Stolen Medical Data Worth 10 Times More Than Credit Card Information

October 1, 2014, Written By Bill Hardekopf
Medical files in a long row

How much are your medical records worth? About $10 on the open market, which is 10 times more than the average stolen credit card number.

According to Reuters, cyber criminals are beginning to turn their attention to medical records in place of credit card numbers due to inadequate security systems in the healthcare industry.

Last month, one of the largest hospital groups in the United States, Community Health Systems, said hackers from China stole the personal information of more than 4.5 million patients. Hackers may have obtained the patient names, birth dates, addresses, telephone and social security numbers.

In 2013, approximately 40% of healthcare organizations reported criminal cyber attacks, up from 20% in 2009.

“As attackers discover new methods to make money, the healthcare industry is becoming a much riper target because of the ability to sell large batches of personal data for profit,” Dave Kennedy, CEO of TrustedSEC LLC, told Reuters. “Hospitals have low security, so it’s relatively easy for these hackers to get a large amount of personal data for medical fraud.”

Hackers are able to steal names, birth dates, policy numbers, billing information and diagnosis codes from healthcare providers. This information is then used to create fake IDs to buy medical equipment to be resold, or it may be used to file false claims with insurance companies.

“Healthcare providers and hospitals are just some of the easiest networks to break into,” remarked Jeff Horne, vice president at the cybersecurity firm Accuvant. “When I’ve looked at hospitals, and when I’ve talked to other people inside of a breach, they are using very old legacy systems—Windows systems that are 10 plus years old that have not seen a patch.”



The information contained within this article was accurate as of October 1, 2014. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.