Despite the care most of us take to protect our credit card information, credit card fraud is the most common form of identity theft in the United States. According to a report from Javelin Strategy & Research, 15.4 million consumers were victims of identity theft or fraud which cost U.S. consumers more than $16 billion in 2016.
However, cyber criminals have been increasingly targeting electronic protected health information (ePHI), because hackers can get a premium price for this personal information on the dark web.
Raw credit card numbers, those that are missing PIN and user information, are worth $1 or less each on the dark web. More complete credit card records that have personal information command a higher price – up to $30 each depending on the country of origin. The most valuable prize for fraudsters is someone’s medical record. Estimates vary, but in general records consistently sell for $70-$90 each. Some hackers claim to sell blocks of thousands of records and receive over $100 per individual record.
Historically, healthcare data breaches were the result of actions taken by internal staff (both accidental and intentional) but the Ponemon Institute’s Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data in 2015 discovered that the primary reason for healthcare data breaches were due to criminal attacks.