A Third of US citizen’s health care information leaked in UnitedHealthcare hack

Healthcare data is the new gold for hackers on the dark web, where this type of information pays significantly better than other types of data, like credit card information, or passwords.

The UnitedHealthcare hack

The estimation of the hack is “maybe a third” of Americans having had their personal health information and personally identifiable information stolen, according to Andrew Witty, the CEO of UnitedHealth Group. To gain entry to the database, the hackers used compromised credentials without any type of multi-factor authentication.

While the data didn’t include complete medical histories or doctor’s charts, the full scope of the hack is still under investigation. It have caused significant concern due to the volume of sensitive information that has potentially been exposed.

Passwords and multi-factor authentication

Due to the fact that more and more websites and accounts require, or at least have the option to use 2FA (two factor authentication), mere passwords doesn’t really get you anywhere anymore. The same goes for credit cards, where more and more card companies have similar setups. In Sweden, e.g. almost all online transactions require you to verify your true identity with BankID.

Health care data

Health care data doesn’t really have any such safeguards.

Normally, your health care data sits in a huge database together with other people’s health care data. While there certainly are numerous safeguards provided by the host, we’ve come to realise from leaks all over the world that no data is safe. Anywhere.

Previously, this data was held in a physical folder in your local doctor’s office. Sure, a burglar could smash a window and grab all folders in the office and even publish all of your health care data in the local newspaper. While horrible for the people who got their data stolen, the reach is still quite small and thus the damage not enormous.

Digitalised and centralised health care data

Today, pretty much any hospital and doctor’s office can fetch your information from the centralised system to review your history, etc. This is great should one find oneself at the need of a doctor in a new place. It is also great for anyone interested in stealing health care information en masse.

We will most certainly see a lot more of hackers gaining access to official databases, like that of the health care, in the near future. Open source AI can already hack websites autonomously and as time passes the targets will become bigger and more advanced.

It might not be the best idea to keep valuable information such as health care data open to the masses and governments around the world might want to rethink the great digitalisation strategy with outsourced data centers and private contractors.

2024-05-06 11:15

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent notes