Courtesy of Fox News and the Financial Times
A string of cyberattacks sent shockwaves through the health care industry in 2015, exposing sensitive data of millions of Americans and serving up the chilling reminder that providers need to step up their security game.
Hackers accessed more than 100 million health records in 2015, according to data from the Department of Health and Human Services.
Eight of the 10 largest health care provider hacks also took place this year, HHS confirmed to FoxNews.com Wednesday.
The figures were initially reported by Financial Times and other outlets. The biggest breach of the year surrounded Anthem, where a staggering 78.8 million customers had their personal information compromised in March.
That same month, 11 million Premera Blue Cross customers were hit when hackers gained access to their personal information, which included bank accounts, clinical data and Social Security numbers, the company said.
Excellus Health Plan revealed in August that a nearly two-year-old attack on its network left 10 million of its customers at risk.
Though 2015 is on record as the year of the biggest health care breaches – 55 recorded ones and counting – there may be even more bad news on the way for health care providers.
Companies are required by privacy laws to protect personal data. A violation could land them in hot water with state insurance regulators and attorneys general.
“For a lot of them it is often less of a priority than it should be,” Deven McGraw, director for health information privacy at the HHS’s Office of Civil Rights, told Financial Times. “We’re seeing some pretty consistent areas of non-compliance across the board.”
This year, the cyber threat evolved with the emergence of hack attacks that investigators say can be traced back to China.
“We know of multiple threat groups operating out of China that have engaged in attacks in the health care industry,” Charles Carmakal, an investigator with Mandiant, a cybersecurity company, told Financial Times.
Mandiant counts Anthem and Premera among its clients.
“While we believe we know from an organizational perspective who they are, we can’t tell who tasked them to do it,” Carmakal said. “The big question is: are they hackers for hire and were they asked by the Chinese government to do this?”
The Chinese government has denied it is behind the attacks.
By Catherine Herridge, Matthew Dean
Published September 16, 2015
Courtesy of FoxNews.com
A private industry IT security firm tells Fox News that personal data stolen over the span of several high-profile U.S. cyber breaches is being indexed by China's intelligence service into a massive Facebook-like network.
According to CrowdStrike founder Dmitri Alperovitch, Chinese hackers are using information gained from the breaches of the U.S. Office of Personnel Management, as well as intrusions into the Anthem and CareFirst BlueCross BlueShield health insurance networks, to build a complete profile of federal employees in what the company calls a "Facebook of Everything."
"That can now be used to embarrass you publicly and force you to work for the Chinese government," Alperovitch told Fox News. "It's, in effect, a private version of Facebook with much more detail about your life than even Facebook has that the Chinese now have access to." Current and former intelligence officials echoed the assessment.
As Fox News has reported, the most sensitive information stolen in the OPM breach was lifted from what is known as the Standard Form 86, or SF-86. The 127-page security clearance application is essentially a road map to your life. It contains highly detailed information on everything from where an applicant lived and worked, to personal references, family members, friends and associates, as well as drug history and intimate health information.
What's startling is the fact that virtually all government employees and contractors who hold the top echelon of U.S. security clearances were impacted by the OPM breach, even the Director of the FBI. James Comey joked at an intelligence and national security summit last week that had his SF-86 been stored in a strongly encrypted database "maybe someone wouldn't be reading it today."
According to a law enforcement source close to the OPM investigation, the scope of the data stolen in the breach makes this a "generational problem." Fox News is told that the big worry among those in the Intelligence Community is the possibility that applicants’ associates, friends and family will be impacted. Of particular concern, according to this source, is the likelihood that information on applicants’ children could be leveraged against them down the road.
Specifically, cybersecurity experts warn that this stolen information may be used for blackmailing and targeting of applicants’ children.
“To try to get them to reveal some information about their parent’s work and use that, eventually, for espionage activities,” Alperovitch explained to Fox News. “Information that has been collected about them may be used decades later.”
There is much concern among victims over the government’s response to the cyberattack, which left sensitive information on some 21.5 million individuals compromised. An intelligence source close to the OPM investigation tells Fox News that this is not an issue that can be fixed with merely a few years of credit monitoring – referring to the government’s current program that offers victims and their dependents credit and identity theft monitoring services free of charge.
While refusing to delve too far into specifics, Pentagon press secretary Peter Cook on Tuesday acknowledged the severity of the lingering vulnerabilities associated with the breach and offered assurances that the government is working vigorously to mend the damage.
“This is going to be a wide-ranging effort on the part of the federal government to try and address this," Cook told reporters at a press briefing.
Fox News’ Lucas Tomlinson contributed to this report
Matthew Dean (@MattFirewall) is Fox News' Department of Justice & Federal Law Enforcement producer. He is also the co-host of FoxBusiness.com's Firewall.
Column by ADAM LEVIN (@adam_k_levin)
Identity theft was the number one consumer complaint at the Federal Trade Commission last year. So far in 2015, the data breach problem that drives so many identity-related crimes has gotten worse. The massive compromises at Anthem and Premera alone put a combined 91 million records in harm’s way.
With more information “out there” than we can possibly know, identity theft has become the third certainty in life, right behind death and taxes. And because so many major compromises include Social Security numbers — the skeleton key to not only your financial life, but also your health care and many other aspects of daily life—the damage can be life-changing.
The bottom line: Be afraid, be very afraid.
According to IBM, more than one billion records containing personally identifiable information were leaked in 2014 alone. An identity thief only needs a few data points like the kind found in many data breaches to tap into your financial life.
Science Magazine reported that “anonymized meta data sets” containing product purchase information were re-identified with the people who made the purchases by looking at Instagram posts and tweets that matched the purchases.
You can do everything right and still get “got.” The fraudsters out there mining the veins of personal data for financial gain are good at what they do. However, if you assume you are going to get got and take some proactive steps – including monitoring your bank and credit accounts regularly for signs of fraud – in many cases you can have a head start when it actually happens. (Keeping a tight rein on your social media posts and making them private can also help give fraudsters less access to you.)
With more than 2.32 million victims thus far — 500,000 last year alone — medical identity theft is a crime on the rise. It can cause medical histories to get changed, and benefits fraudulently used by others can bar a victim from getting medical treatments – making it a dangerous crime.
Your best bet is to check every statement that comes in, and make sure the treatments listed on your Explanation of Benefits summaries sent out by your insurer match the care you’ve received.
Early in the 2015, Intuit, the company behind TurboTax, had to shut down e-filing in several states after the company noticed an uptick in what appeared to be fraudulent tax returns.
Tax-related identity theft is a big-money crime, and the statistics prove it. The IRS stopped 19 million suspicious tax returns last year, and stopped more than $63 billion in fraudulent refunds. A whopping $5.8 billion in tax refunds were paid out to fraudsters. In 2012, the Treasury Inspector General for Tax Administration projected that fraudsters would net $26 billion into 2017.
For now, your best defense is to file your taxes as early as possible to avoid falling victim to tax-related fraud.
It’s long been known that children in the foster care system were more likely to become the target of identity-related crimes. This was due to the fact that when children move in with a new foster family, their personally identifiable information moves with them.
A less well known fact is that more than 30 percent of identity theft victims are scammed by family and close friends of the family. The key in these crimes is of course access to the necessary data. No one knows this better than Axton Betz-Hamilton, whose mother defrauded the entire family — father, grandfather and herself — for almost 20 years.
There are services available that protect a child’s credit. It’s also a very nice graduation present to check your child’s credit, and make sure there isn’t a history there.
While it is impossible to avoid some of the fallout from identity theft after it’s detected, it’s not possible to prevent these crimes. If you detect fraud early, it can be contained. And if you follow the three Ms of identity theft management (note that I didn’t say prevention), you can at least have a little piece of mind during this historic crime spree. Minimize, Monitor and Manage. Check your bank and credit card statements every day online to look for fraudulent transactions. You can sign up for free transactional monitoring alerts from banks, credit unions and credit card companies to help in this. Check your credit reports regularly – you can get them for free annually on AnnualCreditReport.com, and you can get a free credit report summary every month on Credit.com – to look for unauthorized accounts or changes in existing account balances. File your taxes early, and keep an eagle eye on your medical insurance benefits. Report any suspicious activity immediately to the respective institution so that you can try to minimize the damage.
Make yourself a harder target and know what to do when you become one anyway.
Any opinions expressed in this column are solely those of the author.
Adam Levin is chairman and co-founder of Credit.com and Identity Theft 911 (FreedomID's Services Provider Partner). His experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit.
21.5 Million OPM Breach Victims May Already Have Access to Long-Term Identity Management Services
FinWell Group is proud to partner with IDT911 to provide proactive and reactive identity management services to FreedomID Members.
SCOTTSDALE, Ariz. July 10, 2015 — Following breaking news confirming 21.5 million Office of Personnel Management breach victims had their social security numbers exposed, IDT911™ and FreedomID announce that those impacted have additional options when it comes to identity management and identity theft resolution. Free short-term relief provided by institutions experiencing a breach are beneficial, but can’t compare with the robust, long-term proactive identity management and identity theft resolution service offered by financial institutions, insurance companies, and employers, like FreedomID. As the number of breach victims continue to grow and as breaches become the third certainty in life, consumers can feel empowered about proactively managing their identities with the help of these services they likely don’t even know they have access to.
FreedomID is proud to be an IDT911 partner offering Identity Theft Protection Services to members and their families, etc. Members receive comprehensive fraud resolution services, expense reimbursement coverage and 24/7 access to fraud resolution experts.
Members impacted by any breach should reach out by phone 877-432-2743. Most importantly, the services are provided proactively, meaning consumers need not experience a crisis moment to actively manage their reputation before a breach exposes their sensitive information. Additionally, coverage is extended to the entire household, meaning affected family members have access to comprehensive identity management and identity theft resolution services, whether they are affected by a breach or not.
Adam Levin, IDT911 founder and chairman, said: “This is bigger than Anthem and Premera. This not only affects millions of federal employees, but their families as well; they become the collateral damage. Those affected are now exposed to identity theft, phishing schemes and possible extortion threats. This is an egregious breach of the public trust. We are not talking about changing a credit card number. There is no zero liability policy for someone whose Social Security Number and the intimate details of their private life are floating out there for any bad actor who wants to use it against them either financially or politically. This is life altering. It’s vital to know what options and resources are readily available, above and beyond what’s being directly provided by any breached institution with which we have a relationship.”
He argues that it is inevitable we’ll all be impacted by a data breach at some point in our lives, exposing our most sensitive information like a Social Security Number, date of birth, and other personal data to those who will attempt to exploit us in one fashion or another. The fact that 21.5 million people have learned their personal data has been exposed by the breach of the Office of Personnel Management reaffirms it’s simply a matter of when, not if, sensitive information will be exposed. And because the consequences of this and other breaches can be devastating and seemingly never ending, consumers need to do everything they can as individuals to protect themselves moving forward.
Levin continues, “Those who know or believe they have been compromised by the OPM intrusion, or any other data breach should immediately check all available resources including their homeowners or renters insurance policies to determine if identity theft insurance is included as an add-on. They should also check with their banks, credit unions and current employers to see if it’s offered as a benefit. Chances are, a significant number of consumers have some sort of coverage without even realizing it, and if they don't, they should proactively reach out to their providers to determine what options they have before the next major breach hits. Many times, these policies will include a direct line to fraud prevention specialists who can immediately assist in incident remediation and offer sophisticated monitoring services that go beyond simple credit checks with additional 24/7 internet and card monitoring.”
To learn more about LifeStages Identity Theft Protection please contact FreedomID for assistance.
For news on the latest privacy and security trends and educational resources to help you better protect your identity, visit www.freedomid-theftprotection.com .
About IDT911™
IDT911™ is the leading provider of services that help businesses and their customers defend against data breaches and identity theft. IDT911’s unique approach—delivering proactive protection, preventive education, and swift resolution—offers unrivaled support for more than 660 client partners and 17.5 million households. With its wholly owned subsidiary, IDT911 Consulting™, IDT911 delivers information security and data privacy expertise to help businesses avert and respond to data loss. Based in Scottsdale, Ariz., the company has several locations in the U.S. and Canada, as well as in Ireland to serve partners in Europe.
About FinWell Group (FreedomID)
Founded in 2010, FinWell Group exclusively offered financial wellness products as a package for group financial wellness benefits. In 2012 the company bundled the products to offer individual professionals a highly unique gift called Life in a Box. Life in a Box is now the primary product sold by FinWell Group to employers, institutions and independent professionals in all 50 states. The product includes multiple co-branding options and is offered at a price point that is reasonable and provides value to the recipient for a lifetime.
In 2014, FinWell Group began offering FreedomID as a stand-alone product in response to the demand for the current client base. FreedomID can be purchased individually, as a group benefit for employees or as a unique gift for independent professionals such as realtors, financial advisors, accountants and mortgage officers.
For more information please visit Freedomidtp.com.
Scottsdale, Ariz. (PRWEB) July 09, 2015
FinWell Group today announced they will provide Mortgage Returns, Inc. with FreedomID LifeStages® Identity Management Services as part of the company’s portfolio of concierge services for mortgage companies and professionals. FinWell Group has developed a strategic partnership with Mortgage Returns to offer FreedomID as a unique post-closing gift for borrowers.
Traditionally, the mortgage industry has provided branded items to their clients that can be perceived as low value. Now, one of the nation’s leading Mortgage CRM and concierge marketing firms is offering their mortgage clients a highly unique service that provides real value and peace of mind to the borrower – FreedomID Lifestages Identity Theft Protection for the entire household. This complimentary service was custom designed for Mortgage Returns and addresses a serious problem in the United States today. The program aims to protect borrowers’ issues related to social media compromise, data breach exposures, fraudulent transactions, and more. Tips to keep your identity safe while moving can be found at http://bit.ly/1dXPe8Q.
“FinWell Group, LLC has partnered with IDT911™ since 2011 to offer FreedomID Theft Protection Services and we’re excited to offer this unique product to Mortgage Returns customers,” said Mark Norman, President, FinWell Group. “We have offered FreedomID Theft Protection Services as part of our Life in a Box gift program for independent professionals for several years. The opportunity to create and provide this customized product to Mortgage Returns as their exclusive post-close gift is exciting. It’s a perfect fit since the last thing anyone needs during a high stress time of life is an identity theft crisis, and Mortgage Returns is offering an invaluable service to their clients customers to address this need.”
IDT911 fraud specialists provide high-touch service to victims from the initial call through case resolution. Their expertise covers a range of issues, from proactive consumer education, to document replacement, fraud and credit monitoring, and personalized help to cut through the red tape. Fraud specialists work one-on-one with victims and are available 24 hours a day, seven days a week until resolution is complete.
To learn more about FinWell Group’s FreedomID services, visit http://www.freedomidtp.com or call (888) 820-5959.
About IDT911™
IDT911™ is the leading provider of services that help businesses and their customers defend against data breaches and identity theft. IDT911’s unique approach—delivering proactive protection, preventive education, and swift resolution—offers unrivaled support for more than 660 client partners and 17.5 million households. With its wholly owned subsidiary, IDT911 Consulting™, IDT911 delivers information security and data privacy expertise to help businesses avert and respond to data loss. Based in Scottsdale, Ariz., the company has several locations in the U.S. and Canada, as well as in Ireland to serve partners in Europe.
About FinWell Group
Founded in 2010, FinWell Group exclusively offered financial wellness products as a package for group financial wellness benefits. In 2012 the company bundled the products to offer individual professionals a highly unique gift called Life in a Box. Life in a Box is now the primary product sold by FinWell Group to employers, institutions and independent professionals in all 50 states. The product includes multiple co-branding options and is offered at a price point that is reasonable and provides value to the recipient for a lifetime.
In 2014, FinWell Group began offering FreedomID as a stand-alone product in response to the demand for the current client base. FreedomID can be purchased individually, as a group benefit for employees or as a unique gift for independent professionals such as realtors, financial advisors, accountants and mortgage officers.
For more information please visit http://www.finwellgroup.com.
About Mortgage Returns
St. Louis-based Mortgage Returns, Inc. is an award-winning database management and automated marketing provider for more than 7,000 loan originators nationwide. Mortgage Returns’ customized marketing solutions increase referrals, cross-sell opportunities and end-to-end prospect management for more than 200 financial institutions. For more information about Mortgage Returns, visit http://www.mortgagereturns.com.
POSTED 9:11 PM, FEBRUARY 5, 2015, BY BONITA CORNUTE
ST. LOUIS – Up to 80 million people may have had their personal information stolen in a cyber-attack against America’s second-largest health insurer.
It is being described as a sophisticated, external cyber-attack by the president and CEO of Anthem Blue Cross Blue Shield.
Observers say this could be the largest data breach to hit a health care company. In a written statement, the company announced it is cooperating with the FBI to find those responsible for the breach.
Employees, along with current and former Anthem members, are targets.
Anthem says the breach was discovered a week ago. Even the company CEO was hit. According to an Anthem spokesperson, to date there’s no proof that medical records were stolen, but hackers did get names, birthdays, Social Security numbers, street addresses, email addresses, and employment information.
Some say this type of attack is starting to feel like the new normal.
Experts say once a Social Security number is stolen, you might see it used up to three years down the road. The consumer may not immediately realize the Social Security number is being used. If you get hit, watch for identity theft in several areas, including: medical, tax, employment, and investments.
Contributed By Eva Velasquez of IDT911
The Digital Age has made filing taxes a whole lot easier. But with that convenience comes risk, thanks to scammers out to steal your identity or tax refund. With tax season right around the corner, it’s a good idea to make sure your taxpayer identity is protected.
Tax-related identity theft is one of the fastest growing forms of the crime, according to the Identity Theft Resource Center. Many victims only discover a crime has been committed when they file their own return. Then they learn their refund has been stolen or that a return already has been filed under their Social Security number.
Here are a few easy ways to keep yourself safe:
File early. One of the best ways to be sure a thief can’t file a fraudulent return in your name and collect your refund is to file as early as you can. Now is the time to begin gathering your necessary paperwork and filing documents so that you can submit your return as soon as possible, beating a thief to the punch.
Only carry what you need. A lost or stolen purse or wallet can happen any time of the year, but no matter when the wallet went missing, a thief can wreak havoc all over again come tax time. Never carry your Social Security card in your wallet or purse, and never carry a document that contains that number.
Finally, remember that it’s vital you contact the IRS if you feel there are any errors, areas of concern, or if you’ve previously been a victim of identity theft. The IRS now has entire fraud detection and prevention departments, and can get you on the right track towards receiving a refund that is legitimately due to you. Don’t wait until the last minute, especially if your identity has been compromised.