"What we've seen in the last few years is that attackers have realized the economics of health-care data are very, very attractive," says Lee Weiner, senior vice president at cybersecurity firm Rapid7.
Anthem said hackers collected several pieces of personal information about its employees and customers, including Social Security numbers, birthdays and street and e-mail addresses. But the hack also included medical information numbers, which can be among the most damaging types of stolen data and be used to commit medical fraud, according to security experts.
Complete health insurance credentials sold for $20 a piece on underground markets in 2013, according to Dell SecureWorks. That is 10 to 20 times more than a U.S. credit card number with a security code.
The information can be used to impersonate hacking victims to obtain medical care or to purchase expensive medical equipment such as motorized wheelchairs. It often takes health-care providers longer to detect this type of fraud than credit card companies or banks, which are constantly looking for inconsistencies that could signal a problem. That also means it can be more time consuming and costly for victims to correct, experts say.
Criminal attacks on health-care organizations increased 100 percent between 2009 and 2013, according to a report on patient privacy by think tank the Ponemon Institute. About 40 percent of health organizations reported facing criminal cyberattacks in 2013, the report said.
The FBI released a warning to the sector in April of last year, advising health-care providers that their cybersecurity systems lagged behind protections in the retail and financial sectors -- leaving Americans' personal medical and insurance data vulnerable to attacks by hackers.
"You're going to see continued attempts to compromise this kind of data in the future," Weiner warned.