How hackers steal Medical Records for sale on the Black Market

Healthcare facilities are becoming more susceptible to cyberattacks as they continue to digitize patient records. Hackers are constantly looking for loopholes in the security of medical systems so they can steal sensitive patient data. PHI and PII are the terms used to describe this data. PHI refers to any data, including medical records, insurance information, and prescription information, that can be used to determine a person’s health status or level of care. PII is any information that can be used to identify a specific person, including that person’s name, address, social security number, and date of birth. This article will look at how hackers resell PHI/PII and medical records on the dark web.

An overview of the black market.

The underground economy of illegal activities is referred to as the “black market.”. The black market’s use of cybercrime has grown more lucrative in recent years. The average price of a data breach in the healthcare sector is $7.13 million, according to a report by IBM Security. As a result, PHI/PII and medical records have become valuable commodities on the black market. In order to commit various types of fraud, including identity theft, insurance fraud, and prescription fraud, hackers can sell this information to other cybercriminals.

Medical records and PHI/PII Obtaining Techniques.

Medical records and PHI/PII are obtained by hackers using a variety of techniques. Phishing is a popular technique in which a hacker sends an email purporting to be from a trustworthy source, like a healthcare organization. The email might include a link to a fake website that impersonates the company’s login page and requests the user’s login information. In order to access the organization’s system and obtain patient data, the hacker can use these credentials.

Exploiting system flaws within the company is another strategy. In order to access patient data, hackers can use software tools to search for systemic flaws and exploit them. Malware, a class of software created to infect a computer system and grant the hacker remote access, can be used to accomplish this. A system can get malware installed on it in a number of ways, including by downloading infected files from the internet or opening email attachments.

Lastly, physical devices that contain sensitive information, like laptops or smartphones, can be stolen by hackers in order to obtain patient data. This is a less common way to obtain patient data and is referred to as physical theft.

the sale of PHI/PII and medical records.

Medical records and PHI/PII can be sold on the black market once the hacker has them. The dark web, a section of the internet that is not indexed by search engines and is only accessible through particular software, is where the data is frequently sold. Cybercriminals frequently purchase and sell illegal goods and services on the dark web, which serves as their haven.

Since selling PHI/PII in bulk is more lucrative than selling individual records, hackers frequently sell medical records and PHI/PII in this manner. Information like name, date of birth, social security number, and medical history are frequently sold along with the data in packages. Depending on the quantity, quality, and market demand for the data, the price of the data can change. In general, the more complete and current the data, the more valuable it is on the black market.

Medical records and PHI/PII Breaches’ Effects.

Breach of PHI/PII and medical records can have catastrophic effects on patients and healthcare organizations. Identity theft, financial fraud, and even medical fraud can hurt patients. When a hacker uses the patient’s information to get prescriptions or medical services in their name, that is considered medical fraud. This may result in inaccurate medical records, incorrect diagnoses, and potentially harmful drug interactions.

The sale of PHI/PII data on the black market is illegal, and it has serious negative effects for the people whose data is stolen, as is important to remember. Selling this kind of data on the black market does not have any justifiable economic advantages. However, it’s important to talk about some of the causes behind cybercriminals’ actions.

Profit is one of the main drivers behind selling PHI/PII data. On the black market, this information is very valuable, and cybercriminals can make a sizable profit by selling it. The average price of a compromised medical record is $429, according to a Ponemon Institute study. This is a lot more expensive than the typical record theft cost in other industries. The high value of medical records and PHI/PII data makes it a desirable target for cybercriminals.

The simplicity of its sale is another element that encourages the sale of PHI/PII data on the black market. For cybercriminals to buy and sell stolen data, the dark web offers a comparatively secure and anonymous marketplace. Using cryptocurrencies like Bitcoin also makes it simpler to carry out transactions covertly.

PHI/PII data sales on the black market occasionally serve political or ideological ends as well. For instance, cybercriminals with political motivations may steal and sell medical records in order to highlight security flaws in a specific healthcare organization or to draw attention to a certain issue.

It’s crucial to remember that the sale of PHI/PII data on the black market has serious drawbacks for both individuals and society as a whole. This kind of information can be stolen, which can lead to identity theft, financial fraud, medical fraud, and other types of harm. Healthcare organizations may experience financial losses, legal action, reputational harm, and other consequences as a result of a data breach, all of which can have a significant effect.

To sum up, selling PHI/PII data on the black market may be financially lucrative for cybercriminals, but it is also a prohibited and unethical activity that has serious negative effects on both the people involved and society as a whole. Both healthcare organizations and individuals must take precautions to safeguard their private information and guard against data breaches. This entails putting into practice robust cybersecurity measures, such as encryption, two-factor authentication, and regular security audits, as well as exercising caution and vigilance when engaging in online activity and disclosing personal information.

Medical Device Software Security

In today’s healthcare, medical devices are crucial tools. They are employed in the diagnosis and treatment of patients, the monitoring of vital signs, and the gathering and storage of private patient data. Medical devices are, however, becoming more susceptible to cyberattacks as they become more sophisticated and connected. The integrity of the healthcare system as a whole is seriously threatened, as well as patient safety and privacy. Making sure that their equipment is secure and that patient data is protected is therefore crucial for medical device manufacturers and healthcare organizations.

Threat Environment for Medical Devices.

Medical device security threats are constantly changing. Malware attacks, network intrusions, and unauthorized access to patient data have all occurred in recent years as part of numerous high-profile cyberattacks on medical devices. Some of the main dangers to the security of medical devices include:

Malware: Malware, including viruses and Trojan horses, can infect medical equipment and cause it to malfunction or steal private data.

Network breaches: Healthcare networks, which are susceptible to cyberattacks, frequently connect medical devices. If a network is breached, an attacker might be able to access the medical devices connected to the network and take private patient data.

Access without authorization: Medical equipment may hold private patient data, including test results, medical histories, and health records. Unauthorized access to this data may result in privacy violations, identity theft, and financial fraud.

Supply chain attacks: During any stage of development and production, including the acquisition of components, creation of software, and distribution of devices, medical devices may be subject to cyberattacks.

Employees who have malicious intentions are an example of an insider threat that can seriously jeopardize the security of a medical device. An employee who has access to confidential patient information, for instance, could steal that information or tamper with medical equipment to harm patients.

Medical Device Security Regulatory Frameworks.

Depending on the kind of device and the nation where it is used, various regulatory frameworks may apply to medical devices. The following are a few of the main legal frameworks for medical device security.

FDA’s Cybersecurity for Medical Devices Guidance: The FDA is the primary American regulatory body for medical devices. It has released cybersecurity guidance for medical device manufacturers and healthcare providers, which offers suggestions on how to secure their products and safeguard patient data. The recommendations cover a wide range of topics, including risk assessment and management, device authentication and access control, data encryption and protection, and software security (Food and Drug Administration, 2019).

Health Insurance Portability and Accountability Act (HIPAA): HIPAA is a U.S. S. a piece of legislation that establishes guidelines for the protection of PHI. It covers medical equipment that manages PHI, including electronic medical record systems and personal health record gadgets HIPAA demands.

The Many Faces of Phishing

With the increasing number of cyberattacks being carried out on several different organizations ranging from government entities to manufacturing companies at an all-time high, most, if not all organizations find themselves searching for cybersecurity solutions catered to their industry. One of the forms of such attacks that threaten the security and integrity of your data is phishing. 


Phishing can be defined as an attempt to steal personal or sensitive information through malicious email, website, or any such channel by posing as a trustworthy organization, brand, or company. Many phishers use fake websites contained within legitimate looking emails to obtain sensitive information or data, such as usernames, passwords and credit card details. These seemingly legitimate looking websites tend to disguise themselves as banking portals, online payment sites, or social media sites in order to lure people to their fake websites, which feel and look strikingly normal and official. This very convincing approach is what makes phishing so effective and falling into the trap so easy for even the most suspecting.   

According to survey data 38% of respondents said their coworker were victim to a phishing attack within the last year.  53% of people surveyed said that since the COVID-19 pandemic, an increase of phishing activity has been observed.  

Such exploitation of weak web security is driving people towards looking into cybersecurity solutions using which they can protect the integrity of their data and personal information.  

Therefore, you should always remain wary of any such attacks. The following is a list of the most common types of phishing attacks and below each heading we provide guidance on how you can identify and defend yourself against each type. 


Deceptive Phishing 

This type of phishing consists of attackers posing as an actual website or brand and asking for personal details and credentials by taking you to their fake URL which is a carbon copy of the original.  

Such can be avoided by detecting any unprofessional language or grammar mistakes in the email or anything suspicious in the URL of the site you are taken to. 

Spear Phishing 

Over 91% of the phishing attacks carried out on the internet are spear attacks and are often quite successful. By collecting personal information on the victim including their name, location, position at the company, address, phone number etc., it creates a sense of trust, which increases the chances the victim will be convinced into clicking the malicious URL.

There now exist many services that can offer you solutions for this problem in the form of phishing analyzers that scan out suspicious mail. Employee training is also an effective way organizations can defend themselves from this effective method of bypassing your security controls.

Search Engine Phishing 

With the popularity of ecommerce and online shopping on the rise, it is understandable that attackers are also modifying their approach to avail their chances. Phishers would set up online shopping and service sites, utilizing effective Search Engine Optimization (SEO) techniques, which one in-turn land them on a search engine index. As a result, many more people are tricked into giving these sites their sensitive information such as banking information or credit card details.   

In order to avoid falling for this tactic, look out for suspiciously cheap offers and avoid signing up on unfamiliar websites or registering for free offers.  


Email gateways can help you achieve the kind of impenetrable security that will protect you from all kinds of phishing attempts and make your accounts fully secure. You can ensure that your email accounts are as safe as they should be and that your information and conversations remain at low risk.  

Scroll to top