N.J. Breaches Shine Light on Patient Data Black Market
Several published reports this week confirmed the data of about one million patients at New Jersey medical facilities has been compromised since 2009.
According to a database kept by the U.S. Department of Health and Human Services, since 2009, there have been 14 breaches of patient information in New Jersey, involving 17 different facilities. While some breaches were cyber initiated, much patient information reportedly also was lost due to missing CDs and stolen laptops.
In response, leaders of a number of companies that specialize in preventing healthcare information technology breaches released statements on how to avoid and prepare for them in the future. They also offered stern warnings about the rapidly evolving and ever-changing Black Market, or Darknet, for valuable healthcare consumer data.
According to Richard Blech, CEO and co-founder of Secure Channels:
"This breach like many of the others that have occurred are going to continue with the same pattern and results so long as these institutions that hold consumer sensitive data treat the protection of said data as an afterthought. The insider threat is now commonplace as a result of pure economics. The black market value of stolen customer data is fluid and high, and the payoff for the insider is just too tempting. Institutions know this, yet believe that they either don't need to protect the data or that they sufficiently have at the perimeter.
SEE ALSO Leveraging Security Policy in Health IT
“In this case - as with the other breaches - advanced encryption should have been utilized at all points in their infrastructure to fully protect that sensitive data. Doing this would allow only authorized users to access and decrypt sensitive data on an as-needed, immediately tracked basis, tightly containing the data's availability. The thief would have stolen deeply encrypted data, which would have been only useless bit and bytes to them."
John Gunn, VP of Communications with VASCO Data Security International, added this warning:
"This [breach in New Jersey] underscores the transformation that has happened in the market for data theft. Social Security Numbers have become the primary high-value target that hackers are after because they are worth ten times as much as credit cards and they are protected by a fraction of the security of banking assets. Perhaps more significant, we can see firsthand how secondary markets for stolen information have matured so much that regular individuals now have access and can readily sell stolen data such as social security numbers and credit cards - the darknet is evolving into a craigslist for stolen assets."