data breach

Protected Health Information Is Valuable on the Dark Web

Data stolen from healthcare providers continues to be a high value target among cybercriminals. In 2017, the U.S. healthcare sector experienced over 330 data breaches -- a number grew in 2018 to 363 breaches.[1] Among all industries, the prices paid for stolen health information are among the highest - topping some $380 per stolen record in 2017. That number is considerably higher for U.S. data compared to the global average of $141 per record.[2]

Such information is a valuable commodity to identity thieves. As the Federal Trade Commission recognizes, with identity thieves can commit an array of crimes including identify theft, medical and financial fraud.[3] Indeed, a robust “cyber black market” exists in which criminals openly post stolen data on multiple underground Internet websites.

While credit card information and associated PII can sell for as little as $1-$2 on the black market, protected health information, known as PHI, can sell for as much as $363 according to the Infosec Institute. This is because one’s personal health history (e.g., ailments, diagnosis, surgeries, etc.) cannot be changed.[4]It is considered static.Thus,PHI is particularly valuable because criminals can use it to target victims with frauds and scams that take advantage of the victims’ medical conditions or victims’ settlements. It can be used to create fake insurance claims, allowing for the purchase and resale of medical equipment, or to gain access to prescriptions for illegal use or resale.