A warning to all companies in the credit and collection industry that deal with medical debts — hackers are salivating at the chance to get your data.
A published report indicates that an individual’s healthcare records are up to 50 times more valuable on the black market than a regular financial record, because they likely contain more personally identifiable information (PII). A regular financial record may only contain one piece of PII whereas a healthcare record contains all of an individual’s PII, according to the report. That means that a healthcare record can go for as much as $250 on the black market, compared with about $5 for a regular financial record.
The number of data breaches in the healthcare industry is spiking and collection agencies are also starting to see more activity from hackers who have figured out that it might be easier to crack into a collection agency’s servers.
The data breach at American Medical Collection Agency last year, in which more than 25 million records were compromised, was one of the largest breaches in the world in 2019, and many have opened the eyes of other hackers to the valuable data being stored inside collection agencies.
Many of the hacks at healthcare companies start at a a third-party vendor, according to the report. Ransomware or other attacks start at a third-party vendor like a Trojan Horse and then are transferred to a healthcare company when the two entities communicate, either via email or data transmission.
“The healthcare industry may be the most vulnerable of all industries to cyber attacks,” said Jonathan Deveaux, head of enterprise data protection at comforte AG. “It’s about the data healthcare operators have access to. In the AMCA cyber heist, data stolen included patient PII and lab test info, but also included healthcare provider info, credit/debit card info, bank account info, and social security numbers. This was a treasure trove of data to a cyber thief.”