Close Server: KOPWWW05 | Not logged in

Welcome to Health Care POV | sign in | join
ADVANCE Perspectives: Healthcare Information Professionals

N.J. Breaches Shine Light on Patient Data Black Market

Published May 27, 2015 1:57 PM by ADVANCE Perspectives

Several published reports this week confirmed the data of about one million patients at New Jersey medical facilities has been compromised since 2009.

According to a database kept by the U.S. Department of Health and Human Services, since 2009, there have been 14 breaches of patient information in New Jersey, involving 17 different facilities.  While some breaches were cyber initiated, much patient information reportedly also was lost due to missing CDs and stolen laptops.

In response, leaders of a number of companies that specialize in preventing healthcare information technology breaches released statements on how to avoid and prepare for them in the future. They also offered stern warnings about the rapidly evolving and ever-changing Black Market, or Darknet, for valuable healthcare consumer data.  

According to Richard Blech, CEO and co-founder of Secure Channels:

"This breach like many of the others that have occurred are going to continue with the same pattern and results so long as these institutions that hold consumer sensitive data treat the protection of said data as an afterthought. The insider threat is now commonplace as a result of pure economics. The black market value of stolen customer data is fluid and high, and the payoff for the insider is just too tempting. Institutions know this, yet believe that they either don't need to protect the data or that they sufficiently have at the perimeter.

SEE ALSO Leveraging Security Policy in Health IT

“In this case - as with the other breaches - advanced encryption should have been utilized at all points in their infrastructure to fully protect that sensitive data. Doing this would allow only authorized users to access and decrypt sensitive data on an as-needed, immediately tracked basis, tightly containing the data's availability. The thief would have stolen deeply encrypted data, which would have been only useless bit and bytes to them."

John Gunn, VP of Communications with VASCO Data Security International, added this warning:

"This [breach in New Jersey] underscores the transformation that has happened in the market for data theft. Social Security Numbers have become the primary high-value target that hackers are after because they are worth ten times as much as credit cards and they are protected by a fraction of the security of banking assets. Perhaps more significant, we can see firsthand how secondary markets for stolen information have matured so much that regular individuals now have access and can readily sell stolen data such as social security numbers and credit cards - the darknet is evolving into a craigslist for stolen assets."

You Might Also Like...

Protecting Patient Portal Information

Building best practices for securing electronic heath records accessed online by consumers.

Mitigating Mobile Patient Data Risks

Preventing data breaches is vital to maintaining patient confidentiality in an increasingly wireless world.

Advanced Persistent Threats

Steps to thwart cybercriminals, protect patients and secure critical data.

Securing Vulnerabilities

Strategies to meet meaningful use and HIPAA compliance at the patient point of care.


leave a comment

To prevent comment spam, please type the code you see below into the code field before submitting your comment. If you cannot read the numbers in the image, reload the page to generate a new one.

Enter the security code below:


About this Blog

    ADVANCE Editorial Staff
    Occupation: Editor
    Setting: ADVANCE for Healthcare Information Professionals
  • About Blog and Author

Keep Me Updated