Despite the care most of us take to protect our credit card information, credit card fraud is the most common form of identity theft in the United States. According to a report from Javelin Strategy & Research, 15.4 million consumers were victims of identity theft or fraud which cost U.S. consumers more than $16 billion in 2016.
However, cyber criminals have been increasingly targeting electronic protected health information (ePHI), because hackers can get a premium price for this personal information on the dark web.
In this 5-part series we’ll learn what happens to ePHI when it’s stolen, why it’s valuable yet vulnerable, compare the safety of paper files, and look towards the future of ePHI.
Sold to the Highest Bidder
Raw credit card numbers, those that are missing PIN and user information, are worth $1 or less each on the dark web. More complete credit card records that have personal information command a higher price – up to $30 each depending on the country of origin. The most valuable prize for fraudsters is someone’s medical record. Estimates vary, but in general records consistently sell for $70-$90 each. Some hackers claim to sell blocks of thousands of records and receive over $100 per individual record.
Historically, healthcare data breaches were the result of actions taken by internal staff (both accidental and intentional) but the Ponemon Institute’s Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data in 2015 discovered that the primary reason for healthcare data breaches were due to criminal attacks.
The report states, “Employee negligence and lost or stolen devices still result in many data breaches, according to the findings. However, one of the trends we are seeing is a shift of data breaches—from accidental to intentional—as criminals are increasingly targeting and exploiting healthcare data.”
Read Part 2 of Why Hackers are Targeting ePHI More Than Credit Cards - ePHI Valuable to Cyber Criminals