While the average consumer might be worried about their credit cards being compromised—or their Social Security number being stolen—experts are now warning that an even bigger threat is taking center stage this year: hackers gaining access to patient medical records.
Back in October, the FBI—along with the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS)—warned that there has been an increase in hackers targeting the healthcare sector with TrickBot and BazarLoader malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services.
And a growing number of hackers are setting their sights on personal medical records, which can then be sold on the dark web for up to $1,000 each. To put it in perspective, credit card numbers sell for around $5 each on the dark web, while Social Security numbers go for as little as $1 each.
Why are these records so valuable? While credit cards can be easily canceled, medical records cannot be altered. The data included in them, such as a patient’s medical and behavioral health history and demographics, as well as their health insurance and contact information, can be used by criminals to do everything from illegally obtain prescription medications and file fake medical claims, to completely steal the patient’s identity.
The damage to the public is severe. Medical identity theft costs $13,500 to resolve, with patients spending more than 200 hours trying to repair the damage and secure their personal information. For the healthcare sector, it boasts the highest average cost of a breach, reaching $6.45 million in 2019. Collectively, healthcare data breaches cost $4 billion in 2019.
Experts agree that staff education can help prevent ransomware from being released into a network. In fact, between January 1, 2019 and June 20, 2019, human error was attributed to 60% of all healthcare data breaches. In addition, since connected medical devices can also give cybercriminals access to patient data and the hospital’s server, connecting devices to a secure clinical computing hub is another effective security step. Implementing these practices is just one piece of the puzzle, as protecting valuable medical information becomes increasing complex as digitalization takes over the healthcare sector.