Roper St. Francis Hospital (RSFH) has reported that 6,000
patients are directly affected by a data breach that allowed attackers to steal
their medical records and other personal information.
Healthcare private data is one of the most valuable
commodities on the black market. It might seem odd that medical information is
useful for anyone other than the patients and doctors, but reality points in
the other direction.
One reason why healthcare data is so valuable is that it
usually contains much more than just lab results. Hospitals gather Social
Security numbers, credit card information, real names, addresses, emails, etc.
And, since healthcare institutions invest very little in cybersecurity, the industry
is one of the hardest hit.
According to an ABC4News report,
officials from Roper St. Francis Hospital in Charleston, South Carolina, data
on 6,000 patients was stolen by an unknown attacker who gained access through
an employee’s email. The security breach occurred between June 13 and June 17,
but it was only discovered on July 8.
Hospital officials say leaked information contained
names, birth dates, detailed medical records, insurance information and Social
Security numbers. Not all RSFH patients have been affected, but people can
determine if attackers got their data by calling a toll-free call center for
more information for patients at 1-888-498-0916, starting September 4.
Such medical records are usually worth up to 50 times
more than credit card information, and it has been known to reach $1,000 on the
black market. The only immediate mitigation includes improving email and
endpoint security and training employees to recognize intrusions and phishing
campaigns.