Trying To Heal Health Care Fraud
Modern fraudsters are industry-agnostic — they’ll steal from any sector, including health care, insurance, and more. This Week in Fraud Trends, August 16, 2019.
When we wrote earlier this week about a fraud attack that impacted the insurance sector, we noted modern fraud’s fundamental agnosticism — making that point that no industry is safe. Here we are just a few days later, with a new story, and a different industry. This time, the subject is health care fraud. Fortunately, the story this time isn’t about a previous attack; it’s about what can be done to stop the next one:
“Following a detailed account of how scam artists can easily gain access to health care cash, six Democratic senators this week sent a letter to federal regulators urging them to ‘close loopholes’ that allow ‘bad actors’ to commit fraud.”
The “detailed account” referred to in the quote above, in fact, refers to a fraud expose that ran in ProPublica chronicling a troubling overlap between healthcare and insurance. Included alongside the specific use case were some sobering numbers:
“In 2017, private insurance spending hit $1.2 trillion, according to the federal government, yet no one tracks how much is lost to fraud. Some investigators and health care experts estimate that fraud eats up 10% of all health care spending, and they know schemes abound.”
This week was full of stories highlighting the different sectors impacted by fraud — sectors you might not even think of as being vulnerable. Like, for example, the security business!
Yes, you read that right. More than a million people’s biometric data was recently exposed in a massive breach made possible by a security flaw in … a security system:
“A huge cache of unsecured biometric credentials and personal information has been discovered by security researchers … The breach, which was discovered by researchers Noam Rotem and Ran Locar alongside vpnMentor, included the fingerprint data of more than 1 million people, facial recognition information, unencrypted usernames and passwords, and other personal information of users of Suprema’s Biostar 2 security platform.”
As DataVisor CEO Yinglian Xie wrote about recently, the aftermath of a data breach is a concerning time for all involved:
“The downstream effects of an event like this are far more impactful than the breach itself. Before we know it, the stolen data lands in the hands of fraudsters who waste no time in using the information for massive-scale attacks.”
From The Next Web this week comes a story about at least one step individuals can take in the wake of a breach:
“To see if you’re among those impacted, head to Troy Hunt’s data breach site Have I Been Pwned, which added the stolen database over the weekend. To avoid bad actors from exploiting this information to stage credential stuffing attacks, you should immediately consider changing your passwords.”
The quote above mentions credential stuffing attacks. If you’re not familiar with what those are, now would be a good time to get caught up:
We all know that fraud has become a global problem, and we know modern fraud attacks are increasingly sophisticated. As we discussed at the beginning of this article, we also know that fraudsters are sector-agnostic — they’ll steal from anyone, and jumping from industry to industry is not a problem. Given this fact, it’s heartening to see global companies teaming up to address multi-faceted global fraud challenges. We learned of one such effort in TechCrunch this week:
“To help fight the call spoofing problem, the industry put together a set of standards called STIR/SHAKEN (Secure Telephony Identity Revisited / Secure Handling of Asserted information using toKENs), which effectively signs calls as ‘legitimate’ as they travel through the interconnected phone networks.”
On that note, we happily assure you there is no spoofing going on here. This is the real DataVisor, bringing you the real trends in fraud! See you next week for another edition of This Week in Fraud Trends!
