GO
Loading...

Cybercriminals’ new target? Your medical records

Could your identity be stolen at your next doctor's appointment? About 30 million Americans have had their personal health information breached or inadvertently disclosed since 2009, according to cybersecurity company Redspin. And that's just the number of breaches reported to the U.S. secretary of Health and Human Services.

Cyberthieves aren't interested in medical conditions and prescriptions. Instead, they target billing and insurance records, which house valuable data including Social Security numbers, addresses and credit card info—all in one place.

According to a study released this month by the Ponemon Institute, cybercriminal attacks on health-care organizations, like hospitals and clinics, are up 100 percent during the past three years.

The institute's first study of patient privacy and data security in 2010 found 20 percent of those surveyed had experienced a breach. In 2013, 40 percent had experienced a breach, according to the institute, a research center on information security policy.

"A financial identity can be worth $5 to $10 if you have all the info. A medical identity can be five to 10 times that amount just because how easy it is to monetize that information once that bad guys get it," said Robert Gregg, chief executive of ID Experts, a cybersecurity firm that sponsored the Ponemon Institute survey.

Read MoreMedical identity theft could cost you your life

Mobile device risks

Ariel Skelley | Blend Images | Getty Images

More medical professionals also are accessing medical data through mobile devices, which poses other security risks.

Forty percent of those surveyed by the Ponemon Institute said they rely heavily on the cloud for services such as backup, storage and file sharing. Yet, only one-third are confident or very confident that their cloud is secure.

"Health care is substantially behind the financial services industry in terms of protecting identities and it's particularly concerning because these are the most vulnerable identities we're looking at," said Gregg of ID Experts.

Read MoreHealth-care system's $5.6 billion security problem

Protecting your medical records

If you're worried about your medical data getting breached, here are some red flags to look out for. The following are signs your identity may have been compromised, according to Federal Trade Commission:

  • Bill for medical services you didn't receive
  • Call from a debt collector about a medical debt you don't owe
  • Medical collection notices on your credit report that you don't recognize
  • Notice from your health plan saying you reached your benefit limit
  • Denial of insurance because your medical records show a condition you don't have

If you notice these or any other suspicious signs, contact your health insurance provider for your medical records. After careful review, report any errors to your insurance company. You should also report the fraud to the three credit reporting agencies, Equifax, Experian and TransUnion.

Read MoreHow to protect yourself when filing taxes online

For more CNBC coverage of cybersecurity, visit HackingAmerica.cnbc.com.

Investigations Inc.: Cyber Espionage

  • When a person enters information on a website, like an email or credit card, it gets stored in that company’s data base. Those web-based forms are a simple tool for users, but they are also another way hackers can exploit a company’s system. Instead of inputting a name into the website, cyber spies can put in a specially crafted text that may cause the database to execute the code instead of simply storing it, Alperovitch said. The result is a “malicious takeover of the system,” he said.

    By attacking business computer networks, hackers are accessing company secrets and confidential strategies and creating huge losses for the overall economy.

  • China is working feverishly to counteract its slowest GDP growth in recent years, and one of the ways it’s doing so, say U.S. officials, is through the theft of American corporate secrets.

  • US businesses are enduring an unprecedented onslaught of cyber invasions from foreign governments, organized crime syndicates, and hacker collectives, all seeking to steal information and disrupt services, cybersecurity experts say.

Technology

Technology Explained