posted by adgrooms on May 30, 2019

We have recently looked at the risk of phishing scams in healthcare and how to avoid them. We have seen that the number of patient data breaches has reached one per day in 2018. But why do hackers continue the relentless attacks on healthcare institutions? What are the hackers after? What reward do they receive?

Patient records are incredibly valuable as far as stolen data goes. A patient data record carries a potential wealth of information. A single patient record could contain a driver's license number, credit card numbers, insurance information, and all of the individual's collected medical data.

Once a hacker obtains the data they can sell it in blocks to other criminals. The information can be purchased and used many times over. For example, a criminal can augment the information into false credentials to sell, or the information can be divided up and sold as individual drivers licenses, social security numbers, and insurance cards. And at any point in the sales, the information can be used for other criminal activities.

From the personal identification information (social security number, drivers license, date of birth), the medical record can be used for Identity theft. From insurance card numbers and personal health information, it can be used for health insurance fraud, filing and receiving payment for false claims. The personal health information can also be used to purchase medical equipment, drugs, and even medical procedures.

While a stolen credit card carries an immediate payoff, mechanisms are in place to quickly discover abuse and shut it down. There is no protection mechanism for health data comparable to the protections on credit cards, and there is no limit on the number of times it can be sold and used. The damage to victims of healthcare identity theft can be far-reaching and last for years.

The high value of medical data and the large number of records amassed in health systems will perpetuate the threat of hacking for medical institutions into the foreseeable future. The threats will continue, but the precautions are relatively simple. The key to security is to make access so difficult as to be not worthwhile. We can go a long way toward accomplishing this by remaining informed and vigilant against phishing and keeping passwords secure.