The 80 million-person Anthem Inc. data breach jeopardized the identities of more than 750,000 Pennsylvanians, including 51,867 Highmark customers notified by letter last week.

It also reminded the information security world that health records subject to strict privacy requirements are a rich target for hackers.

The value of personal financial and health records is two or three times [the value of financial information alone], because theres so many more opportunities for fraud, said David Dimond, chief technology officer of EMC Healthcare, a Massachusetts-based technology provider. Combine a Social Security number, birth date and some health history, and a thief can open credit accounts plus bill insurers or the government for fictitious medical care, he noted.

Hackers also can comb through clinical information, looking for material to blackmail wealthy or powerful patients, added John Christiansen, a Seattle-based health care technology attorney.

While Pittsburgh hasnt seen a massive breach of health information, technologists for area hospitals and insurers arent feeling smug as the data maze becomes more byzantine.

The data is in a lot of different places, said John Houston, UPMCs vice president of privacy and information security. Its very complicated.

Breaches up

Even before hackers took data held by Indianapolis-based Anthem including some referencing customers of other Blue Cross Blue Shield affiliates treated in Anthems territory health care data breaches involving 500 or more patients were trending up.

In 2011 and 2012, combined, there were 458 big breaches involving a total of 14.7 million people, according to the federal Department of Health and Human Services. In 2013 and 2014, there were 528 involving 19 million people. Around 10 percent of breaches stem from hacking, while around half are physical thefts of records or computers. The rest are inadvertent losses, unauthorized disclosures or improper disposals of health information.

In April 2014, a Highmark employee wrongly mailed out names, addresses, phone numbers, dates of birth, genders, medications and health information of 2,589 people. The root cause was failure of a human being to follow policy, and the solution was more training, Highmark chief privacy officer Lisa Martinelli said.

See the original post here:

Health care files a rich trove for identity thieves