Cybersecurity and Medical Records
By Charles Parker
As each week passes, more medical facilities are compromised and an increasing
number of consumer medical records are bundled for sale on the dark web. These to be sale-
able, the medical records must hold value in some form. Without this, the medical records
would not be targeted.
The attackers are able to use this for identity theft. These medical records contain
obviously charting for the patient, but also full patient name, SSN, and other ID data, e.g. the
state driver’s license number. There may also be present in the record the patient’s payment
information, present in the record the patient’s payment information, including the credit card
number. The patient record may also have the patient’s picture. With this information and
data, credit card fraud and identity theft is moderately easy. This could occur repeatedly occur
over the years. The records could be sold repeatedly over the years, repeating the cycle.
This theft may not be noticeable for years. The attackers tend to slowly and
methodically extract value from this. In comparison, a credit card is cancelled and a new card
issued relatively quickly after fraud is detected.
The medical records may be used for Medicare Fraud. This may involve fraudulent
billing and over-billing. With a mass-amount of records, this could be rather lucrative for the
The affected parties have a limited number of actions to take when this occurs. The
consumer could contract with a third-party service to monitor their personal credit report. This
has been met with mixed results as these services don’t always stop the credit reports from
being pulled, as personally experienced. The other primary option is for the consumer to freeze
their account. These options also have their own issues.