Why Hackers Like Targeting the Terminally Ill

Larry Whiteside, Veteran CISO and Cybersecurity Thought Leader
Share this post

Having a terminally ill family member is a heart wrenching experience. Families put their lives on hold to make a loved one’s last months, weeks and days as comfortable as possible. Compassionate employers, schools, neighbors and friends understand obligations won’t be met when families are focused on more pressing matters.

Unfortunately, hackers and cybercriminals are also aware of your family member’s end of life condition and brazenly exploit this knowledge, according to Larry Whiteside Jr., Chief Information Security Officer for Greenway Health.

Medical records contain a treasure trove of protected health information (PHI), indicating a patient’s condition, diagnosis, medications, and treatment plans. When those records are stolen and put up for sale on the Dark Web, fraudsters pounce. If a doctor recommends hospice care and prescribes morphine after other prescriptions have expired, it’s a clear sign that a patient is nearing end of life.

“If I know you’re dying or are terminally ill, I know you’re probably not watching your credit,” says Whiteside.

It’s extremely unlikely a terminally ill patient in Boston, even when surrounded by a caring family managing the patient’s finances, will notice someone applying for a boat loan in San Diego. When the fraud is eventually discovered, the family could be on the hook for tens of thousands of dollars in fraudulent purchases.

Credit Fraud and the Terminally Ill

The problem, as Whiteside sees it, is the fact that consumers have relinquished all responsibility for their PHI to their healthcare providers. If they never review their medical records, they’ll never notice anomalies like a change in their drug history or date of birth.

Stolen PHI also enables health care fraud. Whiteside notes this highly-specialized crime is a multi-billion dollar industry. The National Health Care Anti-Fraud Association (NHCAA) confirms, setting financial losses estimates in the tens of billions of dollars per year. The exact number is impossible to ascertain as health care fraud often goes undetected and therefore unreported.

“Not everyone has health insurance. If an uninsured person needs major surgery and can steal someone else’s insurance information to pay for it, they can become the proud owner of a free medical procedure. How would you like to get a bill for a 20% deductible for a procedure you didn’t have?”

It’s no wonder the value of health records on the Dark Web continues to command top dollar.


Share this post

Keep Reading about CISO Perspectives

Futurecon - Dallas

CISOs Enable Business Growth With This Strategy

by Laureen Smith
Share this postCan you blame the CISO who wants to quash any tool, system, or process that invites risk into the organization? CISOs face embarrassing data breaches and unceremonious terminations when employees connect unauthorized devices...