Health insurance credentials fetch high prices in the online black market

Share this article:
Health insurance credentials fetch high prices in the online black market
Health insurance credentials fetch high prices in the online black market

Here's to your health...your health insurance credentials, that is.

Information security service provider Dell SecureWorks has uncovered in a new report that buyers are dropping big bucks for health insurance documents that are being hawked on the internet underground with the goal of using them to commit fraud.

Dell SecureWorks Counter Threat Unit (CTU) senior security researcher Don Jackson has investigated underground market supply and demand for years, and beginning in May, he sought to update how buyers are spending their money in 2013.

Jackson discovered people are laying down top dollar for all-inclusive health insurance dossiers known as “Kitz,” or a little less money for the slimmed down version known as “Fullz.” Both packages contain sensitive health insurance information, including names, addresses, phone numbers, email addresses, Social Security numbers and bank account information, complete with account and routing numbers.

What separates the two, aside from the cost, is that “Kitz” contain physical documents, including driver's licenses, whereas “Fullz” contain only the electronic data.

Jackson learned through investigation that “Kitz” are fetching $1,200 to $1,300, with an added $100 to $500 thrown on top for rush orders and other fees. This is the package to purchase for people wishing to commit medical identity theft because eventually they need to show up in person, Jackson told SCMagazine.com on Tuesday.

“Fullz” typically go for $500, a significant increase from the $100 cost of the early to mid 2000s. “Kitz” prices through the years are harder to compare, Jackson said, because they were previously part of bigger packages designed to sneak illegals into the United States.

Jackson said the underground seller market is saturated with stolen financial information such as credit cards. So much so that sellers are earning as little as $1 per card number. That's why health insurance data has become so coveted, in addition to the high cost to receive certain treatments in the United States.

“Where we see [health insurance credentials] being used is for expensive services and surgeries,” said Jackson, explaining that dialysis and appendectomies, for example, are common procedures to obtain using stolen identities because they are less expensive and do not immediately set off any alarms.

Jackson said victims of this kind of identity theft often do not find out about it until a year or later.

Jackson said there are any number of reasons why people are buying this information, including having no coverage or having a criminal record, and added that hackers have begun targeting smaller healthcare organizations who may have limited data protection technology in place.

Common tools that should be used for to safeguard against attacks targeting health information include firewalls, encryption, log monitoring and vulnerability scanning, Jackson recommended. 

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Beazley: employee errors root of most data breaches, but malware incidents cost ...

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple issues seven updates, fixes more than 40 ...

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.