NHS cyber attack: Why stolen medical information is so much more valuable than financial data

'Medical information can be worth ten times more than credit card numbers on the deep web'

Aatif Sulleyman
Friday 12 May 2017 16:55 BST
Comments
Ransomware appears to be at the heart of the problem
Ransomware appears to be at the heart of the problem (Reuters)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The NHS has been plunged into chaos after being attacked by cyber criminals, who could go on to sell patients’ stolen data for huge amounts on the Dark Web.

Medical records can be much more valuable to criminals than financial data, as they allow them to take time to plot their next moves.

Patients who have had their medical information stolen might not realise it’s even happened until the attackers have already set their plans in motion.

“The main reason medical institutions and the NHS are targeted is because they have vast amounts of patient data at their disposal,” says Jean-Frederic Karcher, the head of security at communications provider Maintel. “Hackers can sell large batches of this personal data for profit on the black market.

“Medical information can be worth ten times more than credit card numbers on the deep web. Fraudsters can use this data to create fake IDs to buy medical equipment or drugs, or combine a patient number with a false provider number and file fictional claims with insurers.

“Consumers often discover their credentials have been stolen a long time after fraudsters have used their personal medical ID to impersonate them and obtain health services.”

Credit card data theft, on the other hand, can be quickly reported to banks, which can act immediately.

The exact details of the attack and how much data was accessed remain unclear for now, but ransomware appears to be at the heart of the problem.

As ransomware attacks tend to rely on some degree of social engineering, people should take care to avoid opening any email messages that look in any way suspicious.

Kaspersky also recommends visiting No More Ransom, a joint initiative created to help victims of ransomware retrieve their encrypted data without having to pay the criminals.

“Personal data is extremely valuable and healthcare records tend to be the most prized by attackers,” says Richard Anstey, the CTO of Synchronoss.

“Add to that the rise of crypto-currencies and medium of the Dark Web and you have a perfect storm for malicious actors to trade in this type of data. We are in an especially vulnerable time because of the early stage of adoption of electronic health records.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in