In this compelling episode of the Two Minute Drill, Drex takes a deep dive into the dark web's insatiable appetite for healthcare data, particularly focusing on why children's information is a high-value target for cybercriminals. Learn about the intrinsic value of medical records, the underestimated locations of sensitive data, and the chilling longevity of identity theft against minors. Discover actionable insights for safeguarding personal and organizational data against the relentless threats of cybercrime. Join us as we explore how to protect the most vulnerable among us and ensure the security of healthcare information in an increasingly digital world.
Contributions & Community:
Become part of the conversation and help shape future episodes by contributing stories and insights. Visit thisweekhealth.com/news and click on "Become a Contributor."
Stay Connected:
Don't miss out on our upcoming episodes focused on hacking healthcare. Follow our podcast, like and share this post to spread the word, and join the new 229 cyber and risk community for more in-depth discussions and resources.
Stay Informed, Stay Secure:
Visit thisweekhealth.com/security for more information and resources to bolster your cybersecurity knowledge and defenses.
Remember, Stay a little paranoid.
Hey everyone, I'm Drex, and this is the Two Minute Drill. We do at least three security stories at least two times a week, all part of one great community, the 229 Cyber and Risk Community here at This Week Health. Like all my stuff, this is mostly plain English, mostly non technical, so it's easy to share with other folks in your organization.
And also, breaking news, the Two Minute Drill will now also be available on YouTube. on Apple podcasts or wherever you get your downloads. Just search for this week health newsroom. The drill is one of a collection of shows in that channel. So as they say, smash the like and subscribe button. Uh, thanks in advance.
I'm really glad you're with me today. Here's some stuff you might want to know about. On Monday, I talked about the rise of the cyberthugs breaking into Lurie Children's Hospital and stealing data and then allegedly selling that data on the dark web. But I didn't have time to talk about on Monday is why kids data is maybe even more valuable than other healthcare data.
But let's start at the beginning. Why is healthcare data valuable on the dark web to begin with? I wrote an article about this a couple of years ago and I continue to hope these stories will become campfire legends that will tell over and over again to new folks coming into healthcare. These stories are for everyone in the organization.
They all need to understand them. This isn't just for the IT department or the medical records team or the security team. We're all involved in caring for our patients and today a big part of that is also taking care of their data. So here's three things you need to know about some of the most valuable data on the dark web.
First, medical records are worth a lot. Depending on the reports you read, medical records may be worth anywhere from 50 to 1, 000 per record. That's compared to a little over three bucks for a credit card or a social security number. And if you think about it, it kind of makes sense. Credit cards can be canceled pretty quickly.
How often do you get calls from your bank about suspicious charges? So a stolen credit card's lifespan is pretty short, but stolen medical record data is the e crime gift that keeps on giving. Why? Well, the data inside a medical record is a multidimensional goldmine for thieves. It includes not only medical data, but it may have images of the patient and their insurance cards.
It has employment information. It may have driver's license images. It could have demographic data like home address and email and phone numbers and even relationship details. The data can be used to steal identities and open new lines of credit and the data can be used for all other kinds of fraud too.
Medical fraud in particular like fake insurance claims or unauthorized prescription refills. And unfortunately, We've seen situations where patients themselves are personally accosted for ransom because they have some very private information or what might be embarrassing photos in their records if those photos were made public.
So, understandably, patients don't want that information to be made public. Second, and what's also very important in all of this is to realize that the crown jewels of medical data may not be located where you might expect. Of course, you should protect the electronic health record. That's the logical starting point, but value based care and advanced analytics and AI projects and research and operations improvement projects and other data sharing projects, all of it, Most often aimed at better understanding care delivery with a good intent of improving it.
All of that can result in consolidated patient information pools, think databases and spreadsheets, that reside outside of production systems. For example, And shared drives, or local computer hard drives, uh, even external drives, or in file sharing apps. And while our end users intentions are almost always good, they're trying to advance the mission to better, faster, cheaper, safer, easier access care for patients and families.
The lack of data governance and data management may create a significant unintended privacy and security exposure. And as a result, we should be regularly asking ourselves, you should be asking your organization, do we know where all of our private patient information is located? And are we protecting it properly?
Now, third, let me talk briefly about why kids data is especially valuable. When that data is manipulated in the right way, Children's data can be used for all the criminal activities I mentioned earlier. But with kids, the crime, especially in the form of identity theft, might not be uncovered by the victim for years, because it may be years before they apply for a credit card, or their first car loan, or their first job.
And that's when they find out they've been a victim of cybercrime for years without ever even knowing it. Fortunately, there's some good advice for everyone on protecting yourself from identity theft. I'll add a link to this episode from Equifax that's not an endorsement. There's just a lot of good recommendations there and in other places about how to protect yourself and your kids.
One more thing, and it's always important to remember, these cyber thugs, they don't care about you. They don't have empathy. They don't ever think that your organization is too small or too remote or too unimportant to attack. They're not going to feel sorry for you when it happens. They're not going to weep because you're a healthcare organization.
They're going to cut you some slack because you're saving kids. They don't care about you. They don't care about you or your patients, or your families. They only care about the money. Well, I'm in overtime again, but I thought it was worth doing a special two minute drill just on this topic. There's obviously a lot of, uh, really hot stories I would say right now associated with healthcare cyber, and I drop all the two minute drill stories and a bunch more at thisweekhealth.
com slash news. It's actually a great way to start your day. It's a curated feed of healthcare's top stories, including cyber, all in one place. Please like and share this post and tag your friends. And now you can subscribe to the 2 Minute Drill via whatever app you use for podcasts. And as always, check out the 229 cyber and risk community at thisweekhealth.
com slash security. I'm Drex. That's today's 2 Minute Drill. Stay a little paranoid. I'll see you around campus.
© Copyright 2023 Health Lyrics All rights reserved
