Medical records are now more valuable to cyber hackers than credit card information, a British expert in healthcare IT has warned.
Speaking at the Hay Festival of Arts and Literature, former Deputy Chair of the UK National Health Service (NHS)’s Digital unit Sir Nick Partridge said: “Systems [to protect patient’s medical records] are there, but there’s a growing understanding that patient records are now much more valuable on the dark web than credit card ratings.
“They sell for more money so we can only expect this level of cyber attack to increase in a very fragmented NHS, and it’s going to be a growing challenge.”
Partridge was speaking just weeks after the NHS was crippled by the WannaCry ransomware virus, which infected hundreds of thousands of computers all over the world.
Cyber criminals can use stolen medical records to commit identity theft, using patient details to fraudulently apply for fakes IDs and financial products such as credit cards and loans.
More worryingly, healthcare files can also be used to blackmail patients who might have suffered from an embarrassing condition such as a sexually-transmitted disease, or undergone some form of cosmetic surgery.
It emerged last week that 25,000 private images stolen in a cyber attack from a Lithuanian cosmetic surgery had been posted online.
Along with the pictures, some of which were of an intimate nature, passport and credit card details were also stolen from the Grozio Chirurgija clinic.
Hacking collective the Tsar Team had demanded ransoms from clients of the clinic after uploading a sample of the stolen images in March, but appears to have made good on its threat to dump the whole database.
The insecurity of healthcare IT systems has raised concerns among security experts for a number of years, with many warning that the increasing use of leaky IoT devices in medicine could put patients’ privacy at risk.
It has also been suggested that cyber criminals could use hijacked connected medical devices to kill people. Researchers have warned hackers could take control of connected devices on which people’s lives depend – such as pacemakers or insulin pumps – and tamper with their settings, resulting in the loss of life.
A recent US study revealed that 67% of medical device manufacturers and 56% of healthcare organisations believe an attack on a device they have either built or use is likely within the next year.
“The security of medical devices is truly a life or death issue for both device manufacturers and healthcare delivery organisations,” said Dr Larry Ponemon, Chairman and founder of the Ponemon Institute, which carried out the poll.
“According to the findings of the research, attacks on devices are likely and can put patients at risk. Consequently, it is urgent that the medical device industry makes the security of its devices a high priority.”