Security "Bits"

Protecting The Black Market’s Hottest Commodity – Medical Data

By Annie Wang | October 21, 2014 at 5:30 AM

healthcare_security“Cha-ching” that’s the sound of a medical data transaction taking place between two cyber criminals on the infamous black market.

I read an interesting article last week that talked about how medical data is now one of the hottest commodities on the black market. Not exactly what you want to hear if you’re a healthcare institution, tasked with protecting PHI (protected healthcare information) data in a new BYOD world. But why medical data?

Since banks have drastically increased their fraud detection technologies, credit cards aren’t fetching the same price tags they used to. The black market price for credit cards are now only about $1. I suppose the risk of being caught is far too great, not to mention that credit cards can easily be cancelled with a quick call (I say quick, but it never is) to the bank. And in most cases, banks will text, call or email cardholders as soon as any suspicious activity takes place. These factors, combined with the fact that accessing PHI isn’t exactly rocket science, has led to a premium price tag for medical information, said to be priced at $50 per person.

What does all of this mean for healthcare institutions? More emphasis needs to be placed on protecting data, specifically when it comes to BYOD, as 80% of healthcare organizations now support BYOD. Failure to protect PHI data results in HIPAA violations and a check with a bunch of zeros paid to the US government. These fines can be up to $50,000 per event and  $1.5 million if the data loss event affects 500 of more people! The government has even created a site that lists all the major Healthcare institutions that experienced data leakage called the “Wall of Shame” (check it out after you read this). With budgets already tight as they are, institutions literally can’t afford to be losing data. Not to mention the loss of public trust, which is incalculable.



How can Healthcare Institutions secure BYOD devices? Here are 2 positives of going with a CASB to protect PHI data:

Solve IT pains 

          - Achieve security and compliance  with DLP, selective wipe, and access control 

          - Gain visibility via audit logs for all suspicious activities

          - Easy deployment of solution

          - Complete protection for PHI data coming down to mobile device

Meet staff expectations

         - Give them mobility and the ability to work from anywhere, and on any device

          - Complete transparency - Native experience for employees

          - Give staff the privacy they desire - no capture of personal data


No healthcare organization wants to be on the "Wall of Shame". Get the data protection that you need. For more information watch our  webinar on BYOD and HIPAA compliance or reach out to us on Twitter @Bitglass.



see all