ebook special offer

Is Your Medical Data Safe?

Data has become a commodity that's worth more than silver, gold or platinum. If you exist, your most basic information, buying patterns and movements are all condensed into data and backed up on a server somewhere. 

Companies and websites like Facebook, Instagram, YouTube and Google are some of the largest collectors of this data, but it's not the only database where your data ends up.

Here's more information about medical data, what it's worth to cyber criminals and how medical data can be protected better.

Medical Data For Sale 

Medical data exists if you have ever been through the doors of a clinic or hospital, and information like your name, social security number and even your allergies are backed up on their servers. This information is just as vulnerable to attack as any other information about you - and criminals can apply this in several ways.

Medical data can be sold, bought and traded on the online black market in the blink of an eye: It's worth money for the same reason any other data is.

Information like social security numbers, addresses, phone numbers and full names are right there for the taking.Unfortunately, that's not where it stops.

Data For Ransom

We know that data is worth money. Data often gets sold - legally - to marketing companies and businesses who require a clearer idea of who their customers are. But how much is data worth to its owners and custodians? 

It's not just worth money to marketing companies: It's also worth money to the people who this data is about in the first place, worth money to the companies who guard this data - and worth money to the criminals who are after it. 

Simply, how much would you pay to get ownership of your own, most personal data back? How about the data that belongs to that of your clients, if you oversee a doctor's office or hospital accounts system? Most people would pay anything.This is where scammers and criminals see opportunity.

In the 21st century, we're no longer looking at just sexploitation crimes and stolen sex tapes: Medical data is held for ransom just as often.

Explaining Ransom Hacks: Victims Might Not Know It

The scam is simple: Hackers gain access to data stored on servers - and instead of selling it, they decide to hold it for ransom

The person on the other end of the scam is given a devil's deal: Pay, or the data is compromised, destroyed or made public.

  • Many people might have been embroiled in a deal like this without realizing it: Remember that the majority of medical data is held on external servers, belonging to your doctor, hospital or medical insurance provider - and this scam might have happened before and might have involved your data.  

Victimised? What To Do

Even though most victims of stolen medical data might never know it, here's what to do if you find out that your medical information or records are being held for ransom:

1. Approach the keeper of your medical records with the information you have about the scam. This includes e-mails and the claims regarding your data: If their systems are compromised, they need to know about it.

2. While it might be tempting, don't pay the demands of hackers or criminals: Remember that they hold the bargaining chip that is your data, and they are free to demand anything more afterwards for the same.

3. Approach a cyber security expert: Cyber security experts are never a wasted expense when it comes to keeping your information safe when it has been compromised - and they can often tell you vital information like how your data was compromised (and by whom).

4. Approach your local cyber crime unit immediately: While scammers and criminals tell you never to approach law enforcement, by not doing it you will be playing exactly into their hands - and into the scam. Law enforcement is equipped, both in terms of systems and in terms of expertise, and this makes them the best to deal with these scams, period.

5.Don't believe everything you read. Sometimes scammers and criminals don't even possess the information they claim to - but instead, just have a few key pieces of information like a name, phone number or address which they use to convince people into believing that they have data they don't. Don't be scared into submission!

6. Protect your devices from there. If hackers could gain access to one aspect of your data, they almost certainly can do it again - and protective measures (including regularly changed passwords and updated antivirus software) can help to keep you safe.

7. Don't allow access to your device. Device access is often gained through the use of links, downloaded software, attachments or "apps" that contain the ransomware software or virus - other times, hacks are "old-school" and might rely on a physical Bluetooth connection or USB plugged into a system's computer to install the ransomware. 

8. If you're a service provider or in charge of a system that holds a lot of data, choose smarter passwords - and be aware of what's called "social engineering": Clever offline techniques used to extract information, like phone calls that appear to be from a higher authority, but aren't.

This is a contributor’s article By Alex J. Coyne