Hospital Security Breaches

Healthcare security breaches: An unhealthy trend in 2018

Med Associates, the latest to be added to the long list of breached healthcare institutions in 2018, with 270,000 records exposed.

We are only halfway through 2018 and there has already been a stream of hacks, data breaches and mass exposure of highly sensitive data such as DNA and patient records. Med Associates, an Albany-based firm, is the latest victim with 270,000 patient records accessed by black-hat hackers. They are not alone, though, other providers such as the St. Peter’s Surgery and Endoscopy Center and the Oklahoma State University are part of the long list of breached healthcare institutions in 2018.

Patient Records, The Candy of The Dark Web

Medical records are a high-demand supply on the dark web as they are used for different types of fraud schemes. Medical records contain valuable data such as family history, demographic data, insurance information, medications, and more. All this data allows cybercriminals to commit everything from medication fraud, financial fraud all the way to identity theft.

The biggest hurdle for consumers who have been the victims of healthcare fraud is that fraudulent healthcare services and diagnostics are often attached to their permanent healthcare record. This could subject them to future risks of incorrect care, or denial of coverage.

Security Gaps

Small system vulnerabilities are at the core of many of the attacks, underlining the fact that bad actors restlessly search for any minor gap in a system.


Although health organizations have to continue investing in technology, companies and institutions as a whole need to change the way users and staff members are identified online.

There is enough personal data out there to override any credential-based authentication framework. Today, providing the correct name, last name, date of birth, address, social security number, and other personal information is not a sign that you are dealing with the legitimate user anymore.

Improving the Prognosis

In the case of Med Associates, the breach happened because the bad actor was able to access one of the firm’s workstations, gaining access to steal 270,000 records.

In an effort to protect customers and businesses from post-breach damage, companies are implementing multi-layered solutions that can identify when a non-authorized user is trying to access an account. With solutions that include behavioral biometrics and passive biometrics layers, even if a fraudster tries to access a company’s workstation, for instance, the system will notice the difference in behavior and lock them out.

The healthcare industry is slowly taking advantage of these security solutions that allow the protection of their patients’ data. By building a dynamic profile of a customer, companies and institutions are protecting users from fraudsters trying to use breached data.

Related to this post 92 million user accounts compromised in MyHeritage breach