The healthcare sector continues to be a profitable target for cyber threat actors. A recent report from GlobalData estimates that up to 22 million health records have been compromised since the beginning of 2022. In 2021, over 41 million individuals in the US alone were affected by healthcare data breaches according to the US Department of Health and Human services. Ransomware threat groups seek out healthcare industries because they usually are financially stable enough to pay ransoms, and unlike financial or credit card information, healthcare information cannot be changed. This makes follow on phishing campaigns more successful and profitable for threat actors as well. The Globaldata report also projected that cybersecurity spending in the global healthcare industry will increase by $400 million over the next three years. This spending increase is necessary for an industry that is often behind in terms of information security.
Threat actors can leverage stolen medical records to impersonate legitimate patients to commit various forms of fraud, including submitting fraudulent claims to health insurers without authorization. This could not only affect healthcare coverage, but also compromise safety if there is misinformation on file that is needed for medical treatment. Anyone who may have been a victim of a medical data breach should get confirmation from their provider to find out exactly what information was stolen. Change and strengthen any online logins and implement multi-factor authentication. Asking the insurance provider for copies of claims and carefully reviewing explanation of benefits notices can reveal if a patient’s identity has been used fraudulently. This might show if inaccurate health and medical information is present in the patient’s records. Lastly, financial and credit accounts should be monitored closely, as medical insurance information is sometimes used to commit other forms of financial fraud. Placing a credit freeze on file with the credit bureaus and notifying banks or other financial institutions is helpful to prevent fraud when identity theft is suspected.