The latest victim of another data breach in the health industry is Roper St. Francis Hospital (RSFH), South Carolina, US, here they had disclosed that up to 6,000 patients’ medical records and other private information were compromised. One of the most valuable data being sold in the black market and the dark web are medical records. It might seem unlikely that these kinds of information have value to anyone aside from doctors and patients. Still, in actuality, hackers have used stolen medical data to target people that are more susceptible to cyber hack campaigns and attacks.
Healthcare data is precious because, aside from medical test results, it usually contains many important Personally identifiable information (PII) like credit card info, full names, addresses, email addresses, social security numbers, and many others. Sadly, the majority of medical organizations are identified to have little investment in the cybersecurity space and security infrastructure. That resulted in the medical industry being the hardest by cybercriminals that operate globally.
Based on the report from the official of Roper St. Francis Hospital, South Carolina, an unknown cyber-attacker managed to exfiltrate the private data of 6000 patients by using an employee’s compromised email account to gain access to their system.
The said security breach happened between June 13 to June 17. Unfortunately, it was only till July 8 that the breach was discovered.
Officials from Roper St. Francis hospital disclosed that the leaked data include full names, date of birth, patient’s medical record, Social Security numbers, and insurance information. Not all Roper St. Francis Hospital patients are affected by the data breach. Clients can determine if the hackers have been able to get hold of their data by calling a toll-free hotline dedicated to patients at 1-888-498-0916 beginning September 4 onwards.
These kinds of medical records are ‘hot’ and known to get sold up to 20 times worth of credit card information and around $1000 at the black market and dark web.
The best and immediate mitigation of such data breach and attack includes improving email security protection systems and endpoint security, as well as ensuring that employees and staff are made aware for them to recognize possible intrusions and phishing campaigns.