Why are hackers interested in people’s medical history?

A few days ago, information security specialists reported a massive data breach in American Medical Collections Agency (AMCA) that affected nearly 20 million patients in U.S. clinical companies; according to experts, records of credit cards and stolen clinical details may be sold for negligible amounts (less than $50 USD). 

What is the reason for the growing interest of hackers in people’s medical information? Unlike a credit card, which can be reported by theft, it is virtually impossible for a person to be able to notify the theft of their Social Security number or change their date of birth, address or clinical history.

This situation can generate scenarios of greater risk for the victims than the theft of financial information, because it jeopardizes the health of those involved. This is why information security experts believe that protecting people’s medical information should become a priority for hospital administrators. 

Some of the possible malicious activities that hackers can perform using medical information from victims are explained below; this research was conducted by tracking various hacker forums on dark web.

The victim’s banking details, in conjunction with confidential information, such as medical records, may be used to perform fraudulent transactions. Hackers are especially interested in medical information for children and young people, as they do not have a negative credit history to apply for credits on their behalf.

Another common practice among cybercriminals is the use of stolen medical records to get controlled drugs and specialized medical supplies illegally.

One of the new trends detected by information security experts is the theft of medical information from deceased people. One of the hacker forums in which this practice was detected had more than 60k records, including the date of death of people.

According to the experts, the main reason that hackers are interested in the medical history of deceased people is because, in case of committing fraud, the chances of retaliation against criminals are minimal.

It is worth mentioning that this information is not only of interest to the threat actors; Research and hospital centers can also abuse stolen information for their internal practices, and insurance companies can use these records to make elaborate profiles of potential customers.

Finally, the specialists mention that blackmail may be one of the harmful practices that take advantage of people’s stolen medical information. Blackmail using this kind of information has become a headache for many people, especially for celebrities.

The specialists from the International Institute of Cyber Security (IICS) consider that these kinds of risks could be mitigated if the companies that protect this sensitive information implement better mechanisms of protection of information, like the multi-factor authentication and restriction of access to company databases to employees who do not require it.