When considering our online privacy and security, we often hold our financial records, bank accounts, and credit card numbers in the highest regard. After all, if a hacker gets this information, they have ‘the keys to the kingdom', right? It might be surprising to learn that the black market value of this data is actually surprisingly low.
The going rate for your social security number is about a dollar. Your credit card number is worth five dollars. A complete medical record, on the other hand, can sell for more than $1,000 on the Dark Web.
Why Do Criminals Want Medical Records?
So why is your stolen medical record fetching such high dollar? It’s just a bunch of diagnoses codes and blood test results, right? Not quite, as health records have gone digital in the past few years, they've become far more vulnerable to hacking. These records are highly valuable to criminals for a number of reasons:
1. They contain an extensive amount of data
Medical records contain lots of information. A complete health record includes a person’s full name, address, contact information, social security number, insurance details, the name of treating physicians, diagnoses, prescriptions, treatments and more. A stolen credit card does not provide this level of detail to a hacker, but armed with a stolen medical record, a criminal can do quite a bit of damage.
2. Medical records can be used for a wide range of fraudulent activity
If healthcare data falls into the wrong hands, it can be used for a variety of sinister purposes. A scammer can use the information to open bank accounts, apply for credit cards or loans, collect rebates or even file tax returns. It doesn’t stop with financial fraud, though. They can also use the information to fill prescriptions, commit insurance fraud or for medical identity theft.
3. Your medical data is permanent
Unlike a stolen credit card or hacked bank account, your healthcare data can’t be changed. If your credit card is stolen, it can only be exploited until you call the bank (or go on an app) and cancel the card. However, you can’t easily change your name, address, or medical history if your healthcare record is exposed. The permanence of medical records, and its included personal information, means that it can be exploited for a longer period of time. This can cause major headaches for victims. According to the Ponemon Institute’s Fifth Annual Study on Medical Identity Theft, 65% of medical identity theft victims said that they spent an average of $13,500 and more than 200 hours of their time to recover from the incident.
4. It’s easier to access than financial information
That’s a scary thought. But the truth is that while banks and other financial service providers have stepped up their online security in recent years, many health insurers and hospitals are behind the curve. Combine a high black market value with easy access and an increasing reliance on electronic health records, and you have the perfect opportunity for a hacker to take advantage of.
What Can You Do to Protect Yourself?
Unfortunately, an individual will often have no idea that their information has been stolen until a bill shows up for a treatment they never received, or a new credit card is opened in their name.
1. Ask About Safeguards
Ask what happens to the paperwork you fill out. Is it shredded after being entered into a database, or tossed into the recycling? What kind of security protects those databases?
2. Don't Always Do as You're Told
Medical forms frequently ask for the patient's social security number. Leave that line blank, and if challenged, explain that the omission is for privacy reasons. It’s your right to protect your information.
3. Use Monitoring Services When Offered
It's now common for health insurers and other providers who have been hacked to offer members free fraud monitoring services. Take advantage of the offer.
4. Review Your Medical Records
One positive thing about medical records going online is that it makes it easier for patients to periodically check that all the procedures listed were actually performed on you, and that the details listed match your identity. If your records aren't online, you can ask to check your file when you're at the doctor's office.
Luckily, doctors, patients, and government officials seem to be waking up to the vulnerability of medical data.
At Breadcrumb Cybersecurity, we are dedicated to helping organizations from large hospitals down to the rural family doctor to step up their security efforts. Our cyber audit services certify that your healthcare provider is secure. Look for our seal in your doctor’s window. If you don’t see it, ask them about their security practices or choose another provider that is certified secure. After all, your medical record is the most personally identifying data available to hackers - don’t let it fall into the hands of criminals.
Breadcrumb is a cybersecurity and executive advisory firm. Located in Central California, we partner with organizations throughout the US, protecting their critical assets from cyber breach. Contact us today for a no-obligation consultation.