A black market exists on the darknet, or a network, part of the internet inaccessible to search engines where illegal goods can be purchased anonymously-devoted entirely to the buying and selling of electronic medical records (EMRs). Hackers cruise the darknet buying and selling stolen personal health information (PHI), in part, because they’re motivated by the top-dollar prices that data fetches.
Why are EMRs so valuable? Once hackers penetrate a provider’s network and access EMRs, they can threaten to expose those records or even permanently disable access to them unless a ransom is paid. In other cases, EMRs have been used with false identification to illegally purchase prescription drugs that can be resold. For reference, a kilogram of a sought-after medication like Fentanyl, a synthetic version of morphine, can be purchased for $6,000 and sell on the street for $1.3 million.
EMRs also sell for as much as $1,000, depending on how complete the record is, or whether it is purchased individually or as part of a database. For comparison’s sake, stolen credit card information might sell for somewhere between $5 and $100. In fact, the only personal information that might be more valuable to a criminal than an EMR is your passport, which can sell for between $1,000 and $2,000.
With the opportunity for such high payouts, hackers are motivated to continuously perfect their dark arts to target healthcare providers.
1. Evolved social engineering: Hackers can gain access to a provider’s network through a process called phishing where an end user might inadvertently click on a link and enable a malicious piece of software to be installed on their computer. The hacker might use this software to observe emails between colleagues to understand the nuanced ways officemates communicate. With that kind of a cyberattack, the installed malware might not be detected by anti-virus software, so it lurks there, gathering information. When they are ready, hackers can exploit the understanding they’ve gained from watching email communications and create false correspondence that fools the employees of the provider, and gain access to something valuable, like PHI and EMRs.
2. Less reliance on end-user mistakes: Though hackers often aim attacks at end-user mistakes, providers and vendors are investing more in email security and security awareness training for employees. As a result, hackers are increasing attacks that are less reliant on an end-user mistake. Earlier this year, a major EHR vendor was hit with a ransomware attack that affected 1,500 of their clients. Hackers breached their systems after analyzing the vendor’s server vulnerabilities.
3. Automated attacks after a firewall is breached: Examples of this kind of attack include the NotPetya attack, a malware attack in 2017 that was spread through the use of PSExec and Windows Management Instrumentation, software tools used by system administrators. Another 2017 cyberattack, WannaCry ransomware, installed a worm that ended up spreading to over 400,000 computers through normal business activities, affecting internal and external networks.
MEDHOST helps protect hospitals and healthcare facilities of all sizes with a complete hosted solution managed by our team of highly experienced experts. For more information about how we’ve worked with hospitals like yours, read our case study about about implementing our hosted solution in a community hospital.
Also, check out the MEDHOST Minute Blog for more videos and blogs on the healthcare industry’s evolving cybersecurity landscape throughout October’s National Cybersecurity Awareness Month. For more terrifying tales of data breaches and security scares, don’t miss our new limited podcast series “Tales From the Encrypted.”