Health insurance credentials fetch high prices in the online black market

Share this article:
Health insurance credentials fetch high prices in the online black market
Health insurance credentials fetch high prices in the online black market

Here's to your health...your health insurance credentials, that is.

Information security service provider Dell SecureWorks has uncovered in a new report that buyers are dropping big bucks for health insurance documents that are being hawked on the internet underground with the goal of using them to commit fraud.

Dell SecureWorks Counter Threat Unit (CTU) senior security researcher Don Jackson has investigated underground market supply and demand for years, and beginning in May, he sought to update how buyers are spending their money in 2013.

Jackson discovered people are laying down top dollar for all-inclusive health insurance dossiers known as “Kitz,” or a little less money for the slimmed down version known as “Fullz.” Both packages contain sensitive health insurance information, including names, addresses, phone numbers, email addresses, Social Security numbers and bank account information, complete with account and routing numbers.

What separates the two, aside from the cost, is that “Kitz” contain physical documents, including driver's licenses, whereas “Fullz” contain only the electronic data.

Jackson learned through investigation that “Kitz” are fetching $1,200 to $1,300, with an added $100 to $500 thrown on top for rush orders and other fees. This is the package to purchase for people wishing to commit medical identity theft because eventually they need to show up in person, Jackson told SCMagazine.com on Tuesday.

“Fullz” typically go for $500, a significant increase from the $100 cost of the early to mid 2000s. “Kitz” prices through the years are harder to compare, Jackson said, because they were previously part of bigger packages designed to sneak illegals into the United States.

Jackson said the underground seller market is saturated with stolen financial information such as credit cards. So much so that sellers are earning as little as $1 per card number. That's why health insurance data has become so coveted, in addition to the high cost to receive certain treatments in the United States.

“Where we see [health insurance credentials] being used is for expensive services and surgeries,” said Jackson, explaining that dialysis and appendectomies, for example, are common procedures to obtain using stolen identities because they are less expensive and do not immediately set off any alarms.

Jackson said victims of this kind of identity theft often do not find out about it until a year or later.

Jackson said there are any number of reasons why people are buying this information, including having no coverage or having a criminal record, and added that hackers have begun targeting smaller healthcare organizations who may have limited data protection technology in place.

Common tools that should be used for to safeguard against attacks targeting health information include firewalls, encryption, log monitoring and vulnerability scanning, Jackson recommended. 

Share this article:

Sign up to our newsletters

More in News

Pentagon to triple its security workforce by 2016

Pentagon to triple its security workforce by 2016

Defense Secretary Chuck Hagel recently announced the recruitment efforts during a speech in Fort Meade, Md.

Tech manufacturer's online payment system breached

LaCie confirmed an unauthorized party used malware to access its online payment system for almost a year and could have stolen customer information.

The Heartbleed bug works, and could be a scapegoat for older breaches

The Heartbleed bug works, and could be a ...

Researchers proved the Heartbleed bug was real in a challenge issued by CloudFlare to prove private keys can be stolen, right around the time companies are claiming they were breached ...