not required to file tax returns. Criminals who steal this information often get away with it for a long time before being caught. Often the victim finds out when they apply for state or federal benefits and cannot receive them due to information found on the fraudulent returns.

The IRS and the Justice Department have begun cracking down on identity theft and have been active in fighting identity fraud. The IRS makes it clear that the agency is devoted to preventing identity fraud. The website has information on how to report suspected identity theft and the precautionary measures that people can so they don’t become a victim.

--------

Consumer Reports Warns Email Theft Increases Identity Theft

Consumer Reports is warning to consumers that use of email addresses as a user ID increases your risk of identity theft.  The report cites the theft of millions of Yahoo users who had their email addresses stolen recently. Yahoo identified the attack on user email accounts and immediately acted to protect users by prompting holders to reset their passwords, according to a blog post by the corporation.

While there is no evidence that data was breached from Yahoo’s computer network, according to Bloomberg Businessweek, there is evidence that user names and passwords may have been taken from a third-party database. Consumer Reports warning is to users who often use their email address as their user ID because it can increase the chance of hackers getting into any other accounts you have associated with that email/user ID.

Identity thieves call the maneuver multipurposing. They steal personal data from one account and use it to break into other accounts. The theft of an email address can also lead to phishing scams, malicious software being placed on users’ computers, and malicious and fraudulent links being sent to everyone on a users contact list.

Once a criminal has access to email and passwords he can use it to break into a users bank accounts, online accounts, and use the information gathered to steal a users identity.

Consumer Reports gives an example, “Once the criminal has your e-mail address, he tries to sign into accounts at some large banks or major shopping sites, claiming he forgot his password. Some institutions will e-mail a “password reset” link or, worse, the password itself, to your address.”

Consumer Reports goes on to explain that once the password has been reset to the criminals password he will have full use of banking or shopping accounts that were broken into. The best way users can protect themselves is to consistently change their passwords and never use the same user ID as their email.

--------

Datapalooza , Tax Returns and Identity Theft

Protecting personal information is important. It is extremely important in the online world. Identity theft is a real problem. Thieves who steal information often gather it easily from unsuspecting victims who willingly give out personal information to the wrong person or those who give out the information unwillingly but didn’t have their information protected.

Identity theft might become an even bigger problem with the announcements that were made at the White House’s “Datapalooza” event. “Datapalooza” is an ambitious new agenda that has been outlined by President Obama to combat rising college costs and to make college more affordable for American families.  It was a meeting of policy leaders and innovators exploring how open government data could help the education system in the United States. Part of the plan includes using technology for tools, services, and apps to help students evaluate and select colleges.

Apps will be used to help students access information about colleges including statistical data, program data, and form data (i.e. FAFSA).  Third party apps are also being considered for integration into the U.S. Department of Education’s financial aid toolkits. These applications should be viewed skeptically by students.  If the apps do not have the proper protections and encryptions against hack attacks then hackers might have “datapalooza” with student’s personal information.  Identity theft is a real concern with the potential data that would need to be stored online to use the governments’ apps.

The White House announced at “Datapalooza” that Americans will now be able to download their tax returns directly from the IRS’ new service Get Transcript.  Tax information is not easily accessible and for good reason. Tax papers have very personal information on them including names, birthdates, social security numbers, and wage information.  To obtain tax information before one would have to fill out a questionnaire, send it back and wait 5-10 business days for physical forms to arrive. Get Transcript makes it much easier for people to download their tax information instead of waiting to get the physical forms. But it also means that much more personal information is at risk of being stolen.

--------

Legitimate debt collector or fraudulent data colletor?

Data collection scams and debt collection scams have risen dramatically in the last few years.  Mal-ware at point of sale terminals has been used to steal customer data. Emails that phish for information have been used to steal consumer information and fake debt collectors who threaten victims with lawsuits and arrests have used information gained to exploit consumers.

“Unscrupulous scams hurt consumers and unnecessarily impedes legitimate debt collection efforts,” said ACA International CEO Pat Morris. “The recovery of consumer debt is vitally important to our local, state, and national economies. Those who purposely violate the law to exploit consumers should be held fully accountable for their actions.”

Consumers need to protect personal data and they need to know the difference between a legitimate debt collector and a fake scam being conducted to steal personal information.

ACA International recommends several important items in discerning a legitimate attempt to recover a debt. The first item is that a debt collector may not contact a consumer at times known to be inconvenient. Generally, a legitimate debt collector may not contact a consumer before 8 a.m. or after 9 p.m. in the consumers’ time zone.

Another item is that a debt collector must disclose its identity to the consumer and notify the consumer that the communication is from a debt collector, and (in the initial communication) that any information obtained will be used to effect collection of the debt. Debt collectors are not allowed to make false representations and may not threaten to take action against a consumer if it doesn’t actually intend to seek such action. Consumers also need to be aware that they can dispute the validity of the debt and during the time the debt is being dispute the debt collector must cease collection activity until verification of the debt has been provided. More guidelines can be found at ACA International.

Consumers can protect their personal data by checking credit and debit cards vigilantly and reporting any charges that appear questionable, even small amounts. Consumers can also monitor their credit profiles along with their card activity and consumers need to keep in mind that phishing scams for information don’t just happen via email and the phone. Phishing scams can come through snail mail also.  Shred paper with personal information before throwing it away, make online passwords stronger by using a mix of capital and lowercase letters, symbols and numbers, and take great care when giving out credit or debit card numbers, Social Security numbers or other personal information online and offline.

--------

As Target breach grows, retailer embraces security options

Target’s data breach over the holiday season turned out to span far wider than the original numbers estimated.  The major retailer said the breach that happened between Nov. 27 and Dec. 15, 2013 compromised the financial information of approximately 40 million shoppers shortly after the breach occurred. Recently, the company informed consumers that it had uncovered an additional 70 million to 110 million customers who may have had their names, mailing addresses, phone numbers and email addresses stolen.

The data stolen from Target was originally thought to come from the terminals where customers swipe credit and debit cards. The retailer said originally that the only information affected was the information stored in the magnetic strips on the back of customers’ cards. The retailer learned shortly after that customers’ encrypted PIN data had also been obtained. The latest revelation by Target is raising more concerns because personal information isn’t stored on the magnetic strips on credit and debit cards.

Target’s data breach has severely impacted the company and will continue to as long as more information about the breach becomes known. The retailer has apologizes to customers for the broadening violations of customers’ private information.

“I know that it is frustrating for our guests to learn that this information was taken, and we are truly sorry they are having to endure this,” Gregg W. Steinhafel, Target’s chief executive, said in a statement to the New York Times.

Target is now offering free credit monitoring and identity theft protection to customer’s for one-year free.  The one-year offer includes a credit report, daily credit monitoring, identity theft resolution, identity theft insurance and ProtectMyID ExtendCARE, personalized assistance from a highly-trained Fraud Resolution Agent after the one-year period expires.

Target has listed tips for customers who wish to protect their information:

“Never share information with anyone over the phone, email or text, even if they claim to be someone you know or do business with. Instead, ask for a call-back number. Delete texts immediately from numbers or names you don’t recognize. Be wary of emails that ask for money or send you to suspicious websites. Don’t click links within emails you don’t recognize.”

A FAQ page has been set up on Target’s website to deal with information regarding the data breach and information related to other scams.

--------
Protect yourself with the best Home Security