22 August 2019

Your health data being sold online for peanuts


Thieves of big data from digital healthcare systems are happy to wait months or even years to re-sell that information on online forums, cyber experts say.

A report recently published by a US-based cyber security company called FireEye, has found that multiple healthcare databases, all of which had encountered historical data breaches, risked that data being sold and resold much later down the track, and often for less than $2000 a time.

The FireEye report is based on an annual investigation into online security and malicious activity against international healthcare systems.

FireEye said the timing of the advertisements for stolen data did not typically correlate with the timing of a reported data breach.

“Many of the observed advertisements were for databases that had been compromised in previous months or years,” FireEye said.

Two databases currently being advertised were of Australian origin, and both were listed by an internet pirate under the pseudonym “the.joker aka Achilles”.

The most recent local offering, listed in February this year, was a database containing 130,000 records from an unnamed Australian healthcare institution. The data contained credit-card information and some limited personally identifiable information. The asking price was $US1500.

Another listing, from December last year, was for records from an Australian healthcare institution containing the data of almost 12,000 employees. This was for sale priced at $US500. FireEye did not reveal whether the data was subsequently purchased, or how many times the vendor managed to sell it.

“Actors buying and selling [personally identifiable information] and [protected health information] from healthcare institutions and providers in underground marketplaces is very common, and will almost certainly remain so due to this data’s utility in a wide variety of malicious activity, ranging from identity theft and financial fraud to crafting of bespoke phishing lures,” FireEye said.

The report also noted these cyber breaches were not only carried out by individuals, but also by nation states looking to steal research or gather records for  intelligence operations.

In April this year, several researchers from the University of Texas’s MD Anderson Cancer Research centre were dismissed following concerns over the theft of medical research on behalf of the Chinese government.

“Similar to other examples we have witnessed, cyber-enabled theft of medical data and research is likely one component of a broader strategy by China at acquiring key innovations and technology,” FireEye said.

And previous reports established that healthcare was the third-highest industry to be re-targeted following an initial data breach. Mr Luke McNamara, a principal analyst at FireEye, said the report was of importance for hospital administrators, practice administrators and others who were in charge of securing patient data.

“It also shows how those working in sub-sectors of the field – such as researchers – may face more specific threats because of the nature of their work.”