Report: Threat Landscape Growing Scarier for HealthcareHealth-ISAC Warns of Cybercrimes Involving Synthetic Accounts, 'Product Abuse'
Threats that traditionally menaced other industries - including synthetic accounts and abuse of IT product platforms - are among the top emerging worries for the healthcare sector, warns an industry report.
Synthetic accounts, which have been long used by cybercriminals to fraudulently obtain loans and credit lines, are now increasingly being used for committing healthcare fraud and other crimes, says the report, a collaboration between analysts at the Health Information Sharing and Analysis Center and consulting firm Booz Allen Hamilton.
"I saw plenty of this in the banking and finance sector, and it certainly happens in the healthcare sector with the creation of fake medical providers and fake businesses that bill insurers and the government for services never delivered," Errol Weiss, Health-ISAC chief security officer, told Information Security Media Group.
"What's new here is the abundance of stolen PII in criminal forums plus the commodity use of artificial intelligence tools that fuel the creation of massive numbers of synthetic IDs."
The full report was released last month for H-ISAC members, but the organization released an executive summary for the public this week.
In terms of "product abuse" threats, healthcare organizations with internet-facing websites "are easy targets for actors that employ compromised user credentials, proxy networks, and customizable crimeware to carry out account takeovers, or unauthorized access" to systems such as health record systems, the report says.
"Despite efforts to secure healthcare organization environments and implement improved controls, threat actors are extremely adaptable and recognize that information they can steal can be used in more ways than one to generate monetary gain."
Other experts are also predicting a similar evolution among cybercriminal activities affecting the healthcare sector.
"Threat actors - other than those who are politically motivated - will certainly continue to do whatever they think will make them money in the easiest way possible," said attorney Erik Weinick, co-founder of law firm Otterbourg P.C.'s privacy and cybersecurity practice and a member of the U.S Secret Service's Cyber Fraud Task Force Steering Committee.
"Since organizations are much less likely to pay ransomware demands than in the past, we can fully expect to see a shift to a greater number of smaller thefts, such as through billing fraud - such as redirecting reimbursement checks or insurance payments or fraudulently obtaining prescription medications that are then resold," he said.
Exploits that allow for product abuse are also concerning for a number of reasons, Weinick said.
Anytime healthcare systems are compromised, there is a risk of disruption to patient care, according to Weinick. But these types of compromises can result in direct monetary losses for providers, insurers, the government and patients alike through redirection of payment instructions, he said.
Information exfiltrated from patient files can be used for identity fraud, Weinick said. And, he added, "important intellectual property and other monetizable information can be exfiltrated from healthcare systems."