Implementing NIST 800-171 to Manage & Measure Cybersecurity Efforts Read more
Cybercriminals are on a mission to gather high-value medical records. Why? Because they’re incredibly lucrative for hackers looking to make money on the dark web. In fact, medical records can sell for up to $1,000 per patient due to the amount of data found within the documents, including social security numbers, dates of birth, credit card information, and more. So what happens to the patients who have their medical records compromised? They’re often left struggling with the aftermath for years.
The dark web, also known as tor or the onion web, was released in 2004 as a more secure, encrypted form of the internet. It encrypts traffic to keep end-users anonymous and unlinkable to their devices. Websites end in .onion rather than .com or other variations we commonly see. Although the dark web has some reputable purposes, it’s become a commonly used place for cybercriminals to buy and sell illegal products and/or services, such as weapons, drugs, and stolen data.
A cybercriminal can purchase all of the necessary tools and services to commit a massive, coordinated cyber-attack. Check out some of the prices on goods dedicated to this exact purpose:
As mentioned above, medical records are very lucrative and sell for a high amount on the dark web.
The risk is high given the nature of how valuable medical records are. Radware, a leading security solutions provider, released a report stating that healthcare is the most second commonly attacked sector – falling shortly behind government. The average healthcare organization spends $1.4 million to recover from an attack. And to make matters worse, 39% of healthcare organizations reported being hit daily or weekly!
What makes the aftermath so costly? There are a range of factors contributing to the high cost of recovering from an attack:
Ransomware, in particular, is an increasing concern for healthcare organizations. Essentially, ransomware involves a hacker encrypting your systems and/or data and demanding a ransom fee in exchange for giving you access back. Cybercriminals can potentially take advantage of people who have ailments treated with cloud-based monitoring services, automated administration of prescription medicines, and other devices connected to the internet.
They’re able to commit a ransomware attack that stops the delivery of important health services – putting patient lives at risk. It’s a scary concept, especially when you consider how advanced and sophisticated cybercrime has become.
Healthcare organizations must work with an experienced IT company that knows what they’re doing when it comes to minimizing risks. They should be familiar with HIPAA rules and regulations, in order to ensure they’re implementing the right technical safeguards to protect electronic health records. This may include:
Healthcare organizations looking for assistance with cybersecurity can reach out to us for help.