Why is PHI Valuable to Hackers?

[Admin]

PHI and Hackers

HIPAA has always been referred to as a complicated and overwhelming law that healthcare organizations have struggled to make sure that they are fully compliant with. That is why it is important to be reminded why protected health information is so valuable to criminals and hackers and why keeping it protected from them is so vital. Aside from the value of the data you should be protecting, the cost of HIPAA violations can be crippling to an organization.

What is PHI? 

Protected health information, or PHI, which was defined by the HIPAA privacy rule, is any information within a person’s medical record that can identify them and is held by a covered entity. Under HIPAA and the Privacy Rule, there are 18 specific identifiers that must be handled with certain strict safeguards. 

Here are the 18 types of information that are considered protected health information (PHI) under HIPAA: 

1. Name
2. Address (Including any information more localized than state) 
3. Any dates (except years) related to the individual, including birthdays, date of death, date of admission/discharge, etc. 
4. Telephone Number
5. Fax Number
6. Email address
7. Social Security number 
8. Medical record number 
9. Health plan beneficiary number
10. Account number 
11. Certificate/license number
12. Vehicle identifiers, serial numbers, license plate numbers
13. Device identifiers/serial numbers
14. Web URLs
15. IP address
16. Biometric identifiers such as fingerprints or voiceprints
17. Full-face photos
18. Any other unique identifying numbers, characteristics or codes 

The Value of PHI 

Healthcare records are known to be one of the most valuable types of information that hackers look for. Most of the PHI that is compromised throughout the industry happens through hacking or IT incidents. That is because of the high value of PHI compared to other information that hackers may be able to find. 

Higher Selling Price

As mentioned earlier, PHI is known to be one of the highest valued types of information that can be stolen. A 2018 Trustwave Global Security Report investigated the price values of different types of stolen data that are sold on the dark web. A social security number would sell for $0.53, the details of a payment card would be $5.40 but the health care record for one person would receive an average of $250.15 when sold. This shows the dramatic difference in value of healthcare data when compared to other forms of private information that is commonly stolen and sold. 

Long Shelf Life 

One attractive quality of PHI for hackers is that it has a long shelf life compared to other forms of information that can be stolen. When a person’s credit card information is stolen, they typically realize it quickly and then are able to cancel the card, saving themselves from any other risk. However with PHI, especially a medical record that may contain a few different forms of personal information, can be used in more ways than one and it typically takes longer for an information breach to be detected. Once a breach has occurred, it will still take a bit of time for an organization to determine what information was taken and what people it will affect. 

Source: https://www.accountablehq.com/post/why-is-phi-valuable-to-hackers