Cyber-Physical Attacks and the Value of Healthcare Data: Facing an Era of Cyber Extortion and Organised Crime

  • Jaime Ibarra
  • Hamid JahankhaniEmail author
  • Stefan Kendzierskyj
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)


Cybercrime has reached to a level that any cyber-attack can cause great levels of extortion. With the support of technology, healthcare organisations have been able to enhance medical treatment assuring better solutions to improve lifestyle of people. Likewise, criminals are attracted to the information allocated within hospital and clinics regardless of physical or digital storage. Electronic Health Records (EHR) are the most important asset in healthcare and criminals are aware of their value in the black market, including the dark web. This paper analyses the impact of cyber-attacks to healthcare organisations including methods used by criminals to enhance their anonymity, and the value of healthcare data nowadays. It studies blockchain, The Onion Router (TOR) and other common tools to ensure security and privacy while navigating through the internet and the reason why cybercriminals take advantage of the dark web to sell stolen information from hospitals in order to get higher financial gain. It also looks at the levels of extortion that is caused to organisations and how people are compromised.


Cybercrime Cyber attack Electronic health records EHR TOR Blockchain Virtual private network Proxy Anonymity Extortion Dark net Black market Personal identifiable information PII Internet of things Cloud computing Deep web Dark web Attacker Clinical trial Medical treatment Endpoint security Network security Ransomware Information theft Denial-of-service Cryptomalware Cryptocurrency Cryptomining Track covering Encryption 


  1. Casteel K (2018) The DOJ wants to stop drug sales on the dark web, but that’s a tough task. [online] FiveThirtyEight. Available at: Accessed 13 Nov 2018
  2. Catarinucci L, De Donno D, Mainetti L, Palano L, Patrono L, Stefanizzi ML, Tarricone L (2015) An IoT-aware architecture for smart healthcare systems. IEEE Internet Things J 2(6):515–526CrossRefGoogle Scholar
  3. (2018) What is a clinical trial?. [online] Available at: Accessed 22 Nov 2018
  4. De Moor G, Sundgren M, Kalra D, Schmidt A, Dugas M, Claerhout B, Karakoyun T, Ohmann C, Lastic PY, Ammour N, Kush R (2015) Using electronic health records for clinical research: the case of the EHR4CR project. J Biomed Inform 53:162–173CrossRefGoogle Scholar
  5. Ducato R (2016) Cloud computing for s-health and the data protection challenge: getting ready for the general data protection regulation. In: Smart cities conference (ISC2), 2016 IEEE International, IEEE, pp 1–4Google Scholar
  6. Francis R (2018) Healthcare records for sale on dark web. [online] CSO Online. Available at: Accessed 13 Nov 2018
  7. Illmer A (2018) Social media: a cybercrime hunting ground. [online] BBC News. Available at: Accessed 23 Nov 2018
  8. Islam SR, Kwak D, Kabir MH, Hossain M, Kwak KS (2015) The internet of things for health care: a comprehensive survey. IEEE Access 3:678–708CrossRefGoogle Scholar
  9. Leukfeldt ER, Kleemans ER, Stol WP (2016) Cybercriminal networks, social ties and online forums: social ties versus digital ties within phishing and malware networks. Br J Criminol 57(3):704–722Google Scholar
  10. Mendelson D (2017) Legal protections for personal health information in the age of big data – a proposal for regulatory framework. Ethics Med Public Health 3(1):37–55CrossRefGoogle Scholar
  11. Moubarak J, Filiol E, Chamoun M (2017, October) Comparative analysis of blockchain technologies and TOR network: two faces of the same reality? In: Cyber security in networking conference (CSNet), 2017 1st. IEEE, pp 1–9Google Scholar
  12. (2018) Clinical trials. [online] Available at: Accessed 22 Nov 2018
  13. O’Connor Y, Rowan W, Lynch L, Heavin C (2017) Privacy by design: informed consent and internet of things for smart health. Procedia Comput Sci 113:653–658CrossRefGoogle Scholar
  14. O’Flaherty K (2018) Why cyber-criminals are attacking healthcare – and how to stop them. [online] Forbes. Available at: Accessed 23 Nov 2018
  15. Paterson A (2018) How cybercriminals are using blockchain to their advantage|SecurityWeek.Com. [online] Available at: Accessed 13 Nov 2018
  16. Rushanan M, Rubin AD, Kune DF, Swanson CM (2014, May) SoK: security and privacy in implantable medical devices and body area networks. In: Security and privacy (SP), 2014 IEEE symposium on. IEEE, pp 524–539Google Scholar
  17. Seleman M (2018) Ransomware ravages healthcare: cryptoviral extortion in the healthcare sectorGoogle Scholar
  18. Shu IN, Jahankhani H (2017) The impact of the new European General Data Protection Regulation (GDPR) on the information governance toolkit in health and social care with special reference to primary care in England. In: Cybersecurity and cyberforensics conference (CCC), IEEE, pp 31–37Google Scholar
  19. Sky News (2018) Web creator sir Tim Berners-Lee: I see a revolution. Starting right now. [online] Available at: Accessed 24 Nov 2018
  20. Snell E (2018) How healthcare organizations can reduce cyber extortion risk. [online] HealthITSecurity. Available at: Accessed 13 Nov 2018
  21. Stofko L (2018). How are the deep web and dark web affecting healthcare today? [online] CIO. Available at: Accessed 13 Nov 2018
  22. Weng C, Li Y, Ryan P, Zhang Y, Liu F, Gao J, Bigger JT, Hripcsak G (2014) A distribution-based method for assessing the differences between clinical trial target populations and patient populations in electronic health records. Appl Clin Inform 5(2):463CrossRefGoogle Scholar
  23. Whitmore A, Agarwal A, Da Xu L (2015) The internet of things – a survey of topics and trends. Inf Syst Front 17(2):261–274CrossRefGoogle Scholar
  24. Yao M (2018) Your electronic medical records could be worth $1000 to hackers. [online] Forbes. Available at: Accessed 13 Nov 2018
  25. Yip M, Webber C, Shadbolt N (2017) Trust among cybercriminals? Carding forums, uncertainty and implications for policing. In: Policing cybercrime. Routledge, London, pp 108–131CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Jaime Ibarra
    • 1
  • Hamid Jahankhani
    • 1
    Email author
  • Stefan Kendzierskyj
    • 1
  1. 1.London CampusNorthumbria UniversityLondonUK

Personalised recommendations