Health care the new playground for identity thieves

Health care the new playground for identity thieves

Summary: If you're in the medical field you are a merchant, and you need a merchant's data security.


Everyone knows that retail data is at risk. But health care data is just as big a problem.

Identity thieves know it.

I was honored to talk yesterday with Michael Maloof, CEOCTO of TriGeo Network Security. He was flogging a recent report from the Identity Theft Resource Center indicating that health care suffered 26.3% of all commercial security breaches last year. That's second to retail's 40.5% but well ahead of any other economic sector.

Contrary to what you may suppose, they're not really after your health records. Unless you're famous or an Octomom, they don't care about the secret hangnail you suffered in fourth grade.

They just want your money.

With the records in any hospital or clinic, they can get it. "If they have your Social Security Number, your address and date of birth they can take your persona, pretend to be you," Maloof said.

They can get credit in your name and run up the bills. You may not be charged, because "fraud costs are built into the system," but merchants will be, and those costs will eventually find their way into the prices you pay.

Too many health systems have awful security, Maloof added. "I've seen institutions where every doctor uses the same ID – The Doctor. And the password is known. That's an easy access point for the hacker."

TriGeo offers an appliance that can sit behind your firewall, track user traffic, and detect problem patterns, even detect when someone is plugging in a USB thumb drive. This not only protects against outside criminals, but disgruntled insiders.

Most of the company's prospects are in the mid-market range, hospitals with anywhere from 250-1,000 employees. They may have an Information Technology team but they probably don't have a security expert on staff. At $20-40,000, then, TriGeo's software becomes that security employee.

Don't worry if you're smaller. "In early December we'll announce a virtual version of our appliance which brings the cost down further, and people will start using cloud based services. You'll get it from a service provider."

Just so long as you get something. And use it. If you're in the medical field you are a merchant, and you need a merchant's data security.

Topics: Legal, CXO, Health, IT Employment

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • How about all the "peripheral entities"?

    Nice intro. But a HUGE problem with healthcare is all the "peripheral entities". Healthcare providers--particularly physicians and similar providers--are often primarily concerned with getting services cheap. They'll "farm out" pretty much anything to the lowest bidder. LOADS of the work is by "a relative of a friend". Plus, healthcare providers pay bottom dollar for secretarial/clerical help and there is no chance of meaningful advancement, so they have high turnover and poor employee morale.
    • RE: Health care the new playground for identity thieves

      @Rick_R That's why it's important for companies like this to turn this into services that can be delivered automatically. Security should be a service for anyone seeking to become a health ISP under the NHIN.