DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Medical Info for Sale Online

Posted on September 24, 2013 by Dissent

A report by Tisha Thompson and Rick Yarborough of the  News4 I-Team makes a good point  – that even when people know their PII is floating around or may be on black markets, they often have no clue their medical information or insurance information is also for sale on underground markets.The team interviewed one of the black market sellers. Here’s a bit of their report:

He said he got most of the current medical records from India, where call centers gather information by phishing over the phone. In those call centers, he said, “You’re going to see people buying data, selling data, like it was candy at a store.”

The seller also described how the operation worked when he, himself, was a telemarketer for an overseas company. He said callers would try to get missing private details from people over the phone. “They gave me a script that I had to read,” he said. Part of the script read, “’So, what is your name? What is the doctor’s name?’ When we didn’t even have the doctor’s name on it,” he explained. “We were just saying that.”

Those private details were then often sold to medical companies that targeted people with health conditions and charged insurance companies for services and supplies.

Read more on NBC.

A recent Ponemon survey highlighted their finding that most people do not check their medical records for accuracy. I would venture to say an even greater percentage have no clue at all whether their health-related information is up for sale on the black market. And because most of us would have no idea how to go about finding out, your best bet is to (1) check your Explanation of Benefits statements to see if anything “hinky” is showing up, (2) check your credit report, which are you entitled to get for free periodically, (3) be cautious about giving out information over the phone to out-sourced call centers, and  (4) check your medical records for accuracy.

With respect to the last point, when my primary care provider switched over to EMR, they input a lot of information into the system. In glancing over their printout of an appointment, I noticed that it showed I had a history of hypertension. I don’t. A staff member casually said, “Well, maybe you had one instance of high blood pressure and that’s why it showed up.” I responded firmly that they were to delete that as it was inaccurate and misleading, and might have both insurance and healthcare implications down the road. And then I waited until they deleted it.

Protect yourself.

Related posts:

  • Established dark web market disappears suddenly, leaving vendors and customers scrambling
Category: Uncategorized

Post navigation

← Alabama state employee sentenced for stealing info from state database for tax refund fraud scheme (updated)
The DEA Thinks You Have “No Constitutionally Protected Privacy Interest” in Your Confidential Prescription Records →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.