Medical insurance identification, medical profiles, and even complete electronic health record (EHR) databases have attracted the eyes of enterprising black hats, who increasingly see EHR-related documents as some of the hottest commodities peddled in the criminal underground. A new report today shows that complete EHR databases can fetch as much as $500,000 on the Deep Web, and attackers are also making their money off of smaller caches of farmed medical identities, medical insurance ID card information, and personal medical profiles.
Attackers are practically printing money when it comes to this new line of stolen goods, considering how poorly healthcare organizations are protecting their key assets.
Meanwhile, they're leaving holes in the network big enough to drive monster trucks through them, by way of Internet of Things (IoT) medical devices and other poorly secured systems. Many of these systems were left accessible to the public internet with minimal to no access controls. Not only did these systems exposing the network to further lateral attacks, but in many instances they provided direct access to the EHR systems themselves.
See full report:
If this was helpful, SHARE with a friend with the below: