January 5, 2017
What do blood diamonds, pangolins, and your medical records have in common? They are all worth a lot of money on the black market. Yes, that’s right, that old biopsy report and a few scribbles from your doctor about that embarrassing rash could be being sold off as you read this. It’s not just your medical history that’s valuable, but also how much personal information the records contain. They have your full name, phone number, address, date of birth, social security number, insurance details, and more. Can you imagine what could be done with all that information and a loose set of morals?
If it’s too early in the morning to be imaginative, here are a few of the many scams that can be perpetrated using your healthcare records. The information could be used to bill insurers for fake medical care, purchase drugs, open credit accounts, and—if you’re important enough—extortion.
Because they have so much potential for fraud and other crimes, your medical records command an impressive price on the darknet. A recent Reuters article said that they can fetch around $10 each, compared to around $1 for credit card numbers. Why you ask?
Businesses should be just as concerned for medical record theft as patients. If compromised records are unencrypted, the organization must notify the patient by email or mail. If the quantity of records compromised exceeds 500, the organization must also notify relevant media outlets. Not only are these requirements expensive, they are also the type of PR that a do not want to have pointed at your business. Under the HITECH Act, a business can also be liable for up to $1.5 million in fines in addition to paying for damages. In a large-scale data breach, the totals costs could crush a business.
Last year, Anthem revealed that the information of almost 80 million people had been compromised. When accounting for the costs of notifying each individual, potential fines and damages, it is predicted that it will cost them more than $100 million. Considering that their insurance policy doesn’t cover any losses above that amount, the company could face real financial repercussions in addition to their already damaged reputation.
Big businesses aren’t the only ones susceptible to data breaches. In fact, many smaller companies are targeted because their lack of resources makes them easier to hack into. This year, a hacker group named TheDarkOverlord stole 655k medical records from smaller healthcare providers. The fallout from breaches like this can be devastating for businesses. Because of this, it is important that healthcare companies are managing their cyber risk appropriately.
Breaches affect your bottom line. Period. The core of our business is to ensure that your business stays healthy so that you can focus on keeping people healthy.