A popular question that has popped up in the days following the announcement of a data breach at a collection agency that has exposed the personal and financial information of millions of individuals is, “why?” What’s in it for someone to try and steal information from a collection agency?
Hacked information, be it personal information like names and address, financial information like bank account numbers and credit and debit card numbers, or health information like records and test results, can be sold by hackers and used for a variety of purposes. Forged healthcare records can go for as much as $120 each, according to a recently released report. If the information that was stolen included access credentials to health insurance websites, new insurance cards can be created and sold, and those cards can be used for healthcare procedures, which are then billed to the victim’s account.
Personal health information is worth three times as much on the black market as personal identifiable information (PII), according to the report.
The most common attack method that healthcare companies have noted in the past year are malicious Microsoft Office documents, including spreadsheets with macro-enabled PowerShell delivery cradles.
Since so many companies in the credit and collection industry collect medical debts, the breach and subsequent reaction — investigations, lawsuits, news reports, and more — should be of grave concern. The number of attacks perpetrated by hackers is increasing and others will see news of this breach and attempt to copycat it at other agencies. Companies should never assume they are too small or too insignificant to be attacked.
The average cost of recovering from a data breach is $3.9 million and the average cost for each lost or stolen record is $148. Ask yourself if you can afford that.