In today’s digital age, healthcare data has become a prime target for cybercriminals. With a single health record fetching up to $1,000 on the dark web, Chief Information Security Officers (CISOs) in the healthcare sector face unprecedented challenges.
Healthcare data’s comprehensive nature makes it a high-value commodity on the dark web, attracting cybercriminals seeking to exploit outdated IT systems and ransomware vulnerabilities.
With the help of Cyble’s skilled threat intelligence researchers, we offer dark web monitoring insights for CISOs, delving into the dark web’s lure for healthcare data, the risks presented by healthcare data breaches, and the essential steps CISOs must take to secure sensitive information.
Dark Web’s Allure for Healthcare Data
The dark web, defined as that part of the web that is excluded from search engines and can often only be accessed through specialized browsers like Tor, has become a hub for the illicit activities of cybercriminals.
The dark web’s anonymity provides a safe haven for illegal activities and an ideal setting for the sale of stolen healthcare data. A single health record can fetch a price as high as $1,000, exceeding the value of credit card or Social Security numbers.
In an article on its website, the American Hospital Association Center for Health Innovation cites data from an IBM Security study, stating:
In fact, stolen health records may sell up to 10 times or more than stolen credit card numbers on the dark web. Unfortunately, the bad news does not stop there for health care organizations — the cost to remediate a breach in health care is almost three times that of other industries — averaging $408 per stolen health care record versus $148 per stolen non-health record.
According to Cyble Research and Intelligence Labs (CRIL), outdated IT infrastructure and operating systems in many healthcare organizations leave them vulnerable to cyberattacks. The COVID-19 pandemic has further exacerbated these risks by necessitating remote work and creating new security gaps.
Cybercriminals have developed a sophisticated multi-tiered business model for stolen healthcare data, making it difficult for law enforcement to trace the source. Illegally obtained data is commoditized and sold, with the price varying based on the potential value to the buyer. This data is often combined with other information to create complete patient profiles, which are then sold for various fraudulent activities.
The comprehensive nature of healthcare data records and its richness in personal information makes it a goldmine for identity theft and insurance fraud – and a threat that healthcare CISOs need to stay on top of.
Ransomware Disruptions to Healthcare
Ransomware attacks have become a profitable venture for cybercriminals, with healthcare organizations prime targets due to the critical nature of their services and the high value of patient data. These disruptions can lead to compromised patient care, increased mortality rates, and severe financial and operational consequences.
According to data from the Director of National Intelligence, ransomware attacks on healthcare providers have surged, with an increase of up to 128 percent in the U.S. alone, with 258 victims in 2023 compared to 113 victims in 2022. The study found that LockBit and ALPHV/BlackCat were the two most “popular RaaS providers” and were responsible for more than 30 percent of all reported healthcare attacks that had occurred worldwide.
These attacks not only disrupt services but also lead to increased patient stay lengths, delays in medical procedures, and in some cases, higher mortality rates, substantial financial costs, potential HIPAA violations and even reputational damage to the healthcare institute. And the data stolen in these attacks often winds up for sale on the dark web.
The DNI’s study stated, “US hospitals have delayed medical procedures, disrupted patient care because of multi-week outages, diverted patients to other facilities, rescheduled medical appointments, and strained acute care provisioning and capacity as a result of ransomware attacks.
Cybercriminals employ various tactics in healthcare ransomware attacks, including:
- Phishing emails with malicious links
- Complex attacks designed to maximize damage
- Encrypting personal health information (PHI)
- Exploiting vulnerabilities in medical devices
Protecting the Healthcare Sector
As healthcare data becomes increasingly valuable on the dark web, CISOs must remain vigilant and proactive. By implementing robust security measures, educating staff, and empowering patients, healthcare organizations can better protect sensitive information from cyber threats.
Educating healthcare staff on data handling: The persistent targeting of the healthcare industry highlights the vital need for cybersecurity training efforts. Staff must be educated on identifying phishing attempts, using secure authentication practices like MFA, complying with HIPAA and other laws, and adhering to mobile and other device security policies. A visible and accessible healthcare security team, supported by proactive leadership, can foster a culture where security is everyone’s responsibility.
Patient involvement in protecting healthcare data: Patients also have a role to play in the protection of healthcare data – they should actively review health records, use secure healthcare channels, and report any suspicious activities to healthcare providers.
Monitoring the dark web: Tools such as Cyble’s dark web monitoring services offer early breach detection capability and AI-powered threat tagging, enabling CISOs to identify threats and breaches earlier to address and contain problems faster.
Comprehensive logging of healthcare systems: Comprehensive logging of your healthcare systems can help CISOs and security staff track and analyze potential security incidents.
Strong access controls: Implementing strong access controls for critical healthcare systems, including role-based access control (RBAC), Multi-factor authentication and the principle of least privilege, can help prevent hacker access to sensitive data. Regularly reviewing and updating access controls can help ensure compliance with changing security requirements.
Data encryption: Encrypting sensitive healthcare data in transit and at rest using industry-standard encryption protocols (e.g., SSL/TLS, AES) can help protect that data from unwanted access.
Secure mobile devices: Developing and enforcing a mobile device security policy should include best practices for device configuration, password management, and data encryption for mobile devices used within the healthcare environment.
Network segmentation: Implementing network segmentation can isolate critical healthcare systems and reduce the attack surface.
Keep software, firmware, and applications updated: Establishing a regular update schedule for software, firmware, and applications used in healthcare systems can help keep threat actors out of your systems. Implement automated update mechanisms where possible to minimize downtime and ensure timely patching of vulnerabilities.
Monitoring the Dark Web for Healthcare Data
Healthcare CISOs can do a lot to protect patient data and keep it off the dark web by isolating and securing critical systems and encrypting data. But in the event that some data does leak out, dark web monitoring solutions are your best bet for an early warning.
