PayPal

Hackers new target: Health Insurance data

August 18th, 2013

The work “health insurance” brings up images of medical bills to people’s mind, but for hackers it is a way to make dollars.

The packages of data on individual people, which include verified bank account numbers and credentials, Social Security numbers, and other personally identity information, are known in the underground as “fullz.”

When further packaged with custom manufactured documents, such as credit cards and driver’s licenses, the hacker merchandise is referred to as “kitz,” each of which sells for between $1,200 and $1,300 a piece.

Don Jackson, Senior Security Researcher for Dell SecureWorks’ Counter Threat Unit said “Selling fullz and kitz aren’t new, but the selling of kitz, which is focused on health insurance credentials and all the other supporting credentials and documents needed to use those stolen health insurance credentials, is a new trend. Selling credentials by themselves does not have enough value, as those other credentials are needed to obtain medical services.”

The fullz is sold at comparatively less price, about $500 each based on the information included – full names, addresses, phone numbers, email addresses with passwords, and so on. Health insurance credentials are priced $20 each, with an additional $20 added whenever there is a dental, vision, or chiropractic plan associated with the health plan. Other data such as U.S credit card with CVV code is priced at $1 to $2, or $20 to $200 for a PayPal account with a verified balance.

“The health insurance information is being used to get free medical services. Theft of medical services, including doctor visits, drugs, and surgeries, are the primary goal for buying these stolen credentials” said Jackson.

He further commented “We have seen the cost of health insurance and the cost of medical services continue to rise. As such, we have seen more demand for stolen health insurance data and the associated credentials needed to use the health insurance, such as physical documents like the insurance card, the driver’s license, the SSN, address, payment card, etc. There is definitely an increase in the buying and selling of information like health insurance contracts. So the selling of kitz with this type of information, like health insurance credentials, is on the rise, and that is a new trend.”

Jackson has not identified exactly who was behind the underground marketplaces hawking the data, but he is sure about the fact that the criminals are located in the U.S.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta