NewsYour Health Matters

Actions

Why are hospitals vulnerable targets to cybercriminals?

Patient health records can go for $1,000 on internet, security expert says
Posted
and last updated

WEST PALM BEACH, Fla. — Why would a hospital be a target of a computer hacker?

Cybersecurity experts said the health care industry has been a bullseye for hackers, specifically during the pandemic.

Access to health care records is considered incredibly valuable, going for as much as $1,000 on the dark web.

"We've seen about a 71% increase in cyberattacks just specifically in the health care sector," said Tony Sabaj, director of Security Engineering at Check Point Software.

RELATED: Push for tighter cybersecurity has side effects for workers, shoppers

Over the last two years, Sabaj has noticed the health care industry has been vulnerable to hackers.

"The pandemic has caused, specifically hospitals and health care delivery organizations, to be spread very, very thin," Sabaj said. "They're under a lot of stress and constraint right now."

Tony Sabaj, Director of Security Engineering at Check Point
Cybersecurity expert Tony Sabaj explains why personal information hacked from hospitals can be lucrative for criminals.

This comes as Tenet Health confirms a "cybersecurity incident"crippled the phone and computer systems at St. Mary’s Medical Center and Good Samaritan Medical Centers in West Palm Beach.

It's unclear whether patient information was compromised.

"A complete health record of an individual may go for $1,000 or so on the dark web," Sabaj said. "Even a complete credit card information may only go for $5 and a Social Security number may be only goes for $1."

RELATED: Find out if you are using the most hacked passwords

Sabaj said criminals can use health records to launch targeted cyberattacks on the public.

"They can use that stolen data to actually get prescriptions and sell it on the black market or something as nefarious as saying, 'Oh, I've got a list of dementia patients. I'm gonna go target dementia patients.' It's sad," Sabaj said.

The federal government is taking aim at data breaches with new aggressive mandates.

RELATED: Experts fear more large-scale ransomware attacks will occur in 2022

Last month, President Joe Biden signed legislation requiring 16 critical sectors -- including health care -- to report data breaches to the Department of Homeland Security within 72 hours of when it's known to the organization.

Sabaj warns that cybercriminals are becoming more complex in their attacks, making it essential for organizations to keep strong security standards in place.