So far, we’ve examined what happens to ePHI when it’s stolen, but why is it so valuable to cyber criminals?
Why ePHI is So Valuable to Cyber Criminals
It is estimated that our global healthcare industry will be worth $8.7 trillion by 2020. Cyber criminals are cashing in by using stolen patient data primarily for insurance fraud, medication fraud, and financial fraud.
The Identity Theft Resource Center, a U.S. non-profit that provides victim assistance and consumer education, reported there were 355 healthcare breaches in 2016 affecting 15 million records.
Information contained in a medical record is particularly useful for lucrative fraud schemes because it’s high-quality, deeply personal, and permanent. On the dark web this type of data is referred to as "fullz" (full packages of personally identifiable information). Fullz can’t easily be replaced like credit card numbers so it is more useful and provides more value to criminals.
Because the information contained in a health record is complete and comprehensive, it’s extremely versatile and it takes much longer for fraud to be detected. The information can be used in a variety of fraud scenarios.
Sometimes personal identities are stolen to receive medical care. The Ponemon Institute provides an example in which a patient learned his identity was compromised after receiving invoices for a heart procedure he hadn’t undergone. His information was also used to buy a mobility scooter and medical equipment, amounting to tens of thousands of dollars in fraud.
Read Part 3 of Why Hackers are Targeting ePHI More Than Credit Cards - ePHI Vulnerablility