About a year ago, a vendor mentioned kind of offhand that Chinese companies are extremely interested in U.S. healthcare data. Then he added, “I don’t understand why Asian people are interested in American health.” Then he questioned the appropriateness of the comment.
Appropriate or not, it’s an example of something that, on the face of it, doesn’t make a lot of sense until you dig deeper.
This week, Chinese hackers breached Community Health Systems, a chain of 206 hospitals. It’s not clear yet what their motivations are, so this is just speculation, but the speculation I’m hearing makes sense. If these are private hackers and not something state sponsored like APT1, it’s all about the money.
Stolen credit cards are cheap because the market is flooded. I understand that a stolen credit card now sells for around three bucks, which isn’t a lot.
Health care records are more valuable. Imagine an uninsured person facing an expensive medical treatment. Such a person would gladly pay a couple hundred dollars for temporary health care coverage in the form of stolen insurance data that allows them to impersonate someone else long enough to get treated.
It’s not about people who are stereotypically healthy being interested in advice from people who are stereotypically unhealthy like that vendor insinuated; it’s about a business opportunity that exists in the United States but essentially nowhere else in the industrialized world. Why would a hacker steal credit cards that he can sell for $3 when, for a similar effort, he can get 7-10 times as much?
And in other news, Community Health Systems’ share price went up 50 cents a share the day the breach was announced, which is interesting to me mainly because earlier this year infamous AT&T un-hacker Weev announced his intention to start a venture capital firm that would short stock that he thinks is about to be breached. I wondered if Weev’s business model would actually work, and a coworker who once was a stockbroker said he didn’t think so, citing other companies whose share prices generally haven’t been affected much by breaches. This is another data point.