Can Anything Be Done About Rising Healthcare Breaches?

March 6, 2015

Healthcare Breaches


Retailers aren’t the only targets of cyber crime, especially recently. The most notable breach was at Anthem, the largest for-profit managed health company in the Blue Cross and Blue Shield Association. The hackers made off with up to 80 million records including names, dates of birth, Social Security numbers, health care ID numbers, home addresses, email addresses, and employment information. While Anthem doesn’t believe any credit card information has been stolen, that doesn’t mean this breach won’t hurt the victims.

So what do thieves do with PII data? It’s a different strategy than credit card fraud. When these cyber criminals manage to collect social security numbers, addresses, etc., they store them in order to create an elaborate identity theft plan. While this sort of breach may not be immediately damaging, over time it can be worse than similar credit card fraud. These criminals can use your information to bill your insurance for prescriptions and medical services–all of which would remain on your personal record. This can impact the quality of care you receive if your record begins to reflect another person’s health history and preexisting conditions instead of your own.

What’s more is that this breach in particular is very hard to track. Records belong to both current and former Anthem members, plus they have uncovered 14 million incomplete records that they’re struggling to link.
Healthcare Breaches_Graph

With PII data being as valuable as payment data, it’s important that merchants take the necessary actions to keep it secure. So how do you keep Social Security Numbers and other personal information as save as credit card numbers? Simple. With the exact same technology.

The Anthem breach, with its eye-popping 78.8 million comprised records, is yet another reminder of the risks involved when businesses are not securely protecting our sensitive information. Hacking networks and databases is like cracking a giant safe – once inside, you have access to all the jewels. Had Anthem implemented the simple process of tokenizing sensitive data upon entry, all personally identifiable information would have been replaced by irreversible, impossible-to–decrypt tokens – in essence, fool’s gold.


Rush Taggart, Chief Technology Officer, CardConnect

Yep, that’s right. It’s completely possible to tokenize and encrypt Social Security Numbers and other PII data in the exact same way as payment cards.In fact, so many of our clients have requested to use our tokenization solution for PII, that we transformed this feature into a standalone product.  That way if anyone ever does force their way into your system, they wouldn’t be able to use any of the data they uncovered. Simple.

Learn more about tokenization for PII