Why criminals care about health records

Some have emailed me asking why criminals would even care about Personal Health Information (PHI).  Sure, it’s private information but what use is it to a criminal?

The Digital Health Conference last year discussed this question and a panel of cybersecurity specialists determined that a single PHI record is worth $50 on the black market.  This is the same value given by Pam Dixon, executive director of the World Privacy Forum in a 2007 interview.  So what makes these records worth $50, a value higher than that of social security numbers or credit card information?

Criminals can use a health record to make fake medical claims, purchase prescriptions or receive treatment under a false name.  Since medical information cannot be “canceled” as easily as a credit card number, criminals have a much larger window in which to exploit the information.

For these reasons, PHI records are a tempting target for criminals, especially with the rising costs of health care.  So, yes, you should be concerned about the disclosure of your medical records because it does present a real threat to patients. This is why it is so important for organizations that handle PHI to have adequate security controls in place whether they’re clinics, medical billing, insurance providers, or business associates.  Adhering to HIPAA helps but being compliant doesn’t necessarily mean you are secure.



About The Author


Eric Vanderburg

Eric Vanderburg is an author, thought leader, and consultant. He serves as the Vice President of Cybersecurity at TCDI and Vice Chairman of the board at TechMin. He is best known for his insight on cybersecurity, privacy, data protection, and storage. Eric is a continual learner who has earned over 40 technology and security certifications. He has a strong desire to share technology insights with the community. Eric is the author of several books and he frequently writes articles for magazines, journals, and other publications.

1 Comments

  1. Let me add my congratulations to the mix. I look forward to finding out how you meet the new set of challenges you will face. I expect that you will soon provide a model for the rest of industry to follow. Be sure to write about it.

Leave a Reply