Hackers steal medical records and sell them on the dark web

As health care providers store patients’ medical records digitally, some have left their files vulnerable to being exposed to hackers who sold it on the black market, or the internet’s dark web.

One victim of medical identity theft showed us just how much damage that could do. “It was quite a tumultuous decade of a mess,” Brandon Reagin told CBS News correspondent Anna Werner.

The “mess” started in 2004 for Reagin when, as a young Marine, he lost his wallet. Months later, his mother called, saying, “Local authorities were here looking for you today, you know, regarding this incident,” he recounted. “A car theft. Multiple car thefts at the time.”

Someone posing as Reagin was allegedly stealing cars and getting multiple medical procedures. Then the hospitals came after Reagin to pay. The bills added up to nearly $20,000. Reagin said he tried to get these problems off his credit report.

“Did that work?” Werner asked. “It worked until the next billing cycle,” Reagin said. It was like a never-ending battle for the Marine.

But Gary Cantrell sees it all the time, as head of investigations at the Department of Health and Human Services‘ office of inspector general. “Every one of our investigations involves the use of medical data to commit this fraud,” Cantrell said.

He warned thieves want people’s medical records. “It’s just a treasure trove of all this information about you,” Cantrell said.

Last year alone, he said the agency handled nearly 400 reports of medical data breaches. Some of that information winds up for sale by hackers on the internet’s dark web.

“Sometimes they’re compromising this data and we don’t know how it’s being used, when or if it will be used to compromise those individuals’ identities,” Cantrell said.

So how easy is it for hackers to get hold of these patient files? We asked cybersecurity expert Gary Miliefsky. “Took me a few seconds,” he said after searching for records on the dark web.

One seller offered children’s health records for sale: “USA KIDS FULLZ” from a pediatrician from 2000 to 2014. Another posted an entire hospital’s worth of files from a health care database in Georgia: 397,000 patient records.

How are they getting the records? One “product description” said “breached a very large hospital recently.”

“So they’re basically saying, somebody hacked into this hospital, and here’s the records if you want to buy them for 26 grand?” Werner asked.

“Exactly, they want to monetize these records quickly, and they’re actually offering them at a discount compared to other prices I’ve seen on the dark web,” Miliefsky said.

Social Security numbers sell for $1, and credit card info goes for up to $110. But Experian reports full medical records can command up to $1,000 because they’re an identity thief’s dream: date of birth, place of birth, credit card details, Social Security number, address, and emails.

“So this is really all they need, if they buy this. And then they can become?” Werner asked. “You,” Miliefsky said.

Hackers have stolen millions of records. A breach at Anthem Insurance affected 78 million people, and a hack at UCLA Health exposed more than four million patient records. Despite that, a 2017 survey of health care providers found just 16 percent reported having a fully functional cybersecurity program.

According to Protenus, a firm that helps health care companies protect data, there were 222 incidents hackers related last year – up nearly 25 percent from 2017. In all, more than 11 million patient records were affected.

“One of our most important missions is to mitigate that vulnerability as quickly as possible. And that means communicating with those individuals who oversee the systems,” Cantrell said.

As for Reagin? The crook who stole his identity served time in prison. But 15 years later, Reagin said he still hasn’t been able to undo all of the damage. “That hospital may still have his information, his blood type under my name at that hospital,” he said.

Because of situations like that, experts we spoke with said it’s a good idea to request a copy of your medical files now to clear up any confusion if your records are altered later due to medical identity theft.ith info from

With info from CBS News


Te puede interesar > Ebola vaccine offered for sex, say women in Congo

LachToday.com

Noticias | News

You may also like...

3 Responses

  1. febrero 18, 2019

    […] Te puede interesar > Hackers steal medical records and sell them on the dark web […]

  2. febrero 18, 2019

    […] You can also be interested > Hackers steal medical records and sell them on the dark web […]

  3. febrero 22, 2019

    […] You can also read > Hackers steal medical records and sell them on the dark web […]

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

Este sitio usa Akismet para reducir el spam. Aprende cómo se procesan los datos de tus comentarios.