Healthcare Data: The biggest Treasure for Hackers by Emma Salvador


Despite the many technology innovations and internet of things advancements, several hospitals are still relying on outdated computer systems. The ageing technology might prove to be cheaper for their hospitals but the threat of losing the data is greater. Many warnings have also be given by FBI to hospital operators over possible cyber attacks and threat to personal medical records of patients. However, lack of any data protection measures result in breaches of data.

The biggest threat is to the U.S healthcare industry that is pegged in millions. This is mainly because the industry still has many hospitals that rely on outdated and ageing technologies that make them vulnerable to these cyber attacks.

What Makes the Healthcare Industry So Desirable For Hackers

Instead of targeting financial institutions and banks for their personal data, hackers are increasingly targeting healthcare industry. Health data of millions of patients are sold for huge profits. This is a ripe industry for hackers to make money. But you might wonder what would be the potential use this stolen medical data. These hackers use these personal records from medical devices of the individuals for medical frauds. There are a lot of medical frauds that have come to the fore which are explained below.

Fake Identification Cards

Hackers specially steal the data of patients including their personal information such as name, sex, age, address and background to create fake identification cards. These Id’s are then used to get medications illegally and for other purposes such as to get discounts on medicines and rare drugs.

Re-selling Medicines

There are certain drugs that are not sold over-the-counter and need a prior prescription to buy them. Therefore, hackers or fraudsters steal the data and prescriptions to buy medications illegally and at lower prices using fake identification cards. These illegally bought medications and medical equipments are then sold to dealers at higher profits.

Claiming False Insurance

Insurers are also bearing the brunt of lost data, as hackers are using the stolen data by creating a false patient account and provider number. These details are then used to claim money from health insurers. Hackers tend to file for these claims and the insurer cannot deny the claim based on records thus duping them off a lot of money.

How to Protect Healthcare Data

Instead of investing money into a new MRI machine or other high end medical equipments, hospital operators need to focus on putting money into developing a firewall protection that will protect their data. A number of healthcare providers are still using computer setup that has electronic health records only that can be easily invaded. Therefore, a proper protection wall is required for which the following steps can be taken.

Encrypting the Key Data

Encryption of healthcare data is one of the vital steps to eliminate the chance of data invasion by a hacker. This can be done by using filevault. Here, the data of the hospital patients is encrypted such that the data is translated into codes and other language that is not understandable to a third party and is only accessible to the one who has the password to the secured file. In this way many important records can be saved from attacks.

Difficult Password

Besides getting the data encrypted, setting passwords that are hard to guess needs to be practised. Hackers are even trained to get to your password and you might still lose the data if an easy password is in place. Therefore, passwords using a combination of letters, numbers, words and special characters must be used.

Training Employees To Understand A Potential Threat

The hospital staff must be trained enough to understand any potential threat to their data. For instance, phishing emails are hard to track but still signals such as misspelled words, links and unusual domain names are the key signs that reveal a fraudulent message. Besides, the team must be educated about protecting data using simple yet very important measures such as multi-factor authentication passwords to protect data.

Upgrading Technology

The existing computer technology, the input software can be replaced with upgraded versions. Digital signatures must be used to submit documents before an arrival in order to save time and cyber threats. These documents must then be connected to acloud-based system to store data so that the same can be retrieved later on if required. Proper audits must be conducted to detect any likely breach of security.

The Bottom Line

For healthcare industry, risks associated with cyber attacks are too great to ignore. Apart from taking up the above measures, other simple steps such as limiting the footprint of data, use firewall protection software, using google chrome in incognito mode among others can be followed. Lastly, the patients must also be made aware about possible threats so that they become more conscious about any negligence on their part.


About the Author: 

Emma Salvador, a masters in computer science has knack for computer technologies. Has over 15 years of experience in system security and IoT.


August 20, 2018


Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023