Although the value of health records on the dark web has declined, hackers are increasingly selling the personal health data of deceased patients for cryptocurrencies online, according to a column on Threatpost by Cynerio security researcher Oren Koriat.
The Cynerio research team found a dark web listing for 140 million records including Social Security numbers that were stolen from a medical database — 60,000 of the records also included a death date. The online vendor is seeking about $2.00 per record; however, that price declines if the purchaser buys records in bulk.
Medical records are often used in combination with other forms of personal information to carry out more sophisticated fraud, writes Mr. Koriat. In addition to financial fraud, patient health data can be used to illegally obtain medical supplies or enroll in health insurance. One post the researchers found on the dark web described how the data could be used to order prescription drugs, book a medical appointment or have prescribed drugs delivered.
When committing fraud, the ideal victims are those that can't file complaints — in other words, those who are dead — because the fraud could fly under the radar for a long time. An AARP bulletin cited in the column claims criminals use the identities of nearly 2.5 million deceased Americans each year to commit fraud.
"[H]ealthcare organizations that collect, store and transfer medical records should be aware of the growing demand for protected health information and the advanced (sic) in the threat landscape," Mr. Koriat writes. "It is increasingly important to educate employees about cybersecurity and to develop advanced defenses, especially for older, more vulnerable medical systems."