Medical Records of U.S. Citizens Vulnerable to Attacks
Hacked: Hacking Finance


Medical Records of U.S. Citizens Vulnerable to Attacks

Posted on .

Medical Records of U.S. Citizens Vulnerable to Attacks


This article was posted on Friday, 18:07, UTC.

The exposé of the hacker group Fancy Bear about the medical records of famous American athletes is just a tip of the iceberg of the vulnerability of the medical records of American citizens.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

In August 2016 alone, health data security company Protenus reported that 8,804,608 medical records of U.S. citizens were breached.

Network breach

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Protenus added that 29% of the breaches involved hacking, malware or the increasing menace of ransomware. One incident alone, involving 3,620,000 medical records, was a result of hacking, according to Protenus.

While this over 8 million breach may seem staggering, the number of patient records breached reached 11 million in June 2016 alone. The bulk (10.3 million) of these breached patient records is attributed to one hacking incident, the health data security company reported.

Protenus added that a total of 126,930 breached patient records was reported in July this year alone. The largest single breach in July 2016, involving 23,565 records, was the handiwork of the hacker group that goes by the name TheDarkOverlord.

// -- Get exclusive consultation for as low as $249 per month on -- //

In the report entitled “Your Life, Repacked and Resold: The Deep Web Exploitation of Health Sector Breach Victims” published by the Institute for Critical Infrastructure Technology (ICIT), almost 100 million of the  compromised medical records in 2015 came from just three hacking incidents of these three American health insurance companies: Anthem Inc., Premera Blue Cross, and Excellus Health Plan Inc.

In June this year, security researcher Dissent Doe reported that the hacker group TheDarkOverlord tried to sell on the deep web 9.3 million medical records from an unnamed U.S. health insurer for the price of 750 Bitcoin, roughly $500,000.

Why cyber attacks in the health sector succeed?

As early as April 2014, in a bulletin published on the American Hospital Association website, the FBI warned that “The deadline to transition to EHR is January 2015, which will create an influx of new EHR coupled with more medical devices being connected to the Internet, generating a rich new environment for cyber criminals to exploit.”

Way back in 2014, the FBI bulletin stated that cyber criminals were selling patient records on the black market at a rate of $50 for every partial EHR. The FBI added that EHR can then be used to advance identity theft, obtain prescription medication or to file fraudulent insurance claims.

According to ICIT [PDF], one of the reasons why cyber attacks in the health sector are successful is that a U.S. law – the Affordable Care Act – has increased healthcare providers’ incentive to transition to EHR without requiring an investment in software, hardware or IT staff.


The EHR, which stands for Electronic Health Record (EHR), is a digital version of a patient’s medical chart. It contains basic identification data of the patient, vital signs, health problems, medications, past medical history, immunizations and laboratory reports.

According to the Office for Civil Rights of the U.S. Department of Health and Human Services, in August this year, Advocate Health Care Network paid the Department $5.55 million to settle a data breach case. To date, the Advocate settlement is the largest settlement involving a single entity.

In 2013, Advocate reported to the Office for Civil Rights several breach incidents involving its subsidiary, Advocate Medical Group. Four million individuals were affected by the cyber attacks against Advocate.

“We hope this settlement sends a strong message to covered entities that they must engage in a comprehensive risk analysis and risk management to ensure that individuals’ ePHI (electronic protected health information) is secure,” Jocelyn Samuels, Director of the Office for Civil Rights, said in a statement.

In July this year, the Oregon Health & Science University and University of Mississippi Medical Center paid the Department close to $2.7 million each to settle their respective data breach cases.

Images from Shutterstock and iStock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.

Feedback or Requests?

Ellen Red

Ellen Red

There are no comments.

View Comments (0) ...
The team:
Dmitriy Lavrov
Dmitriy Lavrov is a professional trader, technical analyst and money manager with 10 years of trading experience. He covers Forex, Commodities and Cryptocurrencies. He is among the top 10 most Read More
Jonas Borchgrevink
Jonas Borchgrevink is the founder of and He is a serial entrepreneur, trader and investor. He shares his own personal journey on // -- Discuss and ask Read More
P.H. Madore
ICO Analyst
P. H. Madore lives in Arkansas with his wife and children. He has covered the cryptocurrency beat over the course of hundreds of articles for Hacked’s sister site, CryptoCoinsNews, as Read More
Mate Csar
Trader and financial analyst, with 10 years of experience in the field. An expert in technical analysis and risk management, but also an avid practitioner of value investment and passive Read More
Justin O’Connell
Justin O’Connell is a cryptocurrency journalist who works have appeared in the U.S.’s third largest weekly, the San Diego Reader & VICE. // -- Discuss and ask questions in our community Read More
Mati Greenspan
Senior Market Analyst at // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Important: Never invest Read More
Rakesh Upadhyay
Rakesh Upadhyay is a Technical Analyst and Portfolio Consultant for The Summit Group. He has more than a decade of experience as a private trader. His philosophy is to use Read More
Pamela Meropiali
Account Manager
Pamela Meropiali is responsible for users on // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Read More
Joseph Young
Joseph Young is a finance and tech journalist & analyst based in Hong Kong. He has worked with leading media and news agencies in the technology and finance industries, offering Read More
An exotic "impossible" space propulsion technology known as "Cannae Drive,"…