Healthcare hacks continue to evolve


News Tuesday that a hacker is selling 9.3 million patient records on the dark web illustrates an evolution in the modus operandi of data thieves and other cybercriminals.

In 2015, nearly 100 million records from four health insurers--Anthem, Excellus BlueCross BlueShield, Premera Blue Cross and CareFirst BlueCross BlueShield--were stolen by hackers.

Then came a shift. 

Product Spotlight

Top-Rated Mobile App for Health Insurance Members

Zipari’s Mobile App is the smarter, easier, and better way for payers to engage members on the go and directly in the palm of their hands. Members can find the right doctors, receive notifications, send messages, view claims, track spending, talk to a nurse, download ID card, and more. It’s ready to install and launch in a few months.

This year, ransom for control of IT systems took center stage. Several hospitals have been hit, including California-based Hollywood Presbyterian Medical Center, Chino Valley Medical center and Desert Valley Hospital, MedStar Health in Maryland and Titus Regional Medical Center in Texas.

While Hollywood Presbyterian paid a ransom of 40 bitcoins (valued at about $17,000) and regained control of its systems early in the year, Kansas Heart Hospital failed to regain full access to its systems even after paying a “small” ransom in May to hackers.

This latest case highlights the threat that all hospitals and health insurers face--having the private information of their patients or members sold to the highest bidder.

Travis Smith, a senior security research engineer at Tripwire called it the next stage of ransomware.

“Traditional ransomware is a semi-automated process in which the malicious software infects the victim and encrypt[s] as much critical data as possible,” Smith said in a statement emailed to FierceHealthIT.

“However, the victim could easily forgo the ransom in lieu of restoring from recent backups. This is the next stage of ransomware, in which the attacker is mitigating the risk of the victim restoring from backup by keeping a copy of the private data. Now the victim may have to make decisions on paying not only to recover their data, but to prevent it from being leaked externally."

Suggested Articles

President Donald Trump issued an executive order Monday to support healthcare in rural areas by permanently expanding telehealth services.

Tenet generated $88 million in profits in the second quarter thanks in part to more than $850 million in aid from a federal provider relief fund.

Ancestry gots its start in geneology. Now the company is expanding into more advanced genetic health screening.