Imagine having to pay a huge amount for a surgery you never received! That is what happens when your medical records are compromised. In 2015 alone, more than 113 million medical records were hacked as per the records of the Health and Human Services. Now, a report released by the Institute for Critical Infrastructure Technology says that the medical records of at least 47% of Americans were hacked in the past 12 months. This is particularly alarming when you think of the legal importance of these records in connection with medical records review and analysis in medical litigation. So what makes medical records so attractive to cybercriminals?
This brings us to the topic of the “dark web.” This murky term refers to a group of websites that are publicly visible, but hide the IP addresses of the servers that run them. Any web user can visit these sites but will not be able to identify the people operating these sites. Moreover, these sites cannot be found using search engines. Those who want to access these sites need to use specific software, authorization or configurations because these websites use particular encryption tools like Tor to hide their identity. Mostly, the dark web is the haunt of people engaged in illicit sale of drugs, weapons and so on.
Medical records sell hot on the dark web, fetching far higher prices than credit cards. Hackers gain access to medical records much more easily because hospitals that are only transitioning from paper-based to digital systems do not mostly have robust security systems in place. When a medical record is compromised, the hacker obtains the individual’s name, birth date, social security number and medical information. Medical records that provide social security details are more attractive because it is not easy to change a social security number while it is easy to cancel a credit card. On the dark web, a complete medical record easily sells for an amount (the bitcoin equivalent) of $60; social security numbers sell for $15 each; and stolen credit cards fetch a price of just $1 to $3.
- Medical records are used to steal a person’s identity and bill them for medical procedures or prescriptions.
- They are used to open a new credit history.
- Medical records are often used for extortion and blackmail.
According to the World Privacy Forum report, stealing medical records is a serious crime that can kill you. This is because important information on the patient’s medical record is deleted, or new entries added. When vital information is missing, how can you expect the medical chart to be of any use?
In very recent news reported in scmagazine.com, a hacker with the nickname “the darkoverlord” has stolen more than 650,000 medical records from three separate healthcare institution databases and made them available for sale at the online market place on the darknet online marketplace, the RealDeal. These databases or portions of them are reportedly offered for prices ranging from 151 bitcoins (nearly $ 100,000) to 607 bitcoins (nearly $400,000).
Incidents such as these are stark reminders to healthcare systems, law firms, corporations, insurance companies and other entities handling medical records for specific purposes to beef up their security measures. Their crisis management campaigns should include understanding and limiting the disclosure of sensitive client information, immediately communicating the breach to regulatory authorities and the affected individuals, and placing instant countermeasures to reduce risk.