It might seem like your medical records are safe from hackers. Who would even want to know the details of a stranger’s medical history?
But two major security breaches over this past week have once again proven again that hackers are very interested in your medical records, and they’re willing to go to great lengths to access them.
Cybercriminals Infiltrate Two Hospitals
Last week was rough for the medical industry as two hospital groups were hacked. Leon Medical Centers, which has eight locations in Miami, and Nocona General Hospital, which serves three Texas locations, were both infiltrated.
According to NBCNews, the cybercriminals made off with tens of thousands of files containing patients’ personal medical information.
The files contained everything from scanned diagnostic results, letters to insurers, employee background checks, and worst of all–colonoscopy results with full names included.
Leon Medical Centers released a full list of stolen information, including:
- Contact information
- Social Security number
- Financial information
- Date of birth
- Family information
- Medical record number
- Medicaid number
- Prescription information
- Medical and/or clinical information, including diagnosis and treatment history, and health insurance information
Leon Medical Centers have notified the U.S. Department of Health and Human Services are investigating the breach.
Cyber attacks on the medical industry have been increasing in recent years, but what makes this particular breach so baffling is that the hackers quickly released their files onto the dark web. Which, as you’ll see, has not been the standard operating procedure.
What Do Hackers Want With Your Medical Records?
Hackers not only had a busy week, but they’ve also had a busy couple of years. According to a survey by cybersecurity firm Emsisoft, at least 560 medical providers were attacked with ransomware in 2020.
The attackers will infect a hospital’s network with ransomware, locking up the computers and making them inoperable. They’ll then demand a ransom to unlock the computers.
When the University of Vermont Health Network was breached last year, it lost an estimated $1.5 million per day and had to furlough 300 employees.
Check out this video on hackers who target the medical industry:
If the hospitals refuse to comply, the hackers may threaten to spread the victims’ information online. It’s not clear if the hacker group demanded ransom from Leon Medical Centers and Nocona General Hospital.
According to James Scott, author of Your Life, Repackaged and Resold: The Deep Web Exploitation of Health Sector Breach Victims, once the hackers steal the files, the information will ‘go dark’ for a while before returning in a variety of ways.
The hackers aim to build packages called ‘fullz’ and ‘identity kits.’ Scott says these packages will usually include “all the intricacies of a person’s health history, preferred pharmacy, literally everything.”
From there, hackers will take their information onto the deep web to secure counterfeit passports, ID cards, and social security cards. Once the full kit is completed, they can sell for up to $2,000 a pop, says Scott.
What Can You Do to Protect Yourself?
Unfortunately, it’s mostly up to the medical groups to provide security for their patients’ records. And as we saw in 2020, even major cybersecurity firms can be hacked.
But there are a few cyber hygiene tips you can implement to keep yourself safer. If you have an online account with a healthcare group, be sure it’s secured well.
Use a long, varied password and enable two-factor authentication if possible.
If you’re one of the unlucky people whose medical provider has been hacked and you’re worried about identity theft, there are steps you can take to help mitigate the damage.
And if you think that one of your personal accounts has been hacked, reach out to us immediately.
Featured image by Sergey Nivens via Shutterstock.