Book Review: What They Really Do With Your Medical Data

Posted by Scott Petry

Jan 28, 2017

Thumbnail: Book Review: What They Really Do With Your Medical Data - Illustration for Authentic8 blog review of Our Bodies, Our Data by Adam TannerSECURITY, IDENTITY, NEWS

Happy Data Privacy Day.  A new book provides an in-depth look at the commercial trade in patient medical data.  Sensitive data, a vibrant market, and not much cause for celebration.


A while ago, I wrote about the wave of data breaches at healthcare organizations and medical identity theft that is impacting millions and what we can do to protect ourselves better.

One of the readers of that post was acclaimed journalist Adam Tanner, who has reported on data collection and consumer privacy since 2012.

Adam and I have had an ongoing discussion on data privacy and security matters since we met a few years ago.  He was covering the issue for Forbes, and I had a chance to brief him on our secure browser solution.

A few weeks ago, he kindly directed my attention to an unknown - to me, at least - aspect of our personal medical records.

Topics: News, Identity

How Medical Identity Theft Works, and How it Can Impact You

Posted by Scott Petry

Jun 7, 2016

Image: Patients in Waiting Room with Chart: Indivituals Impacted by Healthcare Data BreachesIDENTITY, SECURITY

The healthcare industry currently tops the target list of cyber criminals, according to IBM’s 2016 Cyber Security Intelligence Index [PDF]. The Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data (Ponemon Institute) reveals that 89 percent of healthcare organizations and 60 percent of their business associates experienced data breaches over the past two years.

Recently, ransomware attacks (incidents where hospital data are encrypted and only released after a ransom is paid) have dominated the headlines. But most data breaches within the healthcare industry involve an even more lucrative target: medical records and related Personal Identifiable Information (PII), like Social Security numbers.

What does this mean for you? Medical identity theft via computer comes at staggering cost to the victims. They have to pay a steep price to get their life back: on average more than $ 13,000, according to one study. To make matters worse, victims can find themselves cut off from their doctors or get misdiagnosed, due to fraud-related errors in their medical records.

How to protect yourself? 

Topics: Identity, Security

Can You Trust Your Tax Preparer?

Posted by Gerd Meissner

Apr 7, 2016


IRS forms can suck the joy right out of a wonderful April day. Do you prefer online tax filing? Guess what: so do cyber criminals. Also on their target list: CPAs and local tax preparer offices.

Topics: Identity

Your data has been leaked - now what?

Posted by Scott Petry

Jun 29, 2015


The math isn’t good. Since 2013, more than 1 billion records containing personally identifiable information (PII) have been compromised. From credit card purchases at hardware stores to government background checks, your data is on servers completely outside of your control. And it appears that the owners of those servers haven’t cared about securing your data as much as you have. So your data has been leaked. Your world is changed, and here are 6 steps to take to get back in control of the situation -- a few of them immediately, the rest over time.

Topics: Identity

Protect Yourself from the Anthem Data Hack

Posted by Josh Brotheim

Feb 26, 2015



This article isn’t for everyone - only eighty million of you (or 78.8 million to be more precise). That’s the whoppingly huge number of Anthem Health Insurance customers whose personally identifiable information (PII) is now in the hands of internet thieves. If you’re a current or former Anthem subscriber (or a Blue Cross Blue Shield subscriber who received services from Anthem), crooks probably have your full name, birth date, member ID data, street address, phone number, email address, and employment information.

Topics: Identity

Trusting third parties can lead to second-rate security

Posted by Drew Paik

Oct 14, 2014


Over the weekend, news broke that hundreds of thousands of individual users of SnapChat (many under the age of 18) fell victim to compromise through a third-party service called SnapSaved, reportedly perpetrated by the same group responsible for leaking the celebrity photos. And Dairy Queen revealed that they were the latest in a growing list of retailers that have had customer credit card information stolen as a result of malware installed by hackers using stolen passwords from third-party contractors.

Topics: Identity

Does changing your password really make a difference?

Posted by Drew Paik

Oct 7, 2014



One of the most common pieces of advice in the wake of a major security breach is to change your password. Often. Let’s take a look at a competing argument: Don’t change your password because frequent changes won’t really keep you safe. The basic gist is this: regularly changing your password gains you nothing because if you’re not already compromised, you’re just swapping out a secure password for another secure password.

Topics: Identity

How did hackers access critical infrastructure in the Code Spaces attack?

Posted by Scott Petry

Jul 7, 2014



Last week’s catastrophic Code Spaces compromise reminded us just how vulnerable our systems can be. We have talked about some of the lessons learned in the aftermath of the attack, but the question remains: how did the initial compromise happen?

Generally, when bad guys gain access to a system, it happens in one of four ways:

Topics: Identity

Recycling is good for the environment, not your passwords

Posted by Drew Paik

Mar 12, 2014



This is not a proper password manager.

We all do it. Between the web apps that you want to have (Gmail, Facebook, Twitter) and the ones you need to have (Outlook, online banking, insurance), it's natural to want to keep things simple by having a handful of passwords that are easy for you to remember and use over and over again. In a recent survey, more than 55% of users admitted to recycling passwords (often in combination with the same username).

Topics: Identity, Security

Sharing is caring: How marketing teams can share web accounts while increasing security

Posted by Drew Paik

Jan 16, 2014

2014-06-05_Silo_Twitter_MarketingIDENTITY | SECURITY

What’s your company’s Twitter password? If you know the answer to that question (or if it’s written on a Post-It), then your brand is at risk.

In terms of moving to the cloud, marketing is probably the most aggressive function in any organization. Every new communication channel or social network adds risk to your business...

Topics: Identity, Security