A few days ago, information security specialists reported a massive data breach in American Medical Collections Agency (AMCA) that affected nearly 20 million patients in U.S. clinical companies; according to experts, records of credit cards and stolen clinical details may be sold for negligible amounts (less than $50 USD).
What is the reason for the growing interest of
hackers in people’s medical information? Unlike a credit card, which can be reported
by theft, it is virtually impossible for a person to be able to notify the
theft of their Social Security number or change their date of birth, address or
clinical history.
This situation can generate scenarios of
greater risk for the victims than the theft of financial information, because
it jeopardizes the health of those involved. This is why information security
experts believe that protecting people’s medical information should become a
priority for hospital administrators.
Some of the possible malicious activities that
hackers can perform using medical information from victims are explained below;
this research was conducted by tracking various hacker forums on dark web.
The victim’s banking details, in conjunction
with confidential information, such as medical records, may be used to perform
fraudulent transactions. Hackers are especially interested in medical
information for children and young people, as they do not have a negative
credit history to apply for credits on their behalf.
Another common practice among cybercriminals is
the use of stolen medical records to get controlled drugs and specialized
medical supplies illegally.
One of the new trends detected by information
security experts is the theft of medical information from deceased people. One
of the hacker forums in which this practice was detected had more than 60k
records, including the date of death of people.
According to the experts, the main reason that
hackers are interested in the medical
history of deceased people is because, in case of committing fraud, the
chances of retaliation against criminals are minimal.
It is worth mentioning that this information is
not only of interest to the threat actors; Research and hospital centers can
also abuse stolen information for their internal practices, and insurance
companies can use these records to make elaborate profiles of potential
customers.
Finally, the specialists mention that blackmail
may be one of the harmful practices that take advantage of people’s stolen
medical information. Blackmail using this kind of information has become a
headache for many people, especially for celebrities.
The specialists from the International
Institute of Cyber Security (IICS) consider that these kinds of risks could be
mitigated if the companies that protect this sensitive information implement
better mechanisms of protection of information, like the multi-factor
authentication and restriction of access to company databases to employees who
do not require it.
