What Makes Healthcare Data So  Valuable?

What Makes Healthcare Data So Valuable?

A couple of months ago, I was invited to take part in a strategic planning session with a large health system CISO and their team. We talked through everything from near-term tactics, to long-term plans and investments, looking for holes in the plan, gaps in products and services the org had deployed, and every opportunity to stop breaches.

"Why are the bad guys so hot for medical records and patient data anyhow?" someone asked.

The more seasoned folks in the room looked at each other, realizing that while this might be something they internalized years ago, there's always new people in the room. New people coming into the industry.

Turns out, the story about medical records, and why they're so valuable to cyber criminals, might not be "common knowledge". We should make this a digital healthcare "campfire legend" we tell over and over.

In a nutshell, then, here's what you need to know about one of the hottest dark web commodities -- medical records and medical data:

  1. Medical Records are worth a lot -- they're one of the most valuable data assets on the dark web. Depending on the report you read, medical records may be worth anywhere from $250 to $1000 per record -- that's compared to a little over $5.00 for a credit card. Think about it: Credit cards can be cancelled pretty quickly -- how often do you get a call from your bank about a suspicious charge? A stolen card's lifespan is short. But stolen medical record data is the criminal gift that keeps on giving.
  2. Why? The data inside a medical record is a multi-dimensional goldmine for thieves. It includes not only medical data, but may have images of the patient, their insurance cards, employment information, drivers license, and demographic data like home address, email, phone numbers, and relationship details. The data can be used to steal identities, open new lines of credit, extort the victim for payment NOT to share the information, and fraud of all kinds including fake insurance claims, and unauthorized prescription refills.
  3. Important: The "crown jewels" of medical data may not be where you think. Of course you should protect the electronic health record -- that's the logical starting point. But value-based care, advanced analytics, and other data-sharing efforts -- often aimed at better understanding care delivery with the intent of improving it -- CAN result in consolidated patient information pools that reside OUTSIDE production systems -- for example, in shared drives, or on local machines in databases, spreadsheets, or even external drives. And while end-user intentions are almost ALWAYS good -- they're trying to advance the mission of better, faster, cheaper, safer, easier-to-access care for patients and families -- the lack of data governance and data management may create significant unintended privacy/security exposure.

Spread the word. Share the legend. Protect the record. Do no harm.

----------

Drex DeFord has broad experience as a thirty-plus year senior healthcare executive, including a "first" career as US Air Force officer (hospital administrator/CIO), culminating as Chief Technology Officer for Air Force Health’s World-Wide Operations. He also served as CIO at Scripps Health, Seattle Children’s, and Steward Healthcare. He’s Past-Chair of CHIME’s Board of Trustees, and has served on the HIMSS National Board. Over the past several years -- as an independent consultant (and “Recovering-CIO”) -- he helped lead trusted health systems, payers, associations, vendors, and investors through their work on healthcare's toughest problems. In 2021, Drex joined CrowdStrike as Executive Healthcare Strategist. He’s passionate about the mission to stop breaches, and better secure clinical, research, and healthcare business operations.

🌟Brian Keltner🌟

🏆 Award-Winning Agency Helping Entrepreneurs Get More Clients, Business, & Interviews🧐Reputation Restoration | Online Reputation Management | Business & Professional Branding | Social Media Management | Gunslinger

1y

Drex, thanks for sharing!

Like
Reply

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics