This was not from a healthcare company, but rather a life insurance company in Texas.  The fact of the matter here is that there’s enough in there for thieves to make a sale, and another and another.  The story mentions the TOR browser and if you don’t know what it is,image it’s a fork of Firefox that allows form anonymous browsing and actually the only way the Evolution Market can be browsed.  Tor is a legal browser and government agencies, reporters, etc. all use it and it’s just like anything else out there used for the good or the bad. 

What’s interesting here is the terminology the author tells us about as this is something new for me to be reading about.  So now if you hear the word “fullz” you know the street slang here means it’s a load file of all kinds of personal and financial records.  All purchases are done via bitcoin which is kind of bad as it give bitcoin a bit of a bad association.  You can read the article below and see the more you buy, the better the price break too. 

By the time this information was related the government had just begun working on the problem.  The dates on the postings and files seemed to indicate the records had been on sale for around 3 months.  One of the victims now is also complaining about the numerous calls she’s now getting over and over about the theft and saying the notification calls are a bit over done too.   As Dr. Halamka at Harvard recently said, it’s become a war keeping patient medical records secure from hackers. 

It’s Become A war To Keep Patient Medical Records Secure And Out of the Hands of Hackers, Data Selling Epidemic in the US Fuels This Fire…

One of the comments in this article too was very astute in asking “I tend to wonder how many “legitimate” companies are buying these data.”  That comes right back around to the need to license all data sellers in the US.  Let’s revisit the Game Data Dealer here just for the heck of it..they do a good job with dramatics to get your attention.  BD  

Two Data Brokers Get Fined by the FTC For Non Compliance, One Gets Most All Of The Million Dollar Fine Reduced as They Could Not Afford To Pay By the Court, But If You Are A Consumer With Medical Bills You Go To Bankruptcy Court..


How much are your medical records worth in the cybercrime underground? This week, KrebsOnSecurity discovered medical records being sold in bulk for as little as $6.40 apiece. The digital documents, several of which were obtained by sources working with this publication, were apparently stolen from a Texas-based life insurance company that now says it is working with federal authorities on an investigation into a possible data breach.

Purloined medical records are among the many illicit goods for sale on the Evolution Market, a black market bazaar that traffics mostly in narcotics and fraud-related goods — including plenty of stolen financial data. Evolution cannot be reached from the regularimage Internet. Rather, visitors can only browse the site using Tor, software that helps users disguise their identity by bouncing their traffic between different servers, and by encrypting that traffic at every hop along the way.

Last week, a reader alerted this author to a merchant on Evolution Market nicknamed “ImperialRussia” who was advertising medical records for sale. ImperialRussia was hawking his goods as “fullz” — street slang for a package of all the personal and financial records that thieves would need to fraudulently open up new lines of credit in a person’s name.

Each document for sale by this seller includes the would-be identity theft victim’s name, their medical history, address, phone and driver license number, Social Security number, date of birth, bank name, routing number and checking/savings account number. Customers can purchase the records using the digital currency Bitcoin.

A set of five fullz retails for $40 ($8 per record). Buy 20 fullz and the price drops to $7 per record. Purchase 50 or more fullz, and the per record cost falls to just $6.40 — roughly the price of a value meal at a fast food restaurant. Incidentally, even at $8 per record, that’s cheaper than the price most stolen credit cards fetch on the underground markets.

“Live and Exclusive database of US FULLZ from an insurance company, particularly from NorthWestern region of U.S.,” ImperialRussia’s ad on Evolution enthuses. The pitch continues:

“Most of the fullz come with EXTRA FREEBIES inside as additional policyholders. All of the information is accurate and confirmed. Clients are from an insurance company database with GOOD to EXCELLENT credit score! I, myself was able to apply for credit cards valued from $2,000 – $10,000 with my fullz. Info can be used to apply for loans, credit cards, lines of credit, bank withdrawal, assume identity, account takeover.”

Sure enough, the source who alerted me to this listing had obtained numerous fullz from this seller. All of them contained the personal and financial information on people in the Northwest United States (mostly in Washington state) who’d applied for life insurance through American Income Life, an insurance firm based in Waco, Texas.

American Income Life referred all calls to the company’s parent firm — Torchmark Corp., an insurance holding company in McKinney, Texas. This publication shared with Torchmark the records obtained from Imperial Russia. In response, Michael Majors, vice president of investor relations at Torchmark, said that the FBI and Secret Service were assisting the company in an ongoing investigation, and that Torchmark expected to begin the process of notifying affected consumers this week.

More than 1.8 million people were victims of medical ID theft in 2013, according to a report from the Ponemon Institute, an independent research group. I suspect that many of these folks had their medical records stolen and used to open new lines of credit in their names, or to conduct tax refund fraud with the Internal Revenue Service (IRS).

http://krebsonsecurity.com/2014/09/medical-records-for-sale-in-underground-stolen-from-texas-life-insurance-firm/

0 comments :

Post a Comment

 
Top
Google Analytics Alternative