News Feature | October 3, 2014

Medical Records Worth More To Hackers Than Credit Info

Katie Wike

By Katie Wike, contributing writer

Medical Records More Valuable Than Credit Card Info

Shockingly, experts say hackers can profit more from medical data than credit card information - just another indication that protecting health data is more important than ever.

Last month the FBI warned hackers were targeting healthcare. Now, experts say they may know the reason why health data is such a hot commodity.

According to Don Jackson, director of threat intelligence at PhishLabs, a cybercrime protection company, stolen health credentials can be sold for $10 each. This might not seem like much, but Jackson learned while monitoring underground exchanges that this amount is 10 to 20 times more than the amount for which hackers can sell a credit card number.

"As attackers discover new methods to make money, the healthcare industry is becoming a much riper target because of the ability to sell large batches of personal data for profit," said Dave Kennedy, an expert on healthcare security and CEO of TrustedSEC LLC in an article for Reuters. "Hospitals have low security, so it's relatively easy for these hackers to get a large amount of personal data for medical fraud."

iHealth Beat reports medical data thieves are most interested in:

  • billing information
  • birth dates
  • diagnosis codes
  • policy numbers

These pieces of data can be used to create fake IDs with which to purchase medical equipment or obtain prescription drugs. It can also be used to file false claims with insurers when hackers combine patient data with a false provider number.

A report from SANS and Norse earlier this year found, “A network compromise often leads to a data breach, potentially exposing the personally identifiable information of millions of consumers as well as the organization's own intellectual property and billing systems. In addition, these compromised networks allow cybercriminals to use the organization's network infrastructure and devices to launch attacks on other networks and to execute billions of dollars worth of fraudulent transactions.”