Healthcare data is an incredibly valuable commodity to hackers, so it's no surprise that organizations known to store Protected Health Information (PHI) are increasingly targeted by hackers that see the value in their trove of data. A recent Ponemon institute report found the cost of stolen healthcare records to be $363, far more than stolen credit card information simply because it's likely to remain valid for much longer.
While a credit card can quickly be cancelled and the number changed, often with no liability on the part of the user, leaked medical information often leads to identity theft and very few protections for the victim. A criminal could go about opening new accounts and requesting loans in your name without your knowledge, and without active credit monitoring, you would be none the wiser.
Identity theft is easier than it seems - how much personal information does a bank ask for beyond name, address, Social Security number, and date of birth. All this information is stored by healthcare providers, and for 113 million Americans last year alone, that information has been compromised and is readily available on the black market. For most, a name or address change aren't feasible options, neither is requesting a new Social Security number, a cumbersome paperwork-intensive process. Criminals can even use leaked healthcare data for access to medical care in the victim’s name or to conduct corporate extortion
Is the solution active credit monitoring for all? Maybe, but just as important is securing data in the first place. Healthcare organizations need to be proactive about protecting their customer data with more secure means of authentication and better visibility and control over the sensitive information with which they are entrusted.
Check out our full report for more on the primary drivers of breaches in healthcare and the advanced techniques hackers often use to steal account credentials.