Analecta Cyber Company Blog: Why your medical information is gold for hackers

2016-04-20

Why your medical information is gold for hackers

It is known in the security industry that personal health information (PHI) has been the target of numerous cybercrimes. It has been the aim of hackers to access and gather this type of information more often in the last couple of years. The main reason behind this is that the information’s value has kept increasing on the black market.

According to the FBI, the price for stolen health insurance information ranges from $60 to $70 on the black market. This is way higher than the value of a Social Security number, which is less than a dollar each. They added that the fact that this information could be used for identity theft, remained the top reason why the value for this information skyrocketed in just a matter of few years.

As a result, more and more attacks have been reported, which specifically target PHI in medical facilities and healthcare organizations. According to a research study on medical data breach, more than 90% of hospitals and healthcare facilities have reported experiencing a data breach. On average, it had cost each organization more than $2.1 million. Even more alarming is that, among these medical facilities, 40% have had five or more data breaches within the last two years.

When important information was digitized, it enabled easy sharing of patient health history, medications and symptoms to different hospitals, HMOs, healthcare providers and pharmaceutical companies. On the other hand, it made that information easier for hackers to access. It could also be leaked through email exchanges, especially when the data is unintentionally sent to the wrong recipient.

Hackers can send fake emails with malware without the user's knowledge. This scheme tricks hospital staff into giving authorization to the attackers, who in turn are able to have full access to patients’ medical data.

Hiring third party service providers like IT consulting, medical equipment technicians, lab services staff also elevates the risks of data leakage because they are all given access to sensitive information of patients.

To protect the electronic medical information found in every medical facility, healthcare organizations should exert more effort in finding new steps and increase the level of their cyber security. Additionally, any security system being implemented should always be readily accessible and user-friendly. Training medical staff and hospital employees should also be necessary to eliminate human error in any type of data security.

A breach of medical records could directly result in identity theft. And when victims seek litigation against the medical organization, it could cause financial problems to them and even worse, patients could lose trust in them. So, while it's not too late, healthcare organizations should take the necessary measures in protecting personal healthcare information. By doing so, they will, not only abide by the regulatory requirements but also eliminate future risks like identity theft, healthcare fraud and others.