Welcome to the Nexus of Ethics, Psychology, Morality, Philosophy and Health Care

Welcome to the nexus of ethics, psychology, morality, technology, health care, and philosophy
Showing posts with label Identity Theft. Show all posts
Showing posts with label Identity Theft. Show all posts

Wednesday, March 2, 2022

Despite Decades of Hacking Attacks, Companies Leave Vast Amounts of Sensitive Data Unprotected

Cezary Podkul
ProPublica
Originally published 25 JAN 22

Here is an excerpt:

Americans rarely get a glimpse of hackers, much less what their work entails. They might be surprised to learn how little experience is needed. People often think hackers are highly sophisticated, Troy Hunt, creator of data breach tracking website Have I Been Pwned, told ProPublica. But in reality, there’s so much unsecured data online that most of the 11.7 billion email addresses and usernames in Hunt’s collection come from young adults who watch a few instructional videos and figure out how to grab them for malicious purposes. “It’s coming from kids with internet access and the ability to run a Google search and watch YouTube videos,” Hunt said in a 2019 talk about how hackers gain access to data.

Hiếu was once one of those teenagers. He grew up in a Vietnamese fishing town where his parents ran an electronics store. His dad got him a computer at age 12 and, like many adolescents, Hiếu was hooked.

His online pursuits quickly took a wrong turn. First, he started stealing dial-up account logins so he could surf the web for free. Then he learned how to deface websites and abscond with data left exposed on them. In high school, he joined forces with a friend who helped him pilfer credit card data from online stores and make up to $500 a day reselling it.

Eventually fellow hackers told him the real money was in aggregating and reselling Americans’ identities. Unlike credit cards, which banks can cancel instantly, stolen identities can be reused for various fraudulent purposes.

Beginning around 2010, Hiếu went looking for ways to get detailed profiles of Americans. It didn’t take long to find a source: MicroBilt, a Georgia-based consumer credit reporting firm, had a vulnerability on its website that allowed Hiếu to identify and take over user accounts. Hiếu said he used the credentials to start querying MicroBuilt’s database. He sold access to the search results on his online data store, called Superget.info.

MicroBilt spotted the vulnerability and kicked Hiếu out, setting off a monthslong standoff during which, Hiếu said, he exploited several vulnerabilities in the company’s systems to keep his store going. MicroBilt did not respond to requests seeking comment.

Tired of the back and forth, Hiếu went looking for another source. He found his way into a company called Court Ventures, which resold aggregated personally identifiable information on Americans. Hiếu used forged documents to pretend he was a private investigator from Singapore with a legitimate use for the data. He called himself Jason Low and provided a fake Yahoo email address. Soon, he was in.

Monday, April 7, 2014

Nearly half of identity thefts involve medical data

By Adam Levin
Credit.com
Posted on Market Watch March 18, 2014

Here are two excerpts:

“Despite concerns about employee negligence and the use of insecure mobile devices, 88 percent of organizations permit employees and medical staff to use their own mobile devices such as smartphones or tablets to connect to their organization’s networks or enterprise systems such as email. Similar to last year more than half of (these) organizations are not confident that the personally-owned mobile devices or BYOD are secure.”

According to the report, very few organizations require their employees to install anti-virus/anti-malware software on their smartphones or tablets, scan them for viruses and malware, or scan and remove all mobile apps that present a security threat before allowing them to be connected their networks or systems.

(cut)

Medical identity theft is on the rise, just as the rise in criminal breaches of health care providers is spiking. Medical identity theft accounted for 43% of all identity theft reported in 2013, and the U.S. Department of Health and Human Services estimates that somewhere between 27.8 and 67.7 million people’s medical records have been breached since 2009 (and that’s before the flawed rollout of the Affordable Care Act).

The entire article is here.

Sunday, April 8, 2012

The raid on your medical records

By Karen Angel
New York Daily News-Opinion
Originally Published April 1, 2012

After I got laid off from my job last November, I started shopping for health insurance and a funny thing happened: BlueCross BlueShield emailed me someone else’s application.

The only similarity between me and this other applicant was that we’re both named Karen. I live in New York; she lives in Virginia. We have different last names, different Social Security numbers, different health histories. I know this because all of it was contained in the application BlueCross emailed to me — and under federal law, all of it is supposed to be confidential.

By emailing me the other Karen’s health-insurance application, BlueCross violated the Health Insurance Portability and Accountability Act. An angry consumer could find plenty of grounds — breach of confidentiality, negligence — to sue.

The entire story is here.