Cybersecurity and Medical Records

By Charles Parker

As each week passes, more medical facilities are compromised and an increasing

number of consumer medical records are bundled for sale on the dark web. These to be sale-

able, the medical records must hold value in some form. Without this, the medical records

would not be targeted.

The attackers are able to use this for identity theft. These medical records contain

obviously charting for the patient, but also full patient name, SSN, and other ID data, e.g. the

state driver’s license number. There may also be present in the record the patient’s payment

information, present in the record the patient’s payment information, including the credit card

number. The patient record may also have the patient’s picture. With this information and

data, credit card fraud and identity theft is moderately easy. This could occur repeatedly occur

over the years. The records could be sold repeatedly over the years, repeating the cycle.

This theft may not be noticeable for years. The attackers tend to slowly and

methodically extract value from this. In comparison, a credit card is cancelled and a new card

issued relatively quickly after fraud is detected.

The medical records may be used for Medicare Fraud. This may involve fraudulent

billing and over-billing. With a mass-amount of records, this could be rather lucrative for the

deviants.

The affected parties have a limited number of actions to take when this occurs. The

consumer could contract with a third-party service to monitor their personal credit report. This

has been met with mixed results as these services don’t always stop the credit reports from

being pulled, as personally experienced. The other primary option is for the consumer to freeze

their account. These options also have their own issues.