5 ways stolen health data is monetized

  • November 01 2016, 4:00am EDT

5 ways stolen health data is monetized

Healthcare organizations are increasingly under pressure to prevent data breaches, as cyber attacks focus efforts on healthcare organizations. Hackers are finding new ways to cash in on the information they're stealing, an Intel Security report notes.

Dark markets

A McAfee Labs research report, “The Hidden Data Economy,” examined the theft and sale of financial data, particularly payment cards. Researchers knew that medical data was being stolen but had not seen it in the “dark markets” where data is traded. Intel Security, which now owns McAfee, took up the reins and investigated the market for healthcare records.

Content Continues Below

Cyber landscape

“Before we dive into the findings, we must make one thing clear,” Intel researchers say. “It is not our intention to stir up fear. Rather, our aim is to document the threat landscape so that healthcare organizations can take action. For the healthcare sector this is imperative because we cannot simply change medical records as we can when payment cards are stolen. Indeed, the nonperishable nature of medical records makes them particularly valuable."

Look in the right places

McAfee’s report did not specifically look for stolen health data but expected to find it and did not. In the new Intel report, “our initial assumption was that we simply were not looking in the right places in our prior research,” authors note. “This assumption was proven to be accurate. Quickly, we discovered dark web vendors offering for sale huge dumps of stolen medical data. In some instances, its availability was highly publicized.”

Selling databases

For instance, one seller offered a database containing the medical data of 397,000 patients with screenshots showing names, addresses, birth dates and primary and secondary insurers. The stolen plain text database, from an Atlanta-based provider, was more than 200 MB in size. “Ownership of this database will be exclusive and only a single copy will be sold,” according to the seller. “This has not been leaked anywhere and it has not yet been abused.” This seller also was offering a database from a provider in Farmington, Mo., covering 48,000 patients and a database holding information on 210,000 patients from Oklahoma City, with screenshots proving the databases were legitimate.

Content Continues Below

Insurance records also valued

One hacker stole insurance records and found a buyer that wanted all of it, an effort that netted $100,000. This hacker has a good reputation with positive feedback from 15 interactions, Intel found. The seller even boasts of his hacking accomplishments on social media.

Inside job

Hackers also look for people who work in a provider setting so they can have someone on the inside who can set up an account with Care Credit, a healthcare financing credit card company.


Some sellers of stolen health information take advantage of parallel markets to increase profits, according to Intel. One hacker sold 40,000 medical records but removed the financial data, which was sold separately.

Content Continues Below

Easy prey

Intel gives an example of how easy it is to start hacking healthcare organizations and make money. A relatively non-technical thief can buy tools to start hacking, use them with a little free technical support, and extract 1,000 records that can net about $15,500.

“We now see cybercrime-as-a-service operating in the healthcare sector, with evidence that vulnerabilities are being sold and organizations are being compromised as a service,” according to Intel researchers.