Some common cyber threats facing the retail industry include ransomware attacks, social engineering, system intrusions and insider threats. The retail sector is often targeted by cybercriminals
Hackers want stolen medical records to commit identity theft, use the stolen data as a ransom, sell it on the dark web or impersonate the victim to receive medical services. Medical records are valuable to cybercriminals as they allow cybercriminals to commit fraud and go undetected longer than they can with other Personally Identifiable Information (PII).
Continue reading to learn more about medical records, what cybercriminals can do with them, how cybercriminals steal them and how to protect medical records from cybercriminals.
What Are Medical Records?
Medical records contain personal health information which is any information regarding a patient’s identity and medical history. A patient’s medical history relates to information about the patient’s medical care such as medications, treatments and diagnoses.
Healthcare providers use medical records to help identify patients, understand their health and provide them the appropriate treatment. HIPAA protects a patient’s medical records from unauthorized access and only allows authorized personnel such as the patient, family members, healthcare providers, healthcare payers and government entities to access them.
Information in a patient’s medical records can include:
- Name
- Address
- Important dates (date of birth, date of death, date of admission/discharge)
- Email addresses
- Phone number
- Social Security number
- Medical history
- Health insurance information
- Financial information
- Medical record number
- Prescription information
- Medicaid number
What Cybercriminals Do With Medical Records
Unlike credit cards or login credentials, medical records have a long lifespan and cannot be easily altered making them valuable to cybercriminals. Stolen medical records are difficult for people to identify malicious activity with and allow cybercriminals to misuse them for longer periods undetected. Here are the ways cybercriminals use stolen medical records.
Identity theft
Identity theft is when a bad actor uses a victim’s personal information to impersonate them and commit fraud. With a victim’s stolen medical record, cybercriminals have access to information such as the victim’s Social Security number and date of birth which can be used to impersonate the victim online. Identity theft often leaves victims with damaged credit, large amounts of debt, financial loss, ruined reputation and potentially a criminal record.
Cybercriminals can commit crimes such as applying for loans under the victim’s name, accessing the victim’s bank account and taking the victim’s unemployment benefits. Cybercriminals will primarily use medical records to impersonate the victim to receive medical services, benefits and medications.
Ransomware
Cybercriminals will use ransomware to steal a victim’s medical records from a healthcare provider. Ransomware is a type of malware that prevents organizations from accessing their data or devices by encrypting it. Cybercriminals promise to decrypt the data or device once the ransom is paid. They will threaten the organization to pay the ransom or else they will never give back the stolen data or leak the data to the public. According to Healthcare Dive, ransomware has cost the healthcare industry around $77.5 billion since 2016.
Dark web
The dark web is a part of the internet that provides anonymous and secure communication channels that cannot be found on standard search engines. Since the dark web provides users anonymity, cybercriminals use the dark web for illegal activity such as selling stolen personal information and trafficking illegal drugs and weapons.
Medical records are valuable on the dark web since they contain extensive information about an individual. A cybercriminal can sell personal information such as Social Security numbers or email account login credentials on the dark web for $1-$3. However, they can sell medical records on the dark web and earn $1,000+.
How Cybercriminals Steal Medical Records
Cybercriminals use a variety of cyber attack vectors to steal medical records from healthcare providers and users. Healthcare providers store and manage their medical records online. Often, healthcare providers use Remote Desktop Protocol (RDP) to access medical records. Cybercriminals try to exploit vulnerabilities of unsecured RDP to steal medical records. Here are the ways cybercriminals exploit RDP and steal medical records.
Brute force attacks
Brute force attacks are a type of cyber attack that uses trial and error to guess a user’s login credentials until the cybercriminal gets a match. Cybercriminals rely on people reusing the same password or using weak passwords that they can easily guess to gain access to an organization’s sensitive data. The different types of brute force attacks used to gain unauthorized access can include simple brute force, dictionary attacks, password spraying and credential stuffing. If organizations use weak passwords to protect medical records or their RDP, then cybercriminals can use brute force attacks to compromise their passwords and steal patient medical records.
Man-in-the-middle attacks
Man-in-the-Middle (MITM) attacks are a type of cyber attack in which cybercriminals intercept transmitted data. Cybercriminals often position themselves in the middle between two parties to eavesdrop, steal or modify any exchanged data. They rely on fabricated or public WiFi networks since they are unencrypted and allow cybercriminals to monitor internet traffic from connected users.
Cybercriminals can steal medical records that have been accessed on unencrypted WiFi networks. They can also intercept data from unsecured RDP. Since every RDP connection uses the same 3389 port, cybercriminals can hijack any RDP connections that have left the 3389 port unsecured and intercept any transmitted data.
Phishing attacks
Phishing is a type of social engineering attack that tries to trick users into giving up their personal information. Cybercriminals send users an email or text message with a malicious attachment or link. When the user clicks on the malicious link, they will either download malware on their device or visit a fake website requesting personal information such as login credentials.
The healthcare industry can be hectic and chaotic, often leaving no time to educate employees about cyber attacks. Cybercriminals target employees who are ignorant or neglect their cyber hygiene and easily trick them into giving up their organization’s sensitive information through phishing.
Exploit kits
Exploit kits are toolkits cybercriminals use to exploit the security vulnerabilities of a system or device to distribute malware. When a user clicks on a compromised website, spoofed website or malicious ad, they are redirected to an exploit kit’s landing page. On the landing page, the kit exploits any security vulnerabilities found on the system and installs malware.
Cybercriminals often use exploit kits to install malware on healthcare provider networks. Many healthcare providers use older software or neglect to update their current software, allowing cybercriminals to exploit any security vulnerabilities that have been left unpatched. Once malware is installed on the healthcare provider’s systems, they can steal medical records.
How To Protect Medical Records
Organizations need to implement the following to protect medical records from cybercriminals.
Keep data backed up regularly
Organizations need to regularly back up their data with cloud services and external hard drives to ensure they always have access to their data. In the event of unfortunate circumstances such as lost, stolen or leaked data, the organization can always fall back on its backed-up data.
Create an incident response plan
An incident response plan assigns responsibilities and lists procedures to follow if a security breach occurs. Organizations need to create an incident response plan to handle cybersecurity incidents. With an incident response plan, organizations can identify the cyber attack, remedy the damage and prevent future cyber attacks from happening.
Limit access to medical records
Organizations need to practice the principle of least privilege to protect their sensitive information from unauthorized access. The principle of least privilege is the concept of giving employees just enough access to sensitive data and resources to do their jobs and no more. By implementing the principle of least privilege, organizations can limit who has access to medical records and prevent cybercriminals from moving laterally within an organization’s network.
Protect sensitive information with strong passwords
Organizations need to protect their sensitive data with strong and unique passwords. By using strong and unique passwords, organizations make it difficult for cybercriminals to crack their passwords and compromise accounts or systems that can access sensitive information. Organizations need to use strong passwords for their RDP connections to prevent cybercriminals from gaining unauthorized access.
Strong passwords are a unique and random combination of uppercase and lowercase letters, numbers and special characters that are at least 16 characters long. They omit any personal information, sequential numbers or letters and commonly used dictionary words.
Educate employees about cyber attacks
Cybercriminals target employees who are negligent or ignorant of cyber attacks. By educating employees about cyber attacks, organizations can protect their sensitive data from falling into the hands of cybercriminals. Employees need to learn about cyber attacks to recognize and avoid falling for them.
Use antivirus software
Antivirus software is a program that detects, prevents and removes known malware from devices. It can protect users from malicious attachments, links or hidden malware within ads. Antivirus software detects any incoming malware and removes it before it can infect a device. By using strong antivirus software, organizations can protect medical records from getting stolen by malware.
Keep your organization’s software up to date
Many cybercriminals target organizations that use outdated software that often have security vulnerabilities they can exploit to deliver malware. To help prevent cybercriminals from delivering malware, organizations need to keep their software up to date. Software updates patch security flaws and add security features that better protect the organization.
Use Keeper® To Protect Medical Records
Cybercriminals target organizations that have access to medical records. To protect medical records from falling into the wrong hands, organizations should invest in a Privileged Access Management (PAM) solution.
PAM refers to the management and securement of privileged accounts that have access to sensitive data and systems. With a PAM solution, organizations have full visibility into their entire data infrastructure. They can track and control systems, applications, accounts and devices that require privileged access. A PAM solution will ensure access to sensitive data is limited and secured.
KeeperPAM™ is a privileged access management solution that combines Enterprise Password Manager (EPM), Keeper Secrets Manager® (KSM) and Keeper Connection Manager® (KCM). With KeeperPAM, organizations can reduce their attack surface, minimize lateral movement and control their sensitive data. Request a demo of KeeperPAM to learn how it can prevent cybercriminals from stealing medical records.