1. Healthcare hacking is getting easier
Digital transformation in healthcare is moving forward but security is lagging behind. Hospital systems with outdated, unpatched devices are connected to the Internet, increasing their likelihood of getting infected with malware. Infected medical devices allow hackers to exploit vulnerabilities and gain access to hospital systems. Once they find a foothold, hackers can offer “hacking-as-a-service” to fraudsters who are interested in exploiting healthcare systems but lack the technical hacking skills.
2. Cyber-attacks are becoming more advanced
Cybercrime organizations operate like any other technology company and they are continuously developing more advanced hacking tools. In their research, the TrapX Security Labs division described medical devices in hospitals that were found to be infected with an advanced attack flow that they call MEDJACK (medical hijack), that creates a pivot point for hackers to access hospital systems. They reported that attackers had used sophisticated attack techniques that could enable extraction of sensitive patient information without getting detected.
3. Medical records are more valuable for fraudsters
Stolen medical records tend to have a higher value on the black market than stolen credit card information. Cynerio’s researchers follow dark web activity related to hacking of medical devices using Sixgill’s dark web monitoring technology. Here is an example of a vendor charging double the price for personal information when it includes medical ID.
What to fraudsters do with stolen medical records?
One of the most common forms of fraud is credit card or banking fraud where the medical records are used in combination with other personal information to make fraudulent transactions. But the more interesting frauds are those related to health-insurance and taxes. This is also where information specific to medical records comes in handy. In this case the fraudster would need as much background information on the victims as possible, and medical records usually include rich background information. Our research team recently found a vendor selling kids’ social security numbers and dates of birth (known on the dark web as “fullz”), that were hacked from pediatrician’s databases. The same vendor has just released a new batch of children’s “fullz”. The proximity of this new batch to the previous one is a good indicator that this is a strong demand for fresh information stolen from medical databases.
Healthcare organizations that collect, store and transfer medical records should be aware of the growing demand for stolen medical records and of the advances in the threat landscape. It is increasingly important to educate employees about cybersecurity and to develop advanced defenses, especially for older, more vulnerable medical systems.