
Medical-data blackmail has been a niche crime, largely because of the difficulty and risk involved. Spam and online bank fraud are easier ways for fraudsters to make money. Earlier cases, though, underscore the value to a criminal of medical data.
One case involved Express Scripts, the large prescription-drug benefits manager that received a threat in 2008. Someone sent the St. Louis-based company personal information on about 75 of its members, including Social Security numbers and prescription records, and demanded an unspecified sum. The company refused to pay, and eventually notified 700,000 customers that their information could have been exposed. And in 2004, health care facilities came under fire for outsourcing their transcription chores when several California hospitals were blackmailed by their own workers in India and Pakistan.
As reported earlier by Jordan Robertson, the spiraling cost of health care and lack of insurance for millions of people have made medical identity theft a growing problem. Security and privacy risks are also emerging with the creation of “health information exchanges,” which are vast databases that states are setting up to handle all the electronic medical records. It’s unclear whether the Illinois surgical center’s records were backed up or have been recovered. The organization declined to comment.
“This is a warning bell,” says Santa Clara University's Glancy. “Maybe they’re the canary in the coal mine that unpredictable things can happen to data once it’s digitized.”
Cross-posted from: Tech Blog