It is now becoming easier for cyber criminals to steal hospital data and records or hold patient data for ransom. Cybercriminals are sneaking into more and more health insurance databases and hospital networks in recent years, stealing the personal health records of tens of millions of Americans.
Per industry experts, the reason behind this is that health sector doesn’t protect its data. The hackers have apparently migrated to the health sector as the financial sector has pulled up its socks.
In a report from the Institute for Critical Infrastructure Technology, it was found that more than 113 million medical records were stolen in 2015. The report found that Victims of the crimes receive limited or no help from the government or healthcare organizations because consumer protections are not well defined in the case of medical identity theft.
The large amount of leaked patient records was stolen and posted for sale to the dark web, a hidden electronic black market, for years after the initial breach.
In some cases, Hackers will infiltrate a system and then hold the data for ransom, demanding payment in money or in some cases in Bitcoins. This phenomenon is called a “ransomware” attack.
The Hollywood Presbyterian Hospital in Los Angeles was hit by a ransomware attack and was forced to shut down until it could pay $17,000 to the hackers.
According to James Corman, Director of cyber statecraft at The Atlantic Council and a member of a Health and Human Services cybersecurity committee, this type of information is a stepping stone to other types of compromise later. “It could be your social security number, city of birth or other things you may use in bank security questions. It’s all the stuff around your medical history”, said Corman.