Here’s a fact that might surprise you: Your healthcare information is worth more to hackers than your credit card number. A LOT more. Forbes reports that a credit card number is worth 25 cents on the black market, but an electronic medical health record (EHR) is often worth hundreds or even thousands of dollars.
Why? Well, health records include most of the information a criminal needs to commit identity theft, medical fraud, tax fraud, insurance fraud and related crimes, so they are extremely useful. And since most the data (such date of birth and Social Security number) can't be changed the way credit card numbers can, each health record offers value for years to come. That makes stealing this particular type of data quite a lucrative business.
And cyber criminals aren’t just stealing medical records one or two at a time — they’re swiping whole databases for big payoffs. For example, a McAfee report shows multiple listings of healthcare databases for sale on the dark web, including one with 397,000 EHRs offered for 300 Bitcoins. Sometimes the listings even boldly include evidence that the seller truly breached the healthcare organization, which presumably commands top dollar (or Bitcoin).
Because healthcare data is so sensitive and so sought after by attackers, healthcare organizations around the world are subject to a wide range of compliance regulations and requirements. Although they all share a similar goal — protecting the privacy and integrity of healthcare data — they have important differences. Here are some of the most important ones to know about:
Despite all these regulations and guidelines intended to strengthen cybersecurity, more and more healthcare organizations are suffering breaches. For instance, one analysis found that the U.S. Health and Human Services database recorded 268 data breaches in 2015 but 328 in 2016 — a 22 percent increase. What’s more, those 328 breaches exposed the sensitive data on 16.6 million Americans. In my next blog, I’ll dive into the realities of the healthcare industry and trends in the threat landscape that help explain the continued high rate of breaches.
In the meantime, be sure to read our white paper, “Protecting Data in the Healthcare Industry,” to learn more about:
Download White Paper