Identity thieves know it.
I was honored to talk yesterday with Michael Maloof,
CEOCTO of TriGeo Network Security. He was flogging a recent report from the Identity Theft Resource Center indicating that health care suffered 26.3% of all commercial security breaches last year. That's second to retail's 40.5% but well ahead of any other economic sector.
Contrary to what you may suppose, they're not really after your health records. Unless you're famous or an Octomom, they don't care about the secret hangnail you suffered in fourth grade.
They just want your money.
With the records in any hospital or clinic, they can get it. "If they have your Social Security Number, your address and date of birth they can take your persona, pretend to be you," Maloof said.
They can get credit in your name and run up the bills. You may not be charged, because "fraud costs are built into the system," but merchants will be, and those costs will eventually find their way into the prices you pay.
Too many health systems have awful security, Maloof added. "I've seen institutions where every doctor uses the same ID – The Doctor. And the password is known. That's an easy access point for the hacker."
TriGeo offers an appliance that can sit behind your firewall, track user traffic, and detect problem patterns, even detect when someone is plugging in a USB thumb drive. This not only protects against outside criminals, but disgruntled insiders.
Most of the company's prospects are in the mid-market range, hospitals with anywhere from 250-1,000 employees. They may have an Information Technology team but they probably don't have a security expert on staff. At $20-40,000, then, TriGeo's software becomes that security employee.
Don't worry if you're smaller. "In early December we'll announce a virtual version of our appliance which brings the cost down further, and people will start using cloud based services. You'll get it from a service provider."
Just so long as you get something. And use it. If you're in the medical field you are a merchant, and you need a merchant's data security.