Why PHI is 10 Times More Valuable Than a SSN on the Black Market

When you think of a hacker, you probably picture an un-showered, fat guy sitting in his parent’s basement trying to access your bank account.

But things have changed!

The days of the lone wolf bank account hacker are over. Yesterday’s bush league hackers have become today’s slick cyber criminals, and they are working together to wreak havoc on healthcare companies.

There are entire organizations devoted to running healthcare phishing, malware, and ransomware scams to get past cyber security systems and infiltrate personal health information (PHI). These groups have legit business models and they have the resources to determine if it’s worth the cost and time to access an organization’s data.

This model is working so well that cyber attacks in healthcare are on the rise in a major way. In 2016, 93 major cyberattacks hit healthcare organizations, up from 57 in 2015. A study by Redspin found that healthcare cyber attacks resulting in data breaches increased 320% from 2015 to 2016.

Why is Healthcare So Attractive to Hackers?

Well, turns out PHI is worth a pretty penny. In 2014, the FBI warned healthcare organizations that personal health data is worth 10 times the amount of personal credit card data on the black market. The data for sale includes names, birth dates, policy numbers, diagnosis codes and billing information.

People buy this information and use it to create fake IDs to buy medical equipment or drugs that can be resold on the street. They also combine patient numbers with false provider numbers to file fake claims with insurers.

It can take providers or patients years to spot healthcare identity theft, giving criminals plenty of time to milk that information for as much cash as possible. In general, banks spot credit card fraud early on and freeze accounts, making credit card and financial data much less desirable.

On top of that, healthcare is – once again – behind the times when it comes to data safety. Most healthcare organizations use outdated computer systems that are easy to hack. Plus, new healthcare technology changes so quickly that security measures can’t keep up.

The cost of a data breach is not cheap. A 2016 study found that a data breach costs about $355 for every single stolen patient record. The average total cost of a data breach is about $4 million. That means it’s worth the upfront cost to invest in a security strategy that will keep data safe.

How Can Healthcare Organizations Keep Data Safe?

Cyber criminal rings run like a legit business. They take a look at the ROI before hacking a healthcare system to determine if the resulting payoff will be worth the time and energy it takes to steal PHI. If healthcare companies have strong security measures in place, they are less likely to get targeted.

There are a few measures all healthcare organizations can take to keep information safer. And, trust me, this applies to everyone. That means hospitals, doctor’s offices, surgeon’s offices, insurance companies – any type of organization that houses patient data – YOU!

As Healthcare Sales Professional, we come in contact with patient information every day. Some of us even have access to and store this data on our devices.

Here are a few things our customers should be implementing or contemplating implementing:

  1. Protect email accounts. Healthcare providers should use a tool that scans incoming email messages in real time in order to spot suspicious messages and filter them out before someone clicks a phishing link. On top of that, every employee should be aware of suspicious emails. If something seems a little “off,” they should know how to report it right away.
  1. Speaking of reporting…for the love of God, everyone needs some sort of security software or service in place. This is something that can be outsourced to a company or handled with healthcare security software. Tip: Be the kind of rockstar Medical Sales Rep who can recommend a way to handle this and talk about the pros and cons to different solutions.
  1. Back up your data regularly. This is one of the most important parts of a good cyber security strategy. If an organization has good back-up data, they don’t have to shell out millions to decrypt information and get that data back.
  1. Keep an eye on mobile. If staff members will be accessing data on a mobile device, healthcare providers should consider restricting access to critical data and systems. At the very least, they should invest in a centrally-controlled system so mobile devices can be wiped clean if they are stolen or compromised.

Why Should Healthcare Sales Professionals Care About Cyber Security?

In previous posts, we talked about questions that signal your investment in your customers business.

One of those questions is “how are you preparing for your first cyber attack?” Combined with the tips listed above will elevate you above the competition by demonstrating your more that just a “sales guy/gal”.

Do yourself a favor and ask your company how customer data is secured. If a clear plan is missing, be an advocate for your customers by pushing for improvements.

Please note: I reserve the right to delete comments that are offensive or off-topic.

Leave a Reply

Your email address will not be published. Required fields are marked *