Medical data more valuable than credit card details on the dark web

Medicare details sold by cyber criminals

Australia's browbeaten insurers say medical records are now even more prized by cyber criminals than financial data following recent dark web scandals.

Breaches of privacy, such as theĀ illicit sale of Medicare card details for less than $30 online that was exposed this week, and the ransomware attack that froze computer's across the UK's National Health Service, are becoming worryingly common.

Insurers say they are not feeling adequately prepared to cope with the fallout as health records become a hot commodity on a hidden part of the internet known as the dark web.

Search engines cannot search and do not index this unlisted section of the internet, meaning illegal items, including personal data and drugs, can be traded with relative ease.

What is the dark net?

"It would appear of late that health record values have increased and credit card details have decreased in value," said Scott Fergusson, the Australian insurance leader at PwC.

"Insurers collect a lot of pretty sensitive data, particularly in the life insurance sector around people's health or whether it be in the general insurance space around the nature of company's assets.

"So there is some pretty juicy data that insurer's carry in order to provide their service, that could be attractive those wanting to exploit it."

At a recent senate inquiry concerns were raised about the extraneous medical information insurers collect about their customers in the course of underwriting and during the claims process.

According to data to be released next week by PwC, the senior management and directors at Australian insurers have regarded cyber risk as Australia's No.1 concern for the past two years.

Senior management and directors at Australian insurers regard cyber risk as Australia's No.1 concern.
Senior management and directors at Australian insurers regard cyber risk as Australia's No.1 concern. xijian

"There is continued anxiety around 'do we have cyber risk properly understood and are we confidence with the way that we're mitigating that risk?' and clearly the answer is 'not yet'.

"The risks are evolving rapidly and a number of high-profile events will naturally raise anxiety. Insurers as the adopt new technology are exposing themselves to risks that they weren't used to in the past whether it be through connectivity to the 'internet of things' partnerships or mobile technology that connect more easily to customers."

Mr Fergusson insists Australia isn't falling behind the rest of the world, but he said strong security "hygiene",Ā crisis management planning and good user awareness were must-do's for management.

"Some of those pragmatic steps are clearly lacking," he said.

In the same survey global insurers rank cyber risk as their second-greatest concern, behind change management.

"The world has been a little bit behind and up to and including 2015, they were still implementing massive capital regulations that were driving a lot of concerns about regulatory risk," Mr Fergusson said.

"The Australian market is relatively small in the global scheme of things, so it's tended to be more agile and open to trying new things. So that may be what's also forcing Australian executives to be thinking about these risk advances ahead of their global counterparts."

According to the survey Australian insurers are far more concerned about increased political and regulatory scrutiny than their global counterparts. Ranking it as their No.2 concern on the back of falling levels of trust in insurance providers and financial services.