Bad Cyber-Actors Are Getting Better At Their Game. What About You?

This recent report on how criminals used people's stolen identities to defraud the US healthcare system of $10.6 billion deserves your attention. Here is a key part related to cybersecurity (emphasis added):

"Those involved in the fraud bought dozens of companies that were accredited to submit claims to Medicare and the program’s supplemental insurers, prosecutors say.

Then, using personal information stolen from more than a million Americans, the defendants filed billions of dollars in claims for equipment that had not been ordered by people enrolled in Medicare and was not delivered to them, according to the indictment."

For context, the story mentions that a previous gang in 2019 defrauded the US healthcare system of $1 billion, which was considered a lot at the time.

And if you need more context, a completely unverified and unaudited "cost savings" identified in the US by the DOGE process in 2025 was $180 billion. (Full disclosure: my AI engine claims this amount is probably wrong and it gave it to me grudgingly.) 

This attack shows some sophistication. Stolen information wasn't used to harm individual people, it was use to set up shell companies and steal a lot of money. Your taxpayer money.

This story deserves your attention because cybersecurity is not getting easier, the need for it is becoming more intense, and people you're working against are getting better at what they do. In another post that we're working on, about 16 billion passwords stolen recently, we note that one cyber-researcher says “This is not just a leak – it’s a blueprint for mass exploitation.” 

A blueprint is a formula to be used to exploit IT systemic weaknesses. Your IT system's weaknesses.

What about you? Are you getting better at cybersecurity? 

Here is a serious question we need to you to ponder and think through:

What have you done to improve yourself as a cybersecurity specialist over the past year?

If you own or manage an organization, here's a different version of the same question for you:

What have you done to improve your organization's cybersecurity over the past year?

It's very important that you consider your answer to this question. It's not complex and you don't have to tell anyone the answer. Moreover, only you can answer it.

And so, what is your answer?

If your answer is something like "we made all employees take mandatory annual cybersecurity training" or "I listened to some podcasts" -- well, OK, but your adversaries are working harder than you to beat you. 

If you want to win, ask us how we can work with you to help you improve yourself as a cybersecurity specialist or a manager implementing cybersecurity. You'll have a better answer to the same question next time.