Cyberattacks and the Value of Medical Data

On July 20, 2018, SingHealth, a Singapore healthcare institution consisting of four public hospitals, five national specialty centers and a network of nine polyclinics, reported that it had been the target of a cyberattack resulting in the information of around 1.5 million individuals being compromised.

This is not an isolated incident as statistics compiled from the U.S. Department of Health and Human Services (HHS) indicate that more breaches involving healthcare data were reported in 2017 than any other year since records first started being published. In Experian’s 2018 Data Breach Industry Forecast, Experian noted that from January through June of 2017, 233 healthcare data breach incidents were reported to HHS, the media or state attorney generals. For the 193 attacks for which there are numbers, 3,159,236 patient records were affected. In a 2016 Data Breach Industry Forecast, Experian predicted that healthcare companies remain one of the most targeted sectors by attackers, driven by the high value that compromised data can command on the black market, along with the continued digitization and sharing of medical records.

Forbes reported that, on the black market, the going rate for a social security number is 10 cents and a credit card number is 25 cents, while electronic medical health records could be worth hundreds or even thousands of dollars because such medical data contains a wealth of exploitable information, such as names, addresses, work history, family member names, financial information, as well as more sensitive information relating to medical history.

 

Shuchen Gong
Shuchen Gong is an associate in our San Francisco Office. Her practice focuses on the preparation and prosecution of patent applications. Shuchen received her law degree from Cornell Law School and her B.S. in Chemistry and B.A. in Economics from the University of California, Berkeley. Shuchen joined the firm in 2017.
View all posts published by Shuchen Gong »

Leave a Reply

By using this blog, you agree and understand that no information is being provided in the context of any attorney-client relationship. You further agree and understand that nothing herein is intended to be legal advice. This blog is solely informational in nature, and is not intended as, and should not be used as, a substitute for competent legal advice from a retained and licensed attorney in your state. Knobbe Martens LLP makes no representations or warranties as to the accuracy, completeness, timeliness or availability of the information in this blog. Knobbe Martens LLP will not be liable for any injury or damages relating to your use of, or access to, any such information. Knobbe Martens LLP undertakes no obligation to correct or update information on this blog, which may be incorrect or become incorrect or out of date over time. Knobbe Martens LLP reserves the right to alter or delete content or information on the blog at any time. This blog contains links and references to other websites and publications that you may find of interest. Knobbe Martens LLP does not control, promote, endorse or otherwise have any affiliation with any other websites or publications unless those websites or publications expressly state such an affiliation. Knobbe Martens LLP further has no responsibility for, and makes no representations regarding, the content, accuracy or any other aspect of the information in such websites or publications.