Hacked medical records markets in everything

For some time now I have had mixed feelings about the move to electronic medical records, here is another reason why:

On the dark web, medical records draw a far higher price than credit cards. Hackers are well aware that it’s simple enough to cancel a credit card, but to change a social security number is no easy feat. Banks have taken some major steps to crack down on identity theft. But hospitals, which have only transitioned en masse from paper-based to digital systems in the past decade, have far fewer security protections in place.

…These records can sell for as much as (the bitcoin equivalent) of $60 apiece, whereas social security numbers are a mere $15. Stolen credit cards sell for just $1 to $3. During the tour, we spotted one hacker who claimed to have a treasure trove of just shy of 1 million full health records up for grabs.

As IBM’s Kuhn explained in a follow-up interview, these medical records can be leveraged for a wide variety of nefarious purposes. In some cases, it’s about stealing a person’s identity and billing them for a surgery or a prescription, and in others it’s about opening a new line of credit. Security researcher Avi Rubin told Fast Company in an recent interview that he suspects hacked medical records are often routinely used for blackmail and extortion.

Such hacking is indeed a trend:

More than 113 million medical records were hacked in 2015 alone, according to data compiled by the Health and Human Services. A newly released report from the Institute for Critical Infrastructure Technology, a cybersecurity think tank, found that some 47% of Americans have had their medical record hacked in the past 12 months.

That is from Christina Farr.

Comments

Comments for this post are closed