Last week the FBI announced it was investigating a hack attack on the federal government’s Office of Personnel Management. Anonymous government officials were already pointing their finger at China as the details emerged, accusing its government of espionage against the OPM, the agency that conducts the background checks on most federal employees. Analysts suspect that data was stolen on up to four million federal employees (out of a total of 4.2 million federal employees).
This cyber attack shared many similarities with one against the nation’s second-largest insurer, Anthem Insurance, which was disclosed last March. This resulted in the potential theft of the medical data of approximately 80 million Americans. The FBI is pursuing the theory that state-sponsored hackers from China were the sources of this attack.
Another cyber attack was recently revealed in August last year against Community Health Systems (CYH), which operates 206 hospitals throughout the nation. This time the medical records of 4.5 million patients were stolen. In a Securities and Exchange Commission report filed by CYH, it said the attacks had originated from an advanced group based in China with ties to the Chinese People’s Liberation Army, that same group that is also suspected of carrying out additional cyber attacks against US government targets.
Security around medical billing and coding records is obvious because of the potential for this information to be used by nefarious thieves looking to make a profit through identity theft or related crimes that involve personal data, as detailed in the previous post Why Hackers Target Billing and Coding Professionals. What is often less discussed is the potential for stolen medical data to be used to compromise national security.
Billing and Coding Data as a Means of Espionage
China isn’t the only nation whose intelligence services could justify such an attack for national security. In the world of intelligence, information about potential weaknesses of a source that has been targeted for recruitment can prove to be invaluable. Possessing such information can therefore be termed in the interests of national security.
As Dmitri Alperovitch, Chief Technology Officer at the internet security firm CrowdStrike, recently explained on the PBS Newshour, this most recent attack may have targeted the OPM because of the sensitive information the agency stores – namely about security clearance investigations. These investigations contain highly sensitive information about federal employees’ financial background and medical history.
Alperovitch additionally links this most recent attack as following a pattern similar to the one against Anthem Insurance that also targeted medical history information. He concludes that foreign governments such as China are attempting to build a massive database on all Americans that includes medical records. Alperovitch says this could potentially be part of a human intelligence operation that targets US federal employees or contractors who are in sensitive positions, who could then be persuaded to work against the United States in exchange for medical help for themselves or a loved one.
This means medical billing and coding professionals must be vigilant not only for HIPAA violations and identity theft criminals; they must also contend with international espionage!