The Black Market for Medical Records and What It’s Costing Hospitals
Cybercriminals have discovered how profitable it is to steal and sell personal healthcare information. Now hospitals and medical centers are warding off more cyber-attacks as hackers look to pad their bank accounts.
89% suffered data breaches between 2014-2016
Between 2014 and 2016, 89 percent of healthcare organizations experienced some kind of data breach, according to a study conducted by the Ponemon Institute. The study found 45-percent of those organizations were hit five or more times in that same time period.
A majority of breaches, 68 percent to be exact, can be traced back to lost or stolen devices with access to sensitive data, this according to a Forbes article on the recent trend in attacks on the healthcare industry.
112 million records compromised, selling for $10 to $500 per record
In the first half of 2015, the healthcare industry suffered more than 20 percent of global data breaches in which 84.4 million records were compromised. By the end of that same year, 112 million records had been accessed in a total of 253 breaches, according to Forbes.
So what’s the payout? On the black market of stolen data, sensitive patient information is worth anywhere from $10 to $500 per record, compared to credit card numbers which only sell for about a dollar.
While hackers make money, these attacks are proving to be costly for medical providers. In December of 2014, Anchorage Community Mental Health Services agreed to pay a $150,000 fine for violating HIPAA laws as a result of a data breach.
Hackers are also using stolen information to make fraudulent Medicare claims and pocket the cash. The feds lose roughly $60 billion to Medicare fraud annually.
99.9% of exploited vulnerabilities were compromised more than a year after a patch
With aging software running equipment used by techs, nurses and doctors – plus, the growing popularity of being able to access critical medical data on mobile devices, the time is now for health providers to reinforce their IT defenses.
Don't let the hackers win!
Shavlik solutions offer superior protection for data centers, endpoints, and mobile devices. A security strategy that encompasses automated, comprehensive application and operating system security patching and secure information and application access can be implemented quickly and cost-effectively. Such a strategy can provide comprehensive protection from both known and emerging threats and attacks.