Leaked data stories have flooded the news lately as the rise in cyber related crimes has sky rocketed. It got so bad at one point, medical records were a prime target. Hackers might start thinking twice about putting in the work to retrieve those files of private data now.
A recent study by the Institute for Critical Infrastructure Technology and the cybersecurity firms Flashpoint, and Intel Security shows the price for stolen medical records has dropped dramatically as more and more files hit the markets.
“In the face of exceeding supply, stagnant demand and increased law enforcement attention, it’s becoming increasingly difficult for criminals to make a living selling partial medical records,” James Scott of ICIT said.
Quality, number and where the records came from has often set the price of these records but the price is declining for individual records, and files that don’t contain any financially useful data. The files that were selling for $50-$100 are now selling for around $20-$40.
“The volume of medical data for sale in the criminal underground is increasing, leading to very low prices for individual records,” senior Flashpoint analyst Vitali Kremez said.
Most of the stolen healthcare records for sale on Dark Net are from U.S. based institutions that have been hacked. The average price for what is labels as “fullz” are around $50. These typically include financial information and supporting information like insurance documents and utility bills.
All in all, hacked medical records aren’t worth much, unless they are converted into a full identity kit. Along with the stolen medical records, identity thieves need additional documents which require a hacked government registration database. Even with their lack of value they still sell; because it provides the next level to the criminal’s fraud scheme.
It is suggested that the declining prices are suggesting that its getting easier for hackers to obtain these medical records. One reason behind the easy access, is the growing hacking services that are being provided via the Dark Net. This hacking service option is being utilized by those who don’t contain the skills needed to pull off the hacking job themselves. Two dedicated medical record hackers are flooding the dark net with their finds, and our only known by “earthbound11” and “thedarkoverlord”. The prices set by these two main culprits, are setting the bar for smaller resale prices. Another thing that factors into the price and sale of these records is the hacker’s reputation. It’s harder for an unknown, or someone new to the scene to start selling hacked goods of any kind right away.
“The larger trend in the trade of compromised personal healthcare information is toward larger breaches affecting ore data. Cybercriminals themselves have realized that the value of their stolen medical data is much lower than once expected,” Kremez said.
The decline in price makes it unknown how hackers will react, but experts say that it will most likely lead of an overall incline in hacked hospital infrastructure and data banks.
A ICIT report reads:
After the 2015 breach of 100 million medical records from Anthem, Premera Blue Cross, and Excellus Health Plan, let alone the numerous smaller networks compromised in 2015 and 2016, the annual rate of medical identity theft could easily increase to be ten or twenty times greater than the 2014 rate. The impact of stolen payment cards is felt almost immediately whereas other forms of data the impact could be longer term. Indeed, we can determine a direct correlation between a breach, and the pain felt when cards are declined; but it is not so easy to determine the origin of fraud with other forms of data.