HDM-102816-Covslide.jpg
5 ways stolen health data is monetized
Healthcare organizations are increasingly under pressure to prevent data breaches, as cyber attacks focus efforts on healthcare organizations. Hackers are finding new ways to cash in on the information they're stealing, an Intel Security report notes.
One HDM 1029 AdobeStock_98976335.jpeg
Dark markets
A McAfee Labs research report, “The Hidden Data Economy,” examined the theft and sale of financial data, particularly payment cards. Researchers knew that medical data was being stolen but had not seen it in the “dark markets” where data is traded. Intel Security, which now owns McAfee, took up the reins and investigated the market for healthcare records.
Two HDM 1029 AdobeStock_84988075.jpeg
Cyber landscape
“Before we dive into the findings, we must make one thing clear,” Intel researchers say. “It is not our intention to stir up fear. Rather, our aim is to document the threat landscape so that healthcare organizations can take action. For the healthcare sector this is imperative because we cannot simply change medical records as we can when payment cards are stolen. Indeed, the nonperishable nature of medical records makes them particularly valuable."
Three HDM 1029 AdobeStock_41688061.jpeg
Look in the right places
McAfee’s report did not specifically look for stolen health data but expected to find it and did not. In the new Intel report, “our initial assumption was that we simply were not looking in the right places in our prior research,” authors note. “This assumption was proven to be accurate. Quickly, we discovered dark web vendors offering for sale huge dumps of stolen medical data. In some instances, its availability was highly publicized.”
Four HDM 1029 AdobeStock_59084037.jpeg
Selling databases
For instance, one seller offered a database containing the medical data of 397,000 patients with screenshots showing names, addresses, birth dates and primary and secondary insurers. The stolen plain text database, from an Atlanta-based provider, was more than 200 MB in size. “Ownership of this database will be exclusive and only a single copy will be sold,” according to the seller. “This has not been leaked anywhere and it has not yet been abused.” This seller also was offering a database from a provider in Farmington, Mo., covering 48,000 patients and a database holding information on 210,000 patients from Oklahoma City, with screenshots proving the databases were legitimate.
Five HDM 1029 AdobeStock_79897941.jpeg
Insurance records also valued
One hacker stole insurance records and found a buyer that wanted all of it, an effort that netted $100,000. This hacker has a good reputation with positive feedback from 15 interactions, Intel found. The seller even boasts of his hacking accomplishments on social media.
Six HDM 1029 AdobeStock_60312685.jpeg
Inside job
Hackers also look for people who work in a provider setting so they can have someone on the inside who can set up an account with Care Credit, a healthcare financing credit card company.
Seven HDM 1029 AdobeStock_58379167.jpeg
Double-dip
Some sellers of stolen health information take advantage of parallel markets to increase profits, according to Intel. One hacker sold 40,000 medical records but removed the financial data, which was sold separately.
Eight HDM 1029 AdobeStock_60234046.jpeg
Easy prey
Intel gives an example of how easy it is to start hacking healthcare organizations and make money. A relatively non-technical thief can buy tools to start hacking, use them with a little free technical support, and extract 1,000 records that can net about $15,500.

“We now see cybercrime-as-a-service operating in the healthcare sector, with evidence that vulnerabilities are being sold and organizations are being compromised as a service,” according to Intel researchers.