You Got It, They Want It: Criminals Targeting Your Private Healthcare Data, New Ponemon Study Shows

Lurking deep beneath the “surface” Internet we all know is the Dark Web, “a vast digital underground where hackers, gangsters, terrorists, and pedophiles come to ply their trade,” as a recent Popular Science article puts it. There, according to the article, you can buy anything from hitmen services to human organs to—you guessed it—forged identities.

Download the Report: Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data

Think about it! Your most sensitive medical information up for sale to the highest bidder. According to John Riggi, the FBI’s Cyber Division Section Chief, criminals are increasingly sophisticated, and often use your social media profile to craft highly effective spear phishing attacks as a means for gaining access. They then simply “phone home” while escalating privileges and building a network map. Once data is exfiltrated, they use the Dark Web to monetize the stolen information.

The Financial Allure of Healthcare Data

Medical records are a gold mine for criminals—they can access a patient’s name, DOB, Social Security and insurance numbers, and even financial information all in one place. “Credit cards can be, say, five dollars or more where PHI records can go from $20 say up to—we’ve even seen $60 or $70,” Jim Trainor, second in command at the FBI’s cyber security division, said in a CBTS blog post.

It’s no surprise, then, that criminal attacks are up 125 percent since 2010, the Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data by Ponemon Institute shows. “For the first time, criminal attacks constitute the number one root cause [of data breaches], versus user negligence/incompetence or system glitches,” Dr. Larry Ponemon, chairman and founder of Ponemon Institute, said in a Dark Reading article.

According to the Ponemon study, these highly skilled criminals are using a variety of methods to access your medical records:

• Spear phishing
• Web-borne malware attacks
• Exploit of existing software vulnerability

Who’s Behind the Attacks?

Mr. Riggi of the FBI said that cyber threats are very active and growing by both nation states and organized crime, most typically from Eastern Europe, Russia, China, and Iran.

And this data travels fast. According to a KrebsonSecurity.com blog post, “Sensitive stolen data posted to cybercrime forums can rapidly spread to miscreants and ne’er-do-wells around the globe.”

The blog post goes on to describe a recent experiment by security firm Bitglass, which synthesized 1,568 fake names, Social Security numbers, credit card numbers, addresses and phone numbers in an Excel spreadsheet. The company anonymously posted the spreadsheet to cyber-crime marketplaces on the Dark Web. In less than two weeks, the spreadsheet was accessed from 22 countries on five continents, and had been viewed more than 1,000 times.

“Additionally, time, location, and IP address analysis uncovered a high rate of activity amongst two groups of similar viewers, indicating the possibility of two cyber crime syndicates, one operating within Nigeria and the other in Russia,” the report concluded.

Sophisticated criminals, evolving threats, and the high value of healthcare data on the Dark Web and elsewhere put patients at a growing risk for financial and medical identity theft. Despite this, half of all organizations have little or no confidence in their ability to detect all patient data loss or theft. In addition, only 40 percent of covered entities and 35 percent of business associates are concerned about cyber attackers.
Unless healthcare organizations become as adept at protecting patient data as criminals are at attacking it, we could experience a tsunami of healthcare data breaches and medical identity theft the likes of which we’ve never seen.

Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data

Download the Report: Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data