With health care data fetching significant profits both in underground data sales and ransomware, the industry is an inviting target, but network scans indicate organizations remain vulnerable.
The health care industry continues to be a major target of attacks, with stolen electronic health records generating lucrative profits for data thieves and ransomware attacks often leaving affected hospitals no recourse but to pay, according to two reports released in the past week.
As part of its focus on cyber-crime’s impact on specific countries and industries, security firm Trend Micro collected data on the prices fetched by electronic health records in underground markets, such as TheRealDeal, AlphaBay, Valhalla, Apple Market, Python Market, Dream Market and Silk Road.
Single medical insurance cards can be ordered online for $1 each, while medical records that include a complete profile of the patient—including Social Security numbers, medical treatments, date of birth and insurance information—can fetch up to $5 per records. Another report by Fortinet underscored the impact of ransomware, but Ed Cabrera, chief cyber-security officer of Trend Micro, said that most breaches are focused on grabbing the data.
“We know that EHRs are being sold in the criminal underground,” he told eWEEK. “In spite of this year being the year of online extortion, criminal breaches are still happening.”
The overall picture is hard to see, but a variety of vendor-supplied data points exist. Health care, for example, only accounts for 115 confirmed breaches out of 2,260 documented incidents in the 2015 dataset published as part of the 2016 Verizon Data Breach Investigations Report.