Hackers and Healthcare Data: Love at First Breach

2016 was a record-breaking year for the healthcare industry, and not in a positive way. Last year saw the most healthcare data breaches in history, and this trend hasn’t slowed in 2017.

HIPAA Journal reported that 2017 is likely to break even more records for the medical sector. More than 16.6 million healthcare records were stolen or in some way compromised in 2016, and the first three months of this year alone exposed more than 1.7 million records.

Why Are Healthcare Records So Prized by Hackers?

In recent years, the healthcare industry has seen more breaches than several other sectors combined, and the reason for all of these attacks is simple – medical care providers require more details from patients than other types of organizations, and thus have more sensitive information on hand.

Patient details, including names, birthdates, addresses, social security numbers, medical histories, and payment information, can be used for all types of nefarious purposes. From receiving fraudulent treatments and medications to selling individuals’ personal information in underground marketplaces, this industry represents fertile ground for today’s hackers.

In fact, CNBC reported that stolen data gathered from healthcare breaches has even been used to file fraudulent tax returns. Organized crime rings have been known to connect with specialists who can help streamline malicious schemes.

“You have experts in different fields,” noted Etay Maor, IBM Security executive advisor. “There are those who are great at obtaining information. And then there are other guys who will buy this data and use it to commit fraud.”

High Prices for Stolen Data

One of the main motivations behind any hack is the potential for profit. The market for stolen healthcare data reached a peak in 2015 and 2016, with sources like CNBC reporting in 2016 that medical records could be as much as 60 times more valuable than credit card details. Reuters released similar findings in 2014, noting at the time that health care information was worth 10 times more than credit card numbers.

In 2016, a single medical record earned a hacker $60, as the file contained a wealth of details, including the patient’s name, birth date, address, phone number and employment information. At the same time, one Social Security number fetched only $15.

Times have changed recently, as underground markets became flooded with stolen information garnered from the rash of healthcare data breaches over the last months and years. In fact, CSO reported at the end of 2016 that medical records had dropped to $10 a piece on the black market, with some files selling for as low as $1.50 each.

“The market has become saturated,” CSO contributor Maria Korolov wrote. “With about 112 million records stolen in 2015 alone, the medical info of nearly half of all Americans is already out there.”

However, just because the price per record has fallen doesn’t mean hackers are abandoning the healthcare industry as a top target. There’s still considerable money to be made through these malicious purposes, and several notable breaches have already taken place this year. Since the beginning of 2017, the data of more than 900,000 seniors has been stolen and exposed after a former HealthNow Networks employee published a backup database online. ABCD Children’s Pediatrics was also breached, putting over 55,000 patients at risk.

In this way, healthcare data is still incredibly valuable for cybercriminals, and health care organizations must continue to increase their protections. One way to do this is to work with a cloud hosting provider with deep expertise serving clients managing protected health information (ePHI).

With over 19 years of cloud hosting experience, Ntirety is a HIPAA-compliant service provider offering highly secure, BAA-backed, third-party-audited and -approved cloud hosting solutions that support a wide range of requirements and budgets.

To find out more about how Ntirety can help support your compliance goals in the cloud, call +1.866.680.7556 or chat with us today.

Still learning about HIPAA compliance and whether your business needs it? Download our simplified eBook.