The importance of securing personally identifiable data has been emphasised once again. Allegedly a large US insurance company has been breached by a zero-day attack (the exploiting of an undisclosed software vulnerability), leading to the theft and compromise of millions of medical records. The hacker, going by the name of ‘Dark Overlord’, indicates that the data is in plain text, allowing one to believe that the records were neither encrypted nor secured.

It has been suggested that this 2GB database of medical records, in the region of 10 million of them, are for sale on the dark web (a portion of the internet not indexed by search engines) where illegality prospers. The data is said to include names, physical addresses, email addresses, phone numbers and social security numbers of millions of individuals.

Last year a US health insurance company, Anthem, were hacked and the personal data of 80 million US citizens was compromised-these notable attacks are becoming more and more evident.

Such hacking attacks are on the rise and will continue to grow. There is mounting demand for personally identifiable data, especially records such as these. It’s recognised to hold great value in the black market and medical records are now a commodity. Medical records are easier for hackers to obtain, with lower risk but higher reward. With the demand for this data high and the attributed profits even higher, these attacks will only continue to transpire.

Hackers are more interested in stealing medical data than ever before and the risk to governments and organisations (hospitals, insurance companies, laboratories, educational institution etc.) that are processing and holding this data has never been greater. Medical records include volumes of personal identifiable information and hence holds a much larger price tag than other data being sold in the black market, credit card details for example. Typically, the networks of medical institutions, governments and such organisations are interlinked and convoluted, increasing the expanse for attack. Furthermore, security vulnerabilities tend to often exist within these networks, IT systems and software and are therefore easily exploited.

Although this particular data hoard, for sale, has not yet been confirmed as real (the sum asked, for the data, indicates that it is likely to be genuine), these types of attacks and compromise of medical records and other personally identifiable data is becoming common place. Take action now to ensure that all personally identifiable data remains secure as the repercussions, both financial and to an organisations reputation, from an incident such as this, are excessive.


International Business Times

SC Magazine