This Is Why Cyber Criminals Want Your Medical Records

“The complete lack of privacy and the fact that medical records are just sitting out there in the open is really a perfect target for cybercriminals.”

If your medical records are stolen, there is a lot you can do to get them back. First, contact the insurance company that pays for your care and ask them what they can do. If you don’t have insurance, then try filing a police report with local authorities. If the thief has already sold or destroyed your records, it might be too late for these measures. In this case, you will need to file a lawsuit in order to get some kind of justice.

This Is Why Cyber Criminals Want Your Medical Records

2017 broke the previous year’s record of 1,093 data breaches. According to a study from the Identity Theft Resource Center and CyberScout, there were 1,339 documented data breaches as of December 27, 2017. This is a 23% increase over the previous year. 

Criminals may get access to all of your sensitive information in one fell swoop by hacking an insurance company or hospital.

Because there are so many credit card numbers accessible, data breaches have grown so prevalent that they are almost useless on the black market. That’s troubling enough, but what’s even worse is that the overstock has prompted cyber thieves to turn their attention to the health-care business. Medical records made up more than a quarter of the documents hacked in 2017.

The data breach at Anthem is just one illustration of how serious these hacks can be. The insurance company disclosed in 2015 that 80 million patient records had been hacked, including sensitive information such as Social Security numbers and health-care ID numbers. They proposed to pay a $115 million compensation in June of this year, which, if allowed by the court, would be the highest data breach payout ever.


For criminals, health-care records provide a one-stop shop.

Health care records are like microcosms of your life, comprising everything from your medical history and contact information to financial information and your Social Security number.

A thief may acquire access to all of your sensitive information in one fell swoop by hacking into the confidential records of an insurance company or hospital. The health-care business, with scant investment in cyber security, may make it easier for thieves to do so.

“Doctors don’t go into medicine to preserve data.”

“As other industries, such as financial services, put in place safeguards to secure their electronic data, fraudsters will often move on to the next low-hanging fruit.” It’s a logical step for cyber thieves to transfer to health care, according to Ann Patterson, Senior Vice President of the Medical Identity Fraud Alliance.

“Doctors don’t go into medicine to preserve data. In reality, insurers are obligated by law to keep ‘administrative’ expenditure (including anti-fraud measures) to a minimum in order to guarantee that the bulk of money is spent on paying claims for genuine health treatment.”

A cyber attack was reported by four out of every five physicians.

Despite the fact that they may lack the tools to avoid cyber assaults, the majority of physicians in the United States have been victims of one. According to a survey by Accenture and the American Medical Association, four out of every five physicians have been victims of a cyber assault. Phishing was the most prevalent kind of attack mentioned: emails sent by a fraudster acting as an authoritative figure inside an organization in order to gain sensitive information.

As the number of health-care data breaches rises, so does the number of medical identity thefts. According to Consumer Reports, there were 2.3 million occurrences of medical identity theft in 2014. Although health care providers aren’t in the business of cyber security, it’s past time for them to start. 

Medical Fraud Victims Spend Thousands to Resolve

Companies pay an average of $380 per broken health-care record. That’s more than the $225 national average for data breaches in other sectors. These figures include for direct expenditures (such as legal fees and identity protection services) as well as lost revenue.

Consumers, on the other hand, pay a larger price for data breaches if their identities are stolen. In 2015, the typical medical identity theft victim paid $13,500 to rectify fraudulent behavior, compared to just $55 for all identity fraud victims.

What makes medical identity theft even more difficult is that, unlike with credit cards, victims cannot simply close their medical records and start new ones. Their data could hypothetically be used to create bank accounts, receive medical treatment, redirect medicines, and more for the rest of their lives.

Medical fraud is also more difficult to detect than credit card fraud.

“Unlike financial identity theft, medical identity fraud is difficult to detect and remedy rapidly,” Ann Patterson noted. “A hospital has no way of alerting you if someone using your identity obtains care at their institution.” There is no central repository of your health-care accounts where you can get a report to go through.”

Medical Inaccuracies Can Be Caused By Medical Identity Theft

A doctor could treat a victim for a medical ailment they don’t have, a procedure they didn’t have, or a prescription they didn’t fill.

Medical fraud that is undetected might have much more severe consequences than a bad credit score. When a criminal uses someone else’s identity to receive medical treatment, the victim’s health may be jeopardized.

Victims can receive the wrong form of medical treatment or diagnosis if their medical information is mixed up with a criminal’s. A doctor could treat a victim for a medical ailment they don’t have, a procedure they didn’t have, or a prescription they didn’t fill. And, even if incorrect data is detected, it can be nearly impossible to remove from health records.

Patterson said, “Your health history is what it is; whether you’re unwell or have been sick, that is a historical truth that doesn’t alter.”

Patients may not get their recommended therapy at all in other instances. The postal address for prescription prescriptions might be changed by criminals, leaving patients without their medication.

Opioids, such as oxycodone, hydrocodone, and methadone, are especially problematic, since they are responsible for one of the deadliest drug epidemics in history. Some criminals may impersonate a doctor in order to get new opioid prescriptions or redirect current ones for their own gain.


Prescriptions for opioids are strictly supervised since individuals may quickly get addicted to the drug. If a thief contacts many health-care providers to get opioid prescriptions in the victim’s name, a warrant for their arrest may be issued.

Deborah Ford experienced something similar. A criminal took her wallet, which included her health insurance identification cards, and her medical identity was taken. Until it was discovered by law enforcement, the criminal exploited her name to get additional opiate prescriptions. On her previously spotless record, Ms. Ford had to battle an arrest warrant and many charges.

Were You a Victim of a Cyber-Attack?

If you believe you’ve been a victim of medical identity theft, the Medical Identity Fraud Alliance has a number of tools to help you figure out what to do next. You may check up your email address on Have I Been Pwned to see whether your information was exposed in a data breach (regardless of industry).

Attorneys at have fought for customers in some of the most high-profile data breach cases to date, including claims against Home Depot, Target, and Yahoo. If your personal information was taken as a result of a data breach, you may be able to file a lawsuit. Please contact us for a no-cost, no-obligation legal consultation.

The “stealing medical records crime” is a problem that has been present for a while. The FBI and the FTC have released a report on why cyber criminals want your medical records.

Frequently Asked Questions

Why do hackers want medical records?

A: Hackers often use information they find in order to commit identity fraud, which is stealing personal data and using it for their own purposes. This could include anything from credit card theft to email account hijacking. It has also been used by hackers as a form of extortion when dealing with large companies that may not have the resources or ability to afford such a situation.

Why is healthcare data so valuable to hackers?

A: Data is one thing, but the information contained within that data is another. Information on your medical conditions and history can be used to find out what you are currently experiencing or how healthy you have been in the past. This means they could use this information against you to make a profit off of it if they wanted too, which makes healthcare data so valuable when hackers steal from people like hospitals and insurance companies every day.

What do hackers do with medical information?

A: A hacker can do anything they wish with the information. This includes stealing personal data, destroying a persons reputation, and even using it to blackmail someone.

Related Tags

  • how much is a medical record worth on the dark web
  • data breach of medical records
  • theft of medical records
  • what happens when a hospital is hacked
  • what can someone do with your medical information