Health Records: More Valuable Than You Think

Health Records: More Valuable Than You Think

What do blood diamonds, pangolins, and your medical records have in common? They are all worth a lot of money on the black market. Yes, that’s right, that old biopsy report and a few scribbles from your doctor about that embarrassing rash could be being sold off as you read this. It’s not just your medical history that’s valuable, but also how much personal information the records contain. They have your full name, phone number, address, date of birth, social security number, insurance details, and more. Can you imagine what could be done with all that information and a loose set of morals?

If it’s too early in the morning to be imaginative, here are a few of the many scams that can be perpetrated using your healthcare records. The information could be used to bill insurers for fake medical care, purchase drugs, open credit accounts, and—if you’re important enough—extortion.

Why Are My Medical Records So Valuable?

Because they have so much potential for fraud and other crimes, your medical records command an impressive price on the darknet. A recent Reuters article said that they can fetch around $10 each, compared to around $1 for credit card numbers. Why you ask?

  • Increased security measures on credit cards. Chips, pin codes, and additional identity verification measures has made it much more difficult for criminals to profit from credit data. If a customer has a nefarious charge, they can simply contact their bank and have the issue go ahead (i.e. new card reissued and insurance covers the theft). You can’t just cancel a medical record.
  • Difficulty to detect medical record theft. It is notoriously difficult to detect when medical records are stolen. This gives criminals more time to benefit from using the stolen data. In many cases, years, if at all.

How Can I Protect My Data?

  • Monitor Your Medical Documents. This means actually reading your explanation of benefits, insurance bills, and provider bills. If anything looks out of the ordinary inquire about it immediately.
  • Monitor Your Finances. Check that you don’t have any strange charges on your statements. You might also want to consider credit monitoring as it will help you stay on top of credit score fluctuations and new lines of credit.
  • Don’t Make Yourself A Target On Social Media. Social media is a treasure trove of information. The more information you have out there, the more that is available to criminals trying to use your data.

What Does Medical Record Theft Mean To Businesses?

Businesses should be just as concerned for medical record theft as patients. If compromised records are unencrypted, the organization must notify the patient by email or mail. If the quantity of records compromised exceeds 500, the organization must also notify relevant media outlets. Not only are these requirements expensive, they are also the type of PR that a do not want to have pointed at your business. Under the HITECH Act, a business can also be liable for up to $1.5 million in fines in addition to paying for damages. In a large-scale data breach, the totals costs could crush a business.

Last year, Anthem revealed that the information of almost 80 million people had been compromised. When accounting for the costs of notifying each individual, potential fines and damages, it is predicted that it will cost them more than $100 million. Considering that their insurance policy doesn’t cover any losses above that amount, the company could face real financial repercussions in addition to their already damaged reputation.

Big businesses aren’t the only ones susceptible to data breaches. In fact, many smaller companies are targeted because their lack of resources makes them easier to hack into. This year, a hacker group named TheDarkOverlord stole 655k medical records from smaller healthcare providers. The fallout from breaches like this can be devastating for businesses. Because of this, it is important that healthcare companies are managing their cyber risk appropriately.

Breaches affect your bottom line. Period. The core of our business is to ensure that your business stays healthy so that you can focus on keeping people healthy.