Roper St. Francis Hospital (RSFH) has reported that 6,000 patients are directly affected by a data breach that allowed attackers to steal their medical records and other personal information.
Healthcare private data is one of the most valuable commodities on the black market. It might seem odd that medical information is useful for anyone other than the patients and doctors, but reality points in the other direction.
One reason why healthcare data is so valuable is that it usually contains much more than just lab results. Hospitals gather Social Security numbers, credit card information, real names, addresses, emails, etc. And, since healthcare institutions invest very little in cybersecurity, the industry is one of the hardest hit.
According to an ABC4News report, officials from Roper St. Francis Hospital in Charleston, South Carolina, data on 6,000 patients was stolen by an unknown attacker who gained access through an employee’s email. The security breach occurred between June 13 and June 17, but it was only discovered on July 8.
Hospital officials say leaked information contained names, birth dates, detailed medical records, insurance information and Social Security numbers. Not all RSFH patients have been affected, but people can determine if attackers got their data by calling a toll-free call center for more information for patients at 1-888-498-0916, starting September 4.
Such medical records are usually worth up to 50 times more than credit card information, and it has been known to reach $1,000 on the black market. The only immediate mitigation includes improving email and endpoint security and training employees to recognize intrusions and phishing campaigns.