Stolen Health Records Flooding Dark Web Markets

Uploaded on 2017-02-14 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Health & Welfare

According to new research provided to CyberScoop and conducted by the Institute for Critical Infrastructure Technology and cybersecurity firms Flashpoint and Intel Security, the large amount of leaked patient records stolen and posted for sale to the dark web in recent months has caused prices for most of those records to drop.

In the face of exceeding supply, stagnant demand and increased law enforcement attention, it’s becoming increasingly difficult for criminals to make a living selling partial healthcare records, according to James Scott, a senior fellow at ICIT.

While the quality, quantity and sometimes origin of such electronic records will help dictate the price of any specific package for sale, average prices are largely trending downwards for individual, non-financial files, new research shows.

The value of similar healthcare records that sold last year for roughly $75 to $100 dollars can now be found for around $20 to $50 dollars.

“The volume of medical data for sale in the criminal underground is increasing, leading to very low prices for individual records,” Vitali Kremez, a senior analyst focused on cyber intelligence at Flashpoint, told CyberScoop.

A majority of stolen healthcare patient records sold on the dark web come from US-based institutions that have been breached, according to Intel Security.

The average price for a single complete electronic health record, described as a “fullz” in underground markets, typically tagged with financial information and supporting documents like utility bills or insurance receipts, currently hovers around $50, World Privacy Forum founder Pam Dixon recently estimated.

In broad strokes, an electronic healthcare record is rarely worth very much unless it is converted into a “complete ID kit,” which combines long form healthcare records, additional documents and are authorised via a breached government registration database, explained Scott.

Even so, because healthcare records contain vast personal information, these document offer scammers a stepping stone to more comprehensive fraud schemes.

Dixon told Healthcare IT News that decreasing prices are a general conclusion of easier access to sensitive personal records. One component of this eased access, based upon data gathered by ICIT and Intel Security, is the growing sale of hacking-as-a-service on the dark web, which enables those without technical backgrounds to hack into systems by relying on paid mercenaries.

Laying the groundwork for a further discordant dark web economy in some part, according to Kremez and Intel Security vice president Raj Samani, is also the ambiguous rise of prominent, dedicated healthcare hackers. Two of these mysterious actors, known simply by their vendor usernames “earthbound11” and “the dark-overlord,” have been flooding the market with medical fullz in recent months, thereby dictating the price for other smaller resellers.

A hacker’s underground reputation is typically one of the leading factors leading to the valuation and eventual sale of any records package they post, research shows.

“The larger trend in the trade of compromised personal healthcare information is toward larger breaches affecting more data,” said Kremez, “cyber-criminals themselves have realised that the value of their stolen medical data is much lower than once expected.”

Though it remains unclear how a recent fall in Dark Web prices have and now continue to influence hackers’ attack behavior towards the healthcare industry, several experts who spoke with CyberScoop believe it will ultimately lead to a spike in overall network intrusions at hospitals, the counter-intuitive thinking here being that larger data dumps will help dark web vendors recoup recent profit losses.

“After the 2015 breach of 100 million medical records from Anthem, Premera Blue Cross, and Excellus Health Plan, let alone the numerous smaller networks compromised in 2015 and 2016, the annual rate of medical identity theft could easily increase to be ten or twenty times greater than the 2014 rate,” an extensive, recent Dark Web report from ICIT reads.

Unlike stolen credit card details and other payment information sold online, however, a cloud of uncertainty looms over leaked healthcare records because cause and effect is difficult to decipher, said Samani. According to an April 2014 FBI bulletin, electronic healthcare record theft is also more difficult to detect, taking almost twice as long to spot as normal identity theft.

In most cases, the data necessary to draw a conclusive connection between a leaked patient record and relevant case of identity fraud, for example, is neither readily available nor visible The result is an environment where targeted data breaches occur but security researchers cannot definitely say how some, if not most, of the leaked information is being used, explained Samani.

“The impact of stolen payment cards is felt almost immediately whereas other forms of data the impact could be longer term,” said Samani, “indeed we can determine a direct correlation between a breach, and the pain felt when cards are declined. But it is not so easy to determine the origin of fraud with other forms of data.”

AIRS:     Why Are Hackers After Healthcare Records?:      Healthcare Data Breaches In 2017 Will Get Worse:

You Might Also Read:

Google Challenged For Collecting American Health Data:

 

« Give Children More Control Of Data Privacy
Non-Secure IoT Devices Are Powerful Weapons »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ECSC Group

ECSC Group

ECSC is a full-service information security provider, specialising in 24/7/365 security breach detection and Artificial Intelligence (AI).

Veracode

Veracode

Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications.

Logically Secure

Logically Secure

Logically Secure provide penetration testing and security assessment services.

CyberSmart

CyberSmart

CyberSmart is a platform that allows you to maintain compliance, achieve certification and secure your organisation.

Egerie

Egerie

EGERIE's RiskManager solution provides a Global, Centralized, and Updated view of risk maps and security measures for your company.

Sigma Payment Solutions

Sigma Payment Solutions

Sigma Payment Solutions offers a comprehensive suite of automated payment processing services, solutions, and technology to businesses in the USA.

Detack

Detack

Detack is an independent supplier of IT security auditing and consulting services.

Telspace Africa

Telspace Africa

Telspace Africa provide the highest level of IT security solutions including advisory, penetration testing, vulnerability assessments, red teaming, social engineering and training.

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions delivers a range of Industrial Automation and Cyber solutions & services to sectors including Oil & Gas, Chemicals & Petrochemicals, Power and others.

Global Incubator Network Austria (GIN Austria)

Global Incubator Network Austria (GIN Austria)

GIN Austria is the connecting link between Austrian and international startups, investors, incubators and accelerators with a focus on selected hotspots in Asia.

Red River

Red River

Red River is a technology transformation company, bringing 25 years of experience and mission-critical expertise in analytics, cloud, collaboration, mobility, networking and security solutions.

Ankura Consulting Group

Ankura Consulting Group

Ankura is a global expert services and advisory firm that delivers services and end-to-end solutions in a wide range of areas including cybersecurity and digital transformation.

Microminder Cyber Security

Microminder Cyber Security

Microminder Cyber Security are innovators, advisors, strategists committed to solving your cyber security challenges.

Amazon Web Services (AWS)

Amazon Web Services (AWS)

Amazon Web Services is the world’s most comprehensive and broadly adopted cloud platform, offering fully featured services from data centers globally.

ID R&D

ID R&D

ID R&D is an award-winning provider of AI-based facial liveness, document liveness, and voice biometrics.

Identifid

Identifid

Identifid offers a suite of fraud prevention and identity authentication solutions to businesses and governments using the latest advances in AI, vision processing, and biometric recognition.