Looking for Stolen Health Records? They’ll Cost You!

Looking to get your hands on some stolen electronic health records? Hopefully you aren’t, but on the off chance that you are, it’ll likely cost you a good deal of money on the black market. As a recent study from Trend Micro (via Dark Reading) found, “complete EHR databases can fetch as much as $500,000 on the Deep Web.” Further, “attackers are also making their money off of smaller caches of farmed medical identities, medical insurance ID card information, and personal medical profiles.” The high price is largely due to the wealth of useful personal information typically found in patient health records, including Social Security numbers. Armed with this data, Trend Micro notes, thieves can “acquire prescription drugs, receive medical care, falsify insurance claims, file fraudulent tax returns, open credit accounts, obtain official government-issued documents such as passports [and] driver’s licenses, and even create new identities.”

Trend Micro’s report, “Cybercrime and Other Threats Faced by the Healthcare Industry,” also reminds us that that industry has been the one “with the highest number of data breaches, followed by the government and retail sectors.” Indeed, there were a record-high 113.2 million health records stolen in 2015. This is in large part, the researchers note, because of relative inattention at many organizations to updating cybersecurity procedures. Notes Trend Micro’s research team, “Hospitals and other health care organizations may prioritize operations and efficiency of the facility over cybersecurity.” Further exacerbating the situation: devices connected to the Internet of Things (IoT), which with added connectivity brings added vulnerability.

What can the industry do to shore up its defenses? Trend Micro’s researchers suggest a few basic fixes, including ensuring that software systems are up to date and making sure that all connected IoT devices are fully patched. Improving encryption and authentication processes are important, too. Also key for health care providers and organizations: “educating staff members, who access EHRs, on the basics of cybersecurity and risk management.” With more organizations taking these steps, hopefully black market entrepreneurs will soon have less in the way of inventory at their disposal.

Click here for the article from Dark Reading.

Click here for the study from Trend Micro.


Leave a Reply