Medical data now hot commodity in the dark web

News of attacks on the healthcare industry are not as sexy as news of attacks, say on a nation’s defense department or on the largest bank in the world. This could change after global cybersecurity firm Kaspersky reveals that there is a growing demand for patients’ data in the dark web and there are sellers who are cashing in on this.

The hacking of SingHealth, Singapore’s largest group of healthcare institutions, last year wherein even Prime Minister Lee Hsien Loong records were exposed, proved that medical data has reached the “hottest commodity” status in the dark web.

According to Seongsu Park, senior security researcher at Kaspersky, patients’ medical data are as valuable, if not more valuable, as a customer’s financial data. And this fact is often overlooked by medical and healthcare institutions.

“Hacking healthcare industry is becoming easier for criminals because cybercrime groups are becoming more advanced,” Park said at Kaspersky’s annual APAC Cybersecurity Weekend held in Yangon, Myanmar, Sept. 5.

Park explained that attacks on healthcare are not limited to stealing data information. When cybercrime groups gain access to hospitals’ network, critical workstations can be exposed through Remote Desktop Protocol. It could also expose the health institutions’ picture archiving and communication system related to digital imaging.

“The functions of medical devices are becoming diverse and complex,” Park said. “While many medical devices are connected to a (certain) network, hospitals do not give security much thought and sometimes networks are exposed to the internet.”

However, Park said that these vulnerabilities are usually unintentional and are a result of misconfiguration or unconcern. This could also be caused by the lack of awareness because until now, news about attacks on healthcare are often eclipsed by attacks on larger companies.

Park specifically noted their findings in the dark web wherein hackers sell medical information to another crime group. He said it is quite an indication that the practice is getting to be a new normal in the dark web.

Why would people go after a person’s medical information? The group sees blackmailing, identity and monetary theft, and scamming as among the primary reasons for the wave of attacks. The cybersecurity firm also does not dismiss the possibility that even a new hacker could be behind medical data theft.

Park said healthcare organizations need to identify the important data they are storing and to figure out how they can protect them. Security education should not be limited to the technical group but must be equally shared with the frontliners or those who personally gather and store data from the patients.

There should also be security restrictions on the devices these frontliners use because these are often connected to the cloud so others such as doctors and health insurance companies can remotely access them wherever they are.

For an added layer of security, it is suggested to employ real-time and in-depth threat intelligence as well as holistic cybersecurity solutions into a medical organization’s IT infrastructure.

1 reply »