Healthcare hacks continue to evolve


News Tuesday that a hacker is selling 9.3 million patient records on the dark web illustrates an evolution in the modus operandi of data thieves and other cybercriminals.

In 2015, nearly 100 million records from four health insurers--Anthem, Excellus BlueCross BlueShield, Premera Blue Cross and CareFirst BlueCross BlueShield--were stolen by hackers.

Then came a shift. 

This year, ransom for control of IT systems took center stage. Several hospitals have been hit, including California-based Hollywood Presbyterian Medical Center, Chino Valley Medical center and Desert Valley Hospital, MedStar Health in Maryland and Titus Regional Medical Center in Texas.

While Hollywood Presbyterian paid a ransom of 40 bitcoins (valued at about $17,000) and regained control of its systems early in the year, Kansas Heart Hospital failed to regain full access to its systems even after paying a “small” ransom in May to hackers.

This latest case highlights the threat that all hospitals and health insurers face--having the private information of their patients or members sold to the highest bidder.

Travis Smith, a senior security research engineer at Tripwire called it the next stage of ransomware.

“Traditional ransomware is a semi-automated process in which the malicious software infects the victim and encrypt[s] as much critical data as possible,” Smith said in a statement emailed to FierceHealthIT.

“However, the victim could easily forgo the ransom in lieu of restoring from recent backups. This is the next stage of ransomware, in which the attacker is mitigating the risk of the victim restoring from backup by keeping a copy of the private data. Now the victim may have to make decisions on paying not only to recover their data, but to prevent it from being leaked externally."