Cyberattacks and the Value of Medical Data

On July 20, 2018, SingHealth, a Singapore healthcare institution consisting of four public hospitals, five national specialty centers and a network of nine polyclinics, reported that it had been the target of a cyberattack resulting in the information of around 1.5 million individuals being compromised.

This is not an isolated incident as statistics compiled from the U.S. Department of Health and Human Services (HHS) indicate that more breaches involving healthcare data were reported in 2017 than any other year since records first started being published. In Experian’s 2018 Data Breach Industry Forecast, Experian noted that from January through June of 2017, 233 healthcare data breach incidents were reported to HHS, the media or state attorney generals. For the 193 attacks for which there are numbers, 3,159,236 patient records were affected. In a 2016 Data Breach Industry Forecast, Experian predicted that healthcare companies remain one of the most targeted sectors by attackers, driven by the high value that compromised data can command on the black market, along with the continued digitization and sharing of medical records.

Forbes reported that, on the black market, the going rate for a social security number is 10 cents and a credit card number is 25 cents, while electronic medical health records could be worth hundreds or even thousands of dollars because such medical data contains a wealth of exploitable information, such as names, addresses, work history, family member names, financial information, as well as more sensitive information relating to medical history.