Q: Why is the recent Anthem breach such a big deal? I mean, I can understand someone not wanting their lab results to be published on the Internet, but for most of us, who cares whether people know that we had knee arthroscopy in 1985?
A: You’re right, it generally isn’t the medical detail that’s of interest: it’s the other sensitive personal information that’s usually stored with it—SSN, birth date, family information, etc. This data can be used for three evil purposes. First, there’s actual identity theft, that is, stealing money through bogus credit. Then there’s health care fraud—using a bogus identity to receive medical treatment. Finally, having more detailed information on an individual makes it easier to successfully spear-phish them: if you receive email or a phone call that accurately recounts lots of your personal details, or those of someone else in your family, you’re far more likely to believe in its legitimacy.