These days, anyone can sell just about anything on the internet. The deep web, the dark web, the black market; whatever name you’ve heard for it, in the recesses of the internet, it exists. It’s not a safe place to be, what with the lurking hackers and strange mystery items being sold and shipped across the world, but it plays a huge part in the market for medical records.
Healthcare facilities are often targeted because of the sheer number of patient files that can be harvested from their servers. Each patient has a paper file, of course, but in this digital age, many facilities are choosing to keep data on their computers for ease of access. This is where the issue lies. Healthcare facilities are chosen as targets for hackers so that this data can be collected and sold.
There are many reasons that someone would buy medical data. Hackers can sell several files for a lot of profit because they contain so much personal data. Think about it. Your medical file would have your name, date of birth, your address, and even a list of your medical conditions. If you’re on a repeat prescription, a hacker could easily find out what GP you’re with, which pharmacy you use, and collect your prescription while acting as you. Remember the last time you collected a pre-ordered prescription? They probably asked you to confirm your name and address. Data that your medical file would list.
As well as drug and substance abuse issues, the hacker would have also listed your address and all of your other personal details. Individuals who don’t visit their GP very often won’t realise that their data has been misused or stolen. There have been cases where healthcare users discover that their file has been stolen a long time after it happens. Unlike things like debit or credit card theft, there is no sure-fire way to report theft of medical data.
It’s not thought to be a common occurrence, and many don’t realise it happens until it’s too late. Ransomware is one major way that these hackers gain access to healthcare data. In the two years between 2014 and 2016, almost half of the data breaches in the UK were aimed at healthcare organisations.
What this means is that the healthcare industry was targeted more than any other industry. Medical records provide data thieves with more data to sell off to the highest bidder, and it’s safer to sell off too; because the likelihood of it being reported is much lower than financial data theft.
Medical records, depending on the information available, can be sold for anywhere between £15 and £1500 each. Just from the consequences alone, you can see exactly why this type of information needs to be protected better than it currently is. There are many methods that can be used to prevent the theft of medical information, and it starts by ensuring that the industry is aware of the problem.