Why Hackers Love Patient Records and What to Do About It

You might have heard a lot about data breaches in the healthcare industry and how those who fail to deliver the required security are seriously penalized. You might wonder why this is so. Well, your patient information is valuable and confidential information that all those involved in the healthcare industry are required to protect at all costs. After all, to a hacker, the health record of the patient is worth much more than their credit card details!

What Do They Do with Patient Records?

The worth is not in the records itself but what hackers can do with them. The vice-president of HIPAA services provided by SecurityMetrics in Orem, Troy Tribe, sheds light on this. According to him, a patient’s healthcare records are valuable because those who get it can use it to make fraudulent insurance claims. Before you realize what is happening, they are able to gain insurance payments ranging from $7000 to $10,000! It is not necessary that the hackers involved in these fraudulent activities are acting on their own. They might even sell the data in the black market. Each record can be sold at a price of $60. This is much higher than what you get for selling credit card data of a single individual. There have also been reports about hackers using the records for themselves. Rather than selling it on the black market, they can use the record to buy medical equipment and drugs. These equipment and drugs are then resold at a higher price.

The Cost to the Practices Involved

If there is a data breach at your practice, the cost you have to bear is quite a lot. A report was published for IBM in 2017 that suggested that the loss of data and medical records can cost a healthcare firm a whopping $380 per record.

Understanding Hackers of Today

The hackers today are much more advanced and organized than those of the past. Even though you might have your own set of hackers working for you to secure your data, know that those you are dealing with are likely to be much more organized and skilled. According to Tribe, companies that indulge in hacking tend to have a maximum of 9 employees at the most. Each of these employees is given quotas on how many records they should get. Depending on their performance, they get bonuses and compensations. So, you can see how this black-market industry is just as organized as the rest of the corporate world.

How Do Hackers Access Healthcare Systems?

A lot of companies offer remote access to their employees in order to allow them to work outside of the facility. These ports, when left opened, can provide hackers the opportunity they need to hack into the system. All they need to do is decode your username and password, and they are in! As per Tribe, it was found that a lot of employees made use of the same username and password across different services, including for their company. For instance, if you use the same login details for your Facebook and bank account, a hacker who gets into one account can open it all. How do hackers get into any one of these accounts? They do so via “phishing.” This occurs when you are lured into clicking seemingly safe links which are, in reality, malware. Phishing can also be used on its own to access the healthcare system. You might get such emails in your official emails as well.

How to Protect Your Practice from Hackers

Here are some steps you can take to prevent the leak of confidential information:

  • Train your business partners and employees to know the threats they are likely to be faced with. Make sure they know what phishing is. They should know how to detect such emails. Make sure you make these training sessions short and brief. It is better to have a short session each month than a long one every year.
  • Let them know they can’t use the same name and password for their personal emails and bank accounts. Also, give each employee a unique username and password rather than have everyone use the same password. Don’t opt for generic options like “admin.”
  • Keep changing the password of each employee on a regular basis. Make sure it expires often so that the security is maintained.
  • When your system detects instances when a given user has failed to type the correct information a few times in a row, lock the account.
  • Opt for multi-factor authentication if you aren’t using it already. This makes it harder for hackers to access accounts. It comes into action when the system recognizes a new computer device. It might require options like using fingerprint or putting in a code that has been sent to your phone to open the account.
  • Rather than doing it all in-house, hire a security firm to check your security system. See what your weaknesses are and work on your vulnerabilities based on the report.
  • Don’t rely on an antivirus software to protect you and your practice. Not all such software work and even if they do, they are not enough.


Just because hackers love medical records doesn’t mean you can’t protect your practice from consistent attacks. Adopt the right strategies and protect your patient’s records. Trust us when we say that you are avoiding a lot of costs in doing so.