Why are hacked healthcare records so valuable? It’s because stolen patient records often end up for sale on the deep web as part of information packages called “fullz” and “identity kits” used by fraudsters to commit a wide variety of crimes, says researcher James Scott.
Scott co-authored a new report, Your Life, Repackaged and Resold: The Deep Web Exploitation of Health Sector Breach Victims, which was prepared for the U.S. Senate by the Institute for Critical Infrastructure Technology, a cybersecurity think tank.
The report describes the portion of the internet commonly referred to as the deep web as “an amalgamation of all of the sites that are not indexed by search engines and, in many cases, are not tracked by the same crawlers, ad services, cookies and other trackers that hinder anonymity.”
Criminal groups often use the deep web to buy and sell health information and other data, Scott says in an interview with Information Security Media Group.
What Happens to Stolen Records?
Typically after a health record hack, the data will “go dark” for some time before resurfacing in different variations, he says.
“So, it will look like basic short-form ID theft material, but eventually the electronic health record will surface as a ‘fullz’ – the slang term on the deep web [for] a complete long-form document [containing] of all the intricacies of a person’s health history, preferred pharmacy, literally everything,” he says.
“What happens is the people who purchase those [fullz] then go to another vendor on the deep web for what’s called ‘dox,’ the slang term for documentation, where they then proceed to have passports, drivers’ licenses, Social Security cards – all these things that will help the counterfeit imitation of the victim. … So, you have electronic health record that will typically go for $20 apiece, and you’ll spend a couple hundred dollars on ‘doxs’ to support that identity, and once it’s an identity kit, you can sell it for $1,500 to $2,000.”
Those ID kits are then used for a wide variety of criminal activities, including illegal immigration, pedophilia and launching more attacks using social engineering, Scott says.
In the interview (see audio player below image), Scott also discusses:
- The challenges involved in tracking down the original sources of breached health data that surface on the deep web;
- His advice to healthcare entities for preventing breaches that can result in patient data ending up on the deep web;
- Why ICIT prepared the report for the U.S. Senate, and how the research potentially could be used by the federal government and law enforcement agencies.
Scott is a senior fellow at the Institute for Critical Infrastructure Technology, a not-for-profit cybersecurity think tank based in Washington. He’s an author on the topic of cybersecurity and an adviser to the U.S. Senate, House of Representatives and intelligence community on cyberwarfare and the advanced persistent threat landscape.