Advertisement

Black Market Value of Patient Data

  • Christina CzeschikEmail author
Chapter

Abstract

Personal health data is a coveted resource for a variety of interested parties. One of these is agents operating in illegal markets, comparable to the black markets on which stolen credit card data and other unlawfully obtained information are sold. Since the safety of personal health data is not only dependent on the quality of safety measures adopted by health care entities but also on the motivation and resources of potential attackers, the question of the value of personal health data on the black market is a highly critical one and not an easy one to answer. Illegal actors can extract profits from patient data in a variety of ways, the best documented of which are direct sale and extortion of ransom. Prices attained in these transactions can help to estimate the financial value of patient data on the black market in the US – where instances of health care data breaches have been most frequent and well documented – and in Germany.

References

  1. 1.
    OECD, “Exploring the Economics of Personal Data,” in OECD Digital Economy Papers, 2013.Google Scholar
  2. 2.
    D. Walker, “Research examines cost of stolen data, underground services’,” SC Magazine, 11 12 2014. [Online]. Available: http://www.scmagazine.com/news/prices-have-dropped-for-stolen-data-on-the-black-market/article/387945/. [Accessed 13 07 2016].Google Scholar
  3. 3.
    T. Zeller, “Black Market in Stolen Credit Card Data Thrives on Internet,” The New York Times, 2005.Google Scholar
  4. 4.
    H. Krügel-Brand, “Digitale Transformation: Zukunftsfragen,” Aerzteblatt, [Online]. Available: http://www.aerzteblatt.de/archiv/175605. [Accessed 13 07 2016].Google Scholar
  5. 5.
    N. Yaraghi, Hackers, phishers, and disappearing thumb drives: Lessons learned from major health cara data breaches, 2016.Google Scholar
  6. 6.
    Ponemon Institute, Fith Annual Benchmark Dtudy on Privacy & Security of Healthcare Data, 2015.Google Scholar
  7. 7.
    D. Bowman, Why health insurers are an enticing hack target [Q&A], Fierce Healthcare, 2015.Google Scholar
  8. 8.
    C. Humer und J. Finkle, Your medical record is worth more to hackers than your credit card, Reuters, 2014.Google Scholar
  9. 9.
    P. Institute, 2013 Cost of Data Breach Study: Global Analysis, 2013.Google Scholar
  10. 10.
    B. Filkins, Health Care Cyberthreat Report, SANS Institute, 2014.Google Scholar
  11. 11.
    R. Abelson und M. Goldstein, Anthem Hacking Points to Security Vulnerability of Health Care Industry, The New York Times, 2015.Google Scholar
  12. 12.
    F. Rashid, “Why hackers want your health care data most of all,” InfoWorld, 14 09 2015. [Online]. Available: http://www.infoworld.com/article/2983634/security/why-hackers-want-your-health-care-data-breaches-most-of-all.html. [Accessed 08 07 2016].Google Scholar
  13. 13.
    C. Terhune, UCLA Health System data breach affects 4.5 million patients, 2015.Google Scholar
  14. 14.
    ÄrzteZeitung, “Illegale Ausspähaktion: Massenhaft Patientendaten gestohlen,” 29 11 2013. [Online]. Available: http://www.aerztezeitung.de/praxis_wirtschaft/recht/article/850930/illegale-ausspaehaktion-massenhaft-patientendaten-gestohlen.html. [Accessed 31 07 2016].Google Scholar
  15. 15.
    Klinikum Mittelbaden, Datenschutz, Mittelbaden: Klinikum Mittelbaden, 2012.Google Scholar
  16. 16.
    WDR – Westfalen-Lippe-Nachrichten, “Bei Diebstahl auch Patientendaten verschwunden,” 31 05 2016. [Online]. Available: http://www1.wdr.de/nachrichten/westfalen-lippe/patientendaten-verschwunden-diebstahl-medizinische-geraete-berleburg-100.html. [Accessed 31 07 2016].Google Scholar
  17. 17.
    E. Demtröder, “Medizingeräte-Diebstahl: Helios spekuliert nicht über Motiv,” WAZ, [Online]. Available: http://www.derwesten.de/staedte/nachrichten-aus-bad-berleburg-bad-laasphe-und-erndtebrueck/medizingeraete-diebstahl-helios-spekuliert-nicht-ueber-motiv-aimp-id11842565.html. [Accessed 31 07 2016].Google Scholar
  18. 18.
    D. Seher, “Diebe stehlen tausende Patientenakten aus Klinik-Kellern,” WAZ, 08 02 2015. [Online]. Available: http://www.derwesten.de/politik/diebe-stehlen-tausende-patientenakten-aus-klinik-kellern-id10932347.html. [Accessed 28 07 2016].Google Scholar
  19. 19.
    H. Krüger-Brand, Archivierung von Patientenunterlagen: Arzt muss weg – Patientenakten weg?, Deutsches Ärzteblatt.Google Scholar
  20. 20.
    DeepDotWeb, New Breach: Healthcare Insurer Database of 9.3 M Records Being Sold, Deep Dot Web, 2016.Google Scholar
  21. 21.
    W. Ashford, “Ransomware makes up a quarter (and rising) of UK cyber attacks, finds research,” ComputerWeekly, 28 04 2016. [Online]. Available: http://www.computerweekly.com/news/450294545/Ransomware-makes-up-a-quarter-and-rising-of-UK-cyber-attacks-finds-research. [Accessed 01 08 2016].Google Scholar
  22. 22.
    D. Borchers, “Ransomware-Virus legt Krankenhaus lahm,” heise online, 02 12 2016. [Online]. Available: http://www.heise.de/newsticker/meldung/Ransomware-Virus-legt-Krankenhaus-lahm-3100418.html. . [Accessed 01 08 2016].Google Scholar
  23. 23.
    S. Gallagher, “Two more healthcare networks caught up in outbreak of hospital ransomware,” Ars Technica, 29 03 2016. [Online]. Available: http://arstechnica.com/security/2016/03/two-more-healthcare-networks-caught-up-in-outbreak-of-hospital-ransomware/. [Accessed 01 08 2016].Google Scholar
  24. 24.
    M. Smith, “Kansas Heart Hospital hit with ransomware; attackers demand two ransoms,” Network World, 22 05 2016. [Online]. Available: http://www.networkworld.com/article/3073495/security/kansas-heart-hospital-hit-with-ransomware-paid-but-attackers-demanded-2nd-ransom.html. . [Accessed 01 08 2016].Google Scholar
  25. 25.
    C. Sánchez, “La seguridad en los hospitales españoles: tu salud y tus datos, ¿en peligro?,” eldiario.es, 09 09 2015. [Online]. Available: http://wwwleldiario.es/hojaderouter/seguridad/hospitales-sanidad-seguridat_informatica-ciberataques-datos-privacidad_0_427657312.html. [Accessed 01 08 2016].Google Scholar
  26. 26.
    J. Carballo, “Les données de santé attirent les hackers,” Le Figaro, 13 02 2015. [Online]. Available: http://sante.lefigaro.fr/actualite/2015/02/13/23393-donnees-sante-attirent-hackers. [Accessed 01 08 2016].Google Scholar
  27. 27.
    N. Devillier, “Piratage de données médicakes; la France n’est pas prête,” Rue89, 05 04 2016. [Online]. Available: http://rue89.nouvelobs.com/2016/04/05/piratage-donnees-medicales-france-nest-prete-263632. [Accessed 01 08 2016].Google Scholar
  28. 28.
    FBI Cyber Division, Health Care Systems and Medical Devices at Risk for Increased Cyber Intrusion for Financial Gain, FBI Cyber Division, 2014.Google Scholar
  29. 29.
    D. Dissent, “655,000 patient records for sale on the dark net after hacking victims refuse extortion demands,” The Daily Dot, 27 01 2016. [Online]. Available: http://www.dailydot.com/layer8/655000-patient-records-dark-net/. [Accessed 03 08 2016].Google Scholar
  30. 30.
    DeepDotWeb, New Breach: 655000 Healthcare Records (Patients) Being Sold, Deep Dot Web, 2016.Google Scholar
  31. 31.
    D. Dissent, Lording it over the healthcare sector: health insurer database with 9.3 M entries up for sale, Office of Inadequate Security, 2016.Google Scholar
  32. 32.
    H. Gierow, “Security: Ransomware-Bosse verdienen 90.000 US-Dollar pro Jahr,” golem.de, 06 03 2016. [Online]. Available: http://www.golem.de/news/security-ransomware-bosse-verdienen-90-000-us-dollar-pro-jahr-1606-121292.html. [Accessed 04 08 2016].Google Scholar
  33. 33.
    J. Breithut, “Trojaner ‘Locky’: Erpresser-Software infiziert 17.000 deutsche Rechner an einem Tag,” SPIEGEL ONLINE, 19 02 2016. [Online]. Available: http://www.spiegel.de/netzwelt/gadgets/locky-17000-windows-rechner-in-deutschland-taeglich-infiziert-a-1078318.html. [Accessed 04 08 2016].Google Scholar
  34. 34.
    S. Gallagher, “Patients diverted to other hospitals after ransomware locks down key software,” Ars Technica, 17 02 2016. [Online]. Available: http://arstechnica.com/security/2016/02/la-hospital-latest-victim-of-targeted-crypto-ransomware-attack/. [Accessed 04 08 2016].Google Scholar
  35. 35.
    A. Blankstein, Eyes on celebrity records multiply, Los Angeles Times, 2008.Google Scholar
  36. 36.
    M. Neil, “Celebrity Medical Files Breached at UCLA,” ABA Journal, 04 07 2008. [Online]. Available: http://www.abajournal.com/news/article/celebrity_medical_files_breached_at_ucla/. [Accessed 31 07 2016].Google Scholar
  37. 37.
    A. Guerrilla, Tor’s Co-Creator: Your Medical Revords Have Bullseyes On Them, Deep Dot Web, 2016.Google Scholar
  38. 38.
    D. Nield, “Google Fit vs. Apple Health: Who’s Winning the Race?,” Read-Write, 24 03 2015. [Online]. Available: http://readwrite.com/2015/03/24/google-fit-vs-apple-health/. [Accessed 03 08 2016].Google Scholar

Copyright information

© Springer-Verlag GmbH Germany 2018

Authors and Affiliations

  1. 1.Serapion Beratung & FachredaktionEssenGermany

Personalised recommendations