Month: February 2023

How hackers steal Medical Records for sale on the Black Market

Healthcare facilities are becoming more susceptible to cyberattacks as they continue to digitize patient records. Hackers are constantly looking for loopholes in the security of medical systems so they can steal sensitive patient data. PHI and PII are the terms used to describe this data. PHI refers to any data, including medical records, insurance information, and prescription information, that can be used to determine a person’s health status or level of care. PII is any information that can be used to identify a specific person, including that person’s name, address, social security number, and date of birth. This article will look at how hackers resell PHI/PII and medical records on the dark web.

An overview of the black market.

The underground economy of illegal activities is referred to as the “black market.”. The black market’s use of cybercrime has grown more lucrative in recent years. The average price of a data breach in the healthcare sector is $7.13 million, according to a report by IBM Security. As a result, PHI/PII and medical records have become valuable commodities on the black market. In order to commit various types of fraud, including identity theft, insurance fraud, and prescription fraud, hackers can sell this information to other cybercriminals.

Medical records and PHI/PII Obtaining Techniques.

Medical records and PHI/PII are obtained by hackers using a variety of techniques. Phishing is a popular technique in which a hacker sends an email purporting to be from a trustworthy source, like a healthcare organization. The email might include a link to a fake website that impersonates the company’s login page and requests the user’s login information. In order to access the organization’s system and obtain patient data, the hacker can use these credentials.

Exploiting system flaws within the company is another strategy. In order to access patient data, hackers can use software tools to search for systemic flaws and exploit them. Malware, a class of software created to infect a computer system and grant the hacker remote access, can be used to accomplish this. A system can get malware installed on it in a number of ways, including by downloading infected files from the internet or opening email attachments.

Lastly, physical devices that contain sensitive information, like laptops or smartphones, can be stolen by hackers in order to obtain patient data. This is a less common way to obtain patient data and is referred to as physical theft.

the sale of PHI/PII and medical records.

Medical records and PHI/PII can be sold on the black market once the hacker has them. The dark web, a section of the internet that is not indexed by search engines and is only accessible through particular software, is where the data is frequently sold. Cybercriminals frequently purchase and sell illegal goods and services on the dark web, which serves as their haven.

Since selling PHI/PII in bulk is more lucrative than selling individual records, hackers frequently sell medical records and PHI/PII in this manner. Information like name, date of birth, social security number, and medical history are frequently sold along with the data in packages. Depending on the quantity, quality, and market demand for the data, the price of the data can change. In general, the more complete and current the data, the more valuable it is on the black market.

Medical records and PHI/PII Breaches’ Effects.

Breach of PHI/PII and medical records can have catastrophic effects on patients and healthcare organizations. Identity theft, financial fraud, and even medical fraud can hurt patients. When a hacker uses the patient’s information to get prescriptions or medical services in their name, that is considered medical fraud. This may result in inaccurate medical records, incorrect diagnoses, and potentially harmful drug interactions.

The sale of PHI/PII data on the black market is illegal, and it has serious negative effects for the people whose data is stolen, as is important to remember. Selling this kind of data on the black market does not have any justifiable economic advantages. However, it’s important to talk about some of the causes behind cybercriminals’ actions.

Profit is one of the main drivers behind selling PHI/PII data. On the black market, this information is very valuable, and cybercriminals can make a sizable profit by selling it. The average price of a compromised medical record is $429, according to a Ponemon Institute study. This is a lot more expensive than the typical record theft cost in other industries. The high value of medical records and PHI/PII data makes it a desirable target for cybercriminals.

The simplicity of its sale is another element that encourages the sale of PHI/PII data on the black market. For cybercriminals to buy and sell stolen data, the dark web offers a comparatively secure and anonymous marketplace. Using cryptocurrencies like Bitcoin also makes it simpler to carry out transactions covertly.

PHI/PII data sales on the black market occasionally serve political or ideological ends as well. For instance, cybercriminals with political motivations may steal and sell medical records in order to highlight security flaws in a specific healthcare organization or to draw attention to a certain issue.

It’s crucial to remember that the sale of PHI/PII data on the black market has serious drawbacks for both individuals and society as a whole. This kind of information can be stolen, which can lead to identity theft, financial fraud, medical fraud, and other types of harm. Healthcare organizations may experience financial losses, legal action, reputational harm, and other consequences as a result of a data breach, all of which can have a significant effect.

To sum up, selling PHI/PII data on the black market may be financially lucrative for cybercriminals, but it is also a prohibited and unethical activity that has serious negative effects on both the people involved and society as a whole. Both healthcare organizations and individuals must take precautions to safeguard their private information and guard against data breaches. This entails putting into practice robust cybersecurity measures, such as encryption, two-factor authentication, and regular security audits, as well as exercising caution and vigilance when engaging in online activity and disclosing personal information.

Incident Response and Recovery for Hospitals

Hospitals and other healthcare institutions are increasingly being targeted by cyberattacks. These attacks frequently involve the theft or ransom of patient data, the interruption of medical services, and the destruction of vital medical systems. A cyberattack can have devastating effects on the hospital as well as the patients who rely on it for medical care. Hospitals must therefore have an incident response strategy in place to quickly recognize, respond to, and recover from a cyber attack.

Incident Response Plan.

The procedures to be followed in the event of a cybersecurity incident are outlined in an incident response plan (IRP). It is a vital tool that enables organizations to react to incidents quickly and successfully. The IRP for hospitals should take into account the particular requirements of healthcare organizations and the patients they treat.

The identification of the vital systems and data that must be protected is the first step in creating an IRP. This includes patient monitoring systems, imaging systems for use in medicine, and other medical apparatus linked to the hospital’s network. The hospital should create a strategy to safeguard its critical systems and data once those systems and data have been identified.

The next step is to decide who and what teams will be in charge of responding to cybersecurity incidents. This includes the hospital’s senior management, security team, legal team, and IT department. To ensure a well-coordinated response, the IRP should also specify the roles and responsibilities of each team member.

Procedures for reporting and responding to incidents should be part of the IRP. Included in this is a precise explanation of what constitutes an incident, who needs to be notified, and how the incident can be escalated if necessary. The IRP should also outline procedures for recovering from the incident as well as guidelines for containing and lessening its effects.

Process for Incident Response.

The incident response team at the hospital should follow the steps outlined in the IRP in the event of a cybersecurity incident. The first step is to evaluate the incident’s seriousness and decide whether a security breach has occurred. The incident response team should immediately contain the incident if a breach is confirmed in order to limit further harm.

Investigating the incident in order to ascertain the size and type of the attack is the next step. This entails figuring out which systems and data have been compromised and gauging the effect on patient care. The incident response team should also compile data to back up the investigation and, if required, contact law enforcement.

Following the conclusion of the investigation, the incident response team should create a strategy to lessen the effects of the incident. This involves repairing damaged systems, retrieving lost data, and making sure patient care is not jeopardized. As part of its investigation into the incident, the incident response team should look for any weaknesses in the hospital’s cybersecurity measures and update the IRP accordingly.

Recuperation Method.

The incident response plan’s recovery process is an essential element. In addition to ensuring that patient care is not jeopardized, it entails returning the hospital’s systems and data to their pre-incident state. Following the containment of the incident and the conclusion of the investigation, the recovery process should start as soon as is practical.

Restoring the hospital’s vital systems and data is the first step in the restoration process. The restoration of EHRs, medical imaging systems, and other affected medical devices is included in this. The hospital should also make sure that backup plans are in place to stop data loss in the future.

Reviewing the incident and finding any cybersecurity defense gaps at the hospital is the next step. As part of this, policies and procedures must be reviewed, security controls must be evaluated for effectiveness, and improvement opportunities must be found. In order for the incident response plan to accurately reflect the lessons learned from the incident, the hospital should also update it.

Hospitals need an incident response strategy to quickly recognize, respond to, and recover from a cyber attack.

The top 10 hospital cyberattacks over the last 10 years

In the past ten years, cyberattacks on hospitals have increased in frequency. Due to the abundance of sensitive financial and personal data that hospitals store, the healthcare sector is a popular target for hackers. These attacks can have devastating effects, including the loss of vital data, a halt in business operations, and in extreme circumstances, even human life.

The top 10 hospital cyberattacks over the previous ten years are listed below.

  1. the 2017 WannaCry ransomware attack.

One of the biggest ransomware attacks to date, WannaCry affected over 200,000 computers across more than 150 countries. As patient data and medical records were encrypted by the malware, rendering them inaccessible to hospital staff, the attack was especially harmful to hospitals. Hospital operations were severely disrupted as a result of the attack, which delayed patient care and put lives in danger.

2. 2015 saw the data breach at Anthem.

One of the biggest US health insurance companies, Anthem, experienced a data breach in 2015 that resulted in the compromise of the personal information of 80 million patients. It was a prime target for identity theft because the breach exposed social security numbers, birth dates, and addresses.

3. Dragon-sponsored operation (2012).

Hospitals were among the healthcare organizations in the US that were targeted in 2012 by the Chinese hacker collective “Comment Crew.”. Sensitive data including patient records, financial information, and designs for medical equipment were taken by the group. The assault was a part of a larger operation called “Operation Sponsored by the Dragon,” which hit a number of industries, including healthcare.

4. Data breach at UCLA Health System.

Over 4 million patients’ personal data were compromised in a data breach that targeted the UCLA Health System in 2014. An employee’s email account was used by a hacker to access the system, which led to the breach. Social security numbers, birth dates, and addresses are examples of sensitive data that the assailant was able to steal.

5. ransomware attack (2016) on Hollywood Presbyterian Medical Center.

In 2016, a ransomware attack targeted Hollywood Presbyterian Medical Center, encrypting its computer systems and preventing hospital staff from accessing patient data. To regain access to its data, the hospital was required to pay a ransom of 40 Bitcoins, which were worth around $17,000 at the time.

6. Breach of data at Community Health Systems (2014).

Over 4 million patients’ personal data were compromised in a data breach that the Community Health Systems experienced in 2014. A hacker who entered the system via a third-party vendor was responsible for the breach. Social security numbers, birth dates, and addresses are examples of sensitive data that the assailant was able to steal.

7. Cyberattack on Blackbaud (2020).

Hospitals among other healthcare organizations, including the cloud-based software provider Blackbaud, experienced a data breach in 2020. Millions of patients were at risk of identity theft as a result of the breach, which saw sensitive data like social security numbers, birth dates, and addresses stolen.

8. Ransomware attack on MedStar Health. (2016)

A ransomware attack that encrypted the computer systems of the MedStar Health system in 2016 prevented hospital staff from accessing patient data. The attack severely disrupted hospital operations, which delayed patient care and endangered lives.

9. 2019 data breach at MultiCare Health System.

Over 500,000 patients’ personal data were compromised by a data breach at the MultiCare Health System in 2019. A hacker who used an employee’s email account to access the system was responsible for the breach. Social security numbers, dates of birth, and addresses were among the private data the attacker was able to take.

10. Data breach at Memorial Healthcare System (2019).

Over 115,000 patients’ personal data were compromised in a data breach that occurred at Florida’s Memorial Healthcare System in 2019. A third-party vendor who was using the system for maintenance purposes was the culprit of the breach. Due to the vendor’s credentials being compromised, the attacker was able to obtain private data including addresses, dates of birth, and social security numbers.

These cyberattacks show how susceptible the healthcare sector is to them and how urgently necessary it is for hospitals to take preventative action to safeguard patient information. The effects of these attacks may be severe and far-reaching, resulting in the loss of operations, the theft of private data, and in some extreme cases, even human life.

It’s crucial to implement strong security measures, such as installing firewalls, encrypting sensitive data, updating software frequently, and teaching staff to spot and report suspicious activity, to prevent cyber attacks on hospitals. A thorough incident response plan should also be in place at hospitals to ensure a quick reaction to any potential breaches. Hospitals can safeguard patient data and avoid a lapse in vital medical care by taking these precautions.

Medical Device Software Security

In today’s healthcare, medical devices are crucial tools. They are employed in the diagnosis and treatment of patients, the monitoring of vital signs, and the gathering and storage of private patient data. Medical devices are, however, becoming more susceptible to cyberattacks as they become more sophisticated and connected. The integrity of the healthcare system as a whole is seriously threatened, as well as patient safety and privacy. Making sure that their equipment is secure and that patient data is protected is therefore crucial for medical device manufacturers and healthcare organizations.

Threat Environment for Medical Devices.

Medical device security threats are constantly changing. Malware attacks, network intrusions, and unauthorized access to patient data have all occurred in recent years as part of numerous high-profile cyberattacks on medical devices. Some of the main dangers to the security of medical devices include:

Malware: Malware, including viruses and Trojan horses, can infect medical equipment and cause it to malfunction or steal private data.

Network breaches: Healthcare networks, which are susceptible to cyberattacks, frequently connect medical devices. If a network is breached, an attacker might be able to access the medical devices connected to the network and take private patient data.

Access without authorization: Medical equipment may hold private patient data, including test results, medical histories, and health records. Unauthorized access to this data may result in privacy violations, identity theft, and financial fraud.

Supply chain attacks: During any stage of development and production, including the acquisition of components, creation of software, and distribution of devices, medical devices may be subject to cyberattacks.

Employees who have malicious intentions are an example of an insider threat that can seriously jeopardize the security of a medical device. An employee who has access to confidential patient information, for instance, could steal that information or tamper with medical equipment to harm patients.

Medical Device Security Regulatory Frameworks.

Depending on the kind of device and the nation where it is used, various regulatory frameworks may apply to medical devices. The following are a few of the main legal frameworks for medical device security.

FDA’s Cybersecurity for Medical Devices Guidance: The FDA is the primary American regulatory body for medical devices. It has released cybersecurity guidance for medical device manufacturers and healthcare providers, which offers suggestions on how to secure their products and safeguard patient data. The recommendations cover a wide range of topics, including risk assessment and management, device authentication and access control, data encryption and protection, and software security (Food and Drug Administration, 2019).

Health Insurance Portability and Accountability Act (HIPAA): HIPAA is a U.S. S. a piece of legislation that establishes guidelines for the protection of PHI. It covers medical equipment that manages PHI, including electronic medical record systems and personal health record gadgets HIPAA demands.

The P.A.T.C.H Act – The future of securing medical devices

The Protecting Medical Devices from Cyber Attacks Act, also known as the PATCH Act (S.1690), is a proposed legislation aimed at improving the cybersecurity of medical devices in the United States (Congress, 2019). With the increasing number of connected medical devices, such as pacemakers, insulin pumps, and ventilators, there is a growing threat of cyber attacks which could compromise the safety and efficacy of the devices, potentially leading to serious injury or death (FDA, 2021).

The PATCH Act was introduced in the United States Congress in 2019 and has been referred to the Committee on Energy and Commerce (Congress, 2019). The act aims to address the growing threat of cyber attacks on medical devices by requiring the Food and Drug Administration (FDA) to establish cybersecurity standards for medical devices and to establish a process for addressing vulnerabilities in these devices (S.1690, 2019).

Under the PATCH Act, the FDA would be required to develop a framework for evaluating the cybersecurity of medical devices before they are approved for use (S.1690, 2019). This framework would include criteria for evaluating the device’s security features, the potential risks of a cyber attack, and the device’s potential impact on patient safety (S.1690, 2019). The FDA would also be required to establish a process for identifying and addressing vulnerabilities in medical devices that are already in use (S.1690, 2019).

The PATCH Act would also require manufacturers of medical devices to report any known vulnerabilities in their products to the FDA, as well as to take steps to address these vulnerabilities (S.1690, 2019). Manufacturers would also be required to provide cybersecurity training to their employees and to work with the FDA to develop best practices for cybersecurity in the medical device industry (S.1690, 2019).

In addition to these requirements, the PATCH Act would establish a grant program to fund research into the development of new cybersecurity technologies for medical devices (S.1690, 2019). This program would be administered by the National Institute of Standards and Technology (NIST) and would aim to support the development of innovative solutions to protect medical devices from cyber attacks (S.1690, 2019).

Overall, the PATCH Act is an important step towards improving the cybersecurity of medical devices in the United States (FDA, 2021). By establishing standards for the evaluation and protection of these devices, the PATCH Act would help ensure the safety and efficacy of medical devices for patients and healthcare providers (S.1690, 2019).

References: Congress. (2019). S.1690 – Protecting Medical Devices from Cyber Attacks Act of 2019. Retrieved from

Food and Drug Administration. (2021). Medical Devices and the COVID-19 (Coronavirus) Pandemic. Retrieved from

S.1690 – Protecting Medical Devices from Cyber Attacks Act of 2019. (2019). Retrieved from

Scroll to top