Why more and more hackers are targeting medical facilities

Published: Sep. 24, 2019 at 2:32 PM EDT
Email This Link
Share on Pinterest
Share on LinkedIn

Patients hand over some of their most sensitive personal information when they visit the doctor and that's why hackers are targeting medical facilities.

In June, the lab testing company Quest Diagnostics revealed hackers got access to the personal information of some 12 million patients. Days later, another testing company, LabCorp, announced nearly 8 million of its customers' records were exposed.

The Department of Health and Human Services tracks health data breaches and almost weekly, multiple hacks are reported, targeting everything from hospitals to insurance providers to device manufacturers.

"Unfortunately it's a huge problem," said Eva Velasquez, the CEO of the Identity Theft Resource Center. "The theft of medical data is just growing."

Velasquez says the number of medical records stolen has tripled in the past year

"What that means is the thieves are getting better at collecting more sensitive data per incident, per attack," Velasquez said.

A new study in the Annals of Internal Medicine found more than 1,300 medical-related outlets were breached in the past 10 years, compromising 169 million patient records. Researchers at Michigan State University say most of the time, criminals are getting access to sensitive information including names, driver's license numbers, Social Security numbers, addresses, email addresses and phone numbers.

Velasquez says that info is a gold mine for crooks because it can be used to open up credit cards and other accounts in your name. She says think twice before sharing your personal information.

"When they're asking for your Social Security number, your driver's license number and sensitive data, ask them, why do they need it? Leave it blank. Say you refuse to provide it," she advised.

Unfortunately, that's not always an option because some facilities require it, forcing patients to make a difficult choice.

Researchers say medical facilities should be storing patient's financial and personal data separate from their main network so private information can remain private.