10 million medical records for sale on the so-called ‘dark web’ – that is frightening!!!
The scale of healthcare hacks seems to be on the rise, and it does not show any signs of slowing down at the moment.
This is a massive threat to data protection and privacy. Earlier this year, there was a record of 10 million medical records apparently for sale on the ‘dark web’ that were reportedly stolen from a big U.S. insurance company.
The hacker, dubbed the ‘Dark Overlord’, listed the 9,278,352 records on the ‘dark web’ for 750 bitcoins, which is equivalent to nearly £400,000. There are no solid grounds to believe that the data is genuine, but the price tag the hacker demanded would suggest so. It was reported that the hack on the U.S. insurance company was done in plain text, which indicates that records were not secured or encrypted.
Medical records are valuable
Medical records are fast becoming a hot commodity.
Aside of the records detailing your last check-up, prescribed medication, or injections, your medical records are a comprehensive document about you. Records contain a huge amount of personal details, which may include your name, physical address, and sensitive information like bank details, date of birth etc… So, it is not only useful for basic identify fraud, but also medical fraud, which can be very profitable. It could allow a cyber-criminal to use the personal data to file fraudulent insurance claims or sell your information to an interested party who may then try to market something to you that’s fitted around your medical history.
The grand scale of healthcare hacking is a massive concern.
Reuters reports that credit card details could go for $1 per patient, and medical records could go for ten times that amount. As medical records are something that we do not have easy access to, it is much harder to detect a potential threat to hacking. However, with credit card accounts, we can access it daily via online or telephone banking, and there is arguably more of a systematic approach to detecting credit card fraud. Most credit card companies have fraud detection systems in place, and in most circumstances, it will block the card if there seems to be irregular activity on the account.
Records not being protected enough?
A suggestion for the grand scale of healthcare hacks is not only down to its monetary value, but it could be because they are sometimes easier to hack in comparison to credit card records. It is arguable that they are not heavily guarded, which can be demonstrated with figures like our own NHS breaching data confidentiality thousands of times. In one example, Oxford Health NHS Foundation Trust accidentally posted 4,200 patient details online, which just goes to show how easy data can be lost.
Should we protect medical records more?
There could be a well-founded argument against increasing security for medical records. Some Doctors argue that increased security protection could slow down the system or even cause delays in an emergency.
But there is no excuse for healthcare systems to fall behind on their security either. These are people’s personal and sensitive details that the healthcare system is handling. Once they’re stolen, it places patients at a greater risk of being a victim of further fraudulent activity.
Victims of identity and medical fraud can suffer a lot of stress; aside from the fact that most people obviously don’t want their sensitive medical information shared with others.
Organisations and companies should do more to protect medical data – not only because it’s valuable data, but because they can have a lifelong effect on victims of breaches.
More should be done
Although the £400,000 sale has yet to be confirmed, these cyber-attacks and sale of medical records are becoming more and more common.
More regulation and stricter enforcement should be placed on organisations and companies to protect personal data, especially medical records. As a high commodity in the marketplace, organisations and companies should be alert to the next inevitable hacking. They should put up a greater shield before the next sword strikes…
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.