Healthcare data is now more valuable to cybercriminals than credit card details | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


Medical records, diagnoses, biometric data… Over a lifetime, we generate a vast amount of healthcare information about ourselves—data that, by its very nature, remains linked to us permanently.

It is precisely this permanence that has increased its value on illegal marketplaces used by ransomware groups, access brokers and networks specialising in digital fraud.

The growing digitalisation of hospitals, clinics and insurers has also significantly expanded the attack surface.

Criminals have refined their methods for profiting from the theft, sale and extortion of highly sensitive information.

Ransomware accounts for more than a third of criminal activity

The latest analysis by TrendAI shows that ransomware now accounts for 36.3% of all activity detected on underground marketplaces linked to the healthcare sector.

The attacks are no longer limited to encrypting servers and demanding a ransom. Threat actors now also extract large volumes of data before locking systems and use the stolen information as leverage.

They threaten to publish or sell the stolen files if the affected organisation refuses to pay.

This double-extortion strategy considerably increases the financial, reputational and legal impact on hospitals, laboratories and healthcare providers.

“Unlike a credit card, a patient’s diagnoses, treatment history or biometric data cannot be cancelled and reissued. This makes healthcare organisations particularly attractive to ransomware groups and data brokers,” explains José de la Cruz, Technical Director at TrendAI Iberia.

A Highly Organised Underground Economy

The study describes a criminal ecosystem that operates like a full-fledged supply chain.

At the first stage are initial access brokers, who specialise in finding vulnerabilities and selling entry points into corporate networks.

Ransomware groups then use that access to infiltrate networks, extract documents and encrypt the affected systems.

Finally, specialised marketplaces sell medical records, login credentials, insurance data and complete identity packages, known in criminal circles as “fullz”.

This division of labour allows each criminal organisation to focus on a specific part of the process, making attacks more efficient and profitable.

Medical records command exceptional value

Clinical records contain some of the most comprehensive sets of personal information available.

A single file may include identifying details, official documents, insurance policies, diagnoses, treatments, medical history, information about mental health and substance use, and even medical imaging.

This wealth of information can enable several types of fraud at once.

Cybercriminals can use it to commit identity theft, submit fraudulent insurance claims, forge prescriptions or impersonate someone else to obtain medical treatment.

Certain diagnoses or particularly sensitive details can also be used to extort victims directly.

A single attack can affect hundreds of organisations

Another trend identified in the report is the growing focus on providers of electronic health record platforms and digital medical record systems.

When one of these services is compromised, the breach can spread to numerous healthcare facilities using the same technology platform.

This multiplier effect makes these providers prime targets for criminal groups, as a single intrusion can offer indirect access to hundreds of hospitals, clinics and medical practices.

So how can this information be protected? Healthcare organisations need continuous vulnerability management, network segmentation, multifactor authentication and incident response plans capable of rapidly containing an attack.

Medical records, diagnoses, biometric data… Over a lifetime, we generate a vast amount of healthcare information about ourselves—data that, by its very nature, remains linked to us permanently.

It is precisely this permanence that has increased its value on illegal marketplaces used by ransomware groups, access brokers and networks specialising in digital fraud.

The growing digitalisation of hospitals, clinics and insurers has also significantly expanded the attack surface.

Criminals have refined their methods for profiting from the theft, sale and extortion of highly sensitive information.

Ransomware accounts for more than a third of criminal activity

The latest analysis by TrendAI shows that ransomware now accounts for 36.3% of all activity detected on underground marketplaces linked to the healthcare sector.

The attacks are no longer limited to encrypting servers and demanding a ransom. Threat actors now also extract large volumes of data before locking systems and use the stolen information as leverage.

They threaten to publish or sell the stolen files if the affected organisation refuses to pay.

This double-extortion strategy considerably increases the financial, reputational and legal impact on hospitals, laboratories and healthcare providers.

“Unlike a credit card, a patient’s diagnoses, treatment history or biometric data cannot be cancelled and reissued. This makes healthcare organisations particularly attractive to ransomware groups and data brokers,” explains José de la Cruz, Technical Director at TrendAI Iberia.

A Highly Organised Underground Economy

The study describes a criminal ecosystem that operates like a full-fledged supply chain.

At the first stage are initial access brokers, who specialise in finding vulnerabilities and selling entry points into corporate networks.

Ransomware groups then use that access to infiltrate networks, extract documents and encrypt the affected systems.

Finally, specialised marketplaces sell medical records, login credentials, insurance data and complete identity packages, known in criminal circles as “fullz”.

This division of labour allows each criminal organisation to focus on a specific part of the process, making attacks more efficient and profitable.

Medical records command exceptional value

Clinical records contain some of the most comprehensive sets of personal information available.

A single file may include identifying details, official documents, insurance policies, diagnoses, treatments, medical history, information about mental health and substance use, and even medical imaging.

This wealth of information can enable several types of fraud at once.

Cybercriminals can use it to commit identity theft, submit fraudulent insurance claims, forge prescriptions or impersonate someone else to obtain medical treatment.

Certain diagnoses or particularly sensitive details can also be used to extort victims directly.

A single attack can affect hundreds of organisations

Another trend identified in the report is the growing focus on providers of electronic health record platforms and digital medical record systems.

When one of these services is compromised, the breach can spread to numerous healthcare facilities using the same technology platform.

This multiplier effect makes these providers prime targets for criminal groups, as a single intrusion can offer indirect access to hundreds of hospitals, clinics and medical practices.

So how can this information be protected? Healthcare organisations need continuous vulnerability management, network segmentation, multifactor authentication and incident response plans capable of rapidly containing an attack.


——————————————————-


Click Here For The Original Source.

National Cyber Security

FREE
VIEW