If you are a federal employee or retiree, you may have opted for the Federal Employee Blue Cross for your health care.  Depending upon where you resided, the coverage could be provided by any number of Blue Cross entities, two of which have fallen victim to an advanced computer infiltration and hacking attack – Anthem and Premera.  Between the two, approximately 90 million insured have had their personal identifying information stolen, many of those will be current, former or future federal employees. Think of the magnitude and nationwide impact – the information stolen in both of these breaches affects over 25 percent of the US population (currently 320,500,000).

Monetization of your health record data

There is no denying the black market value of the medical and personal identifying information which may have been placed at risk as a result of these data breaches. Included in a report by Price Waterhouse Coopers on managing cyber risk, was a snippet from research conducted in 2013 by Dell Secureworks which noted, “A complete identity-theft kit containing comprehensive health insurance credentials can be worth hundreds of dollars or even $1,000 each on the black market, and health insurance credentials alone can fetch $20 each; stolen payment cards, by comparison, typically are sold for $1 each.”  Doing the simple math, 90 million identities at just $100 each adds up to real money for the cyber criminal.

Your health record for medical identity theft

The complete identity often times found in medical records carry this high valuation by criminal elements largely due to the overall accuracy of the data. While the medical diagnosis and treatments may have value to a criminal looking to engage in a bit of medical identity theft and fraud, the accuracy of the diagnosis and treatment is largely immaterial. It’s access to the health benefit and prescription which has value for the medical identity thief.

Your health record for financial identity theft

That same medical file will also contain your personal identifying information. In the United States, the crown jewel is the individual’s Social Security Number (SSN), coupled with current address, phone numbers, insurance, alternative insurance, and credit card data used for the co-pay, it becomes clear why the health care providers are prime targets. The well-organized criminals conducting data breaches will immediately monetize this information directly, perhaps with a well orchestrated phishing campaign to fill out any gaps in your identity, or simply taking the name, address and SSN and file a bogus tax return. This happens with such frequency the Internal Revenue Service has a page specific to this issue, “Data Breach: Tax-Related Tax Information for Taxpayers,” which provides guidance on what to do if you’re a victim of identity theft which resulted in a false tax return being filed.

Your health record to augment a nation state targeting profile

And while every individual will have to address the above, those of you who are, have been or may be a federal employee, will also have to consider the breadth of data which is now potentially in the hands of an adversarial nation state due to these data breaches. Network World in their piece, “Premera, Anthem breaches probably espionage, expert says”, make a cogent argument that while the aforementioned criminal activity is a reality, the indications are that these breaches were carried out by related, if not the same, groups. The date of discovery, January 29, is the same for both entities (this could also be the date that an external entity informed Anthem and Premera that they had been breached); the tools used by the hackers are similar and the apparent attribution to China are all red flags. In the Network World piece, they also note these tools were the same used in the penetration of the U.S. Office of Personnel Management (the entity which conducts background checks on US government and military personnel with security clearances).

From a hostile intelligence officer’s perspective, having the medical and billing file from a health care provider about a prospective target allows for the shaping of an approach by leveraging perceived vulnerabilities.

What to do?

If you enjoy the pleasure of having a US government security clearance, and are an individual affected by these breaches you must be ultra-alert. While both Premera and Anthem are offering two years of credit monitoring protection – it is a bit like offering to close the barn door after the cows have left. Adopt the policy of do not click on any email received; do not respond to any telephone calls received which are connected to your health insurance, or associated payment mechanisms used with Anthem or Premera. Know that your sensitive medical and personal data may be in the hands of a foreign intelligence service, and act accordingly. If you are traveling abroad, adhere to the NISPOM procedures on foreign travel. Be hypersensitive to any engagement where our intralocutor has apparent foreknowledge which only someone with access to your medical data would have. Monitor your financials, inspect closely your “explanation of benefits” for extraneous usage. Report all anomalous encounters or activity associated with your personal identity to your facility security officer.

Related News

Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher, served 30+ years within the Central Intelligence Agency. He lived and worked in South Asia, Southeast Asia, the Middle East, Central Europe, and Latin America. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008).