Jump to content

Why is PHI Valuable to Hackers?


Recommended Posts

PHI and Hackers

HIPAA has always been referred to as a complicated and overwhelming law that healthcare organizations have struggled to make sure that they are fully compliant with. That is why it is important to be reminded why protected health information is so valuable to criminals and hackers and why keeping it protected from them is so vital. Aside from the value of the data you should be protecting, the cost of HIPAA violations can be crippling to an organization.

What is PHI? 

Protected health information, or PHI, which was defined by the HIPAA privacy rule, is any information within a person’s medical record that can identify them and is held by a covered entity. Under HIPAA and the Privacy Rule, there are 18 specific identifiers that must be handled with certain strict safeguards. 

Here are the 18 types of information that are considered protected health information (PHI) under HIPAA: 

  1. Name
  2. Address (Including any information more localized than state) 
  3. Any dates (except years) related to the individual, including birthdays, date of death, date of admission/discharge, etc. 
  4. Telephone Number
  5. Fax Number
  6. Email address
  7. Social Security number 
  8. Medical record number 
  9. Health plan beneficiary number
  10. Account number 
  11. Certificate/license number
  12. Vehicle identifiers, serial numbers, license plate numbers
  13. Device identifiers/serial numbers
  14. Web URLs
  15. IP address
  16. Biometric identifiers such as fingerprints or voiceprints
  17. Full-face photos
  18. Any other unique identifying numbers, characteristics or codes 

The Value of PHI 

Healthcare records are known to be one of the most valuable types of information that hackers look for. Most of the PHI that is compromised throughout the industry happens through hacking or IT incidents. That is because of the high value of PHI compared to other information that hackers may be able to find. 

Higher Selling Price

As mentioned earlier, PHI is known to be one of the highest valued types of information that can be stolen. A 2018 Trustwave Global Security Report investigated the price values of different types of stolen data that are sold on the dark web. A social security number would sell for $0.53, the details of a payment card would be $5.40 but the health care record for one person would receive an average of $250.15 when sold. This shows the dramatic difference in value of healthcare data when compared to other forms of private information that is commonly stolen and sold. 

Long Shelf Life 

One attractive quality of PHI for hackers is that it has a long shelf life compared to other forms of information that can be stolen. When a person’s credit card information is stolen, they typically realize it quickly and then are able to cancel the card, saving themselves from any other risk. However with PHI, especially a medical record that may contain a few different forms of personal information, can be used in more ways than one and it typically takes longer for an information breach to be detected. Once a breach has occurred, it will still take a bit of time for an organization to determine what information was taken and what people it will affect. 

Source: https://www.accountablehq.com/post/why-is-phi-valuable-to-hackers

Link to comment
Share on other sites

Join the conversation

You are posting as a guest. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...