Odds Are, Hackers Have Your Medical File

By on

The medical records of more than 4.5 million patients, including name, address, date of birth and Social Security number, were recently stolen from Community Health Systems by a group of Chinese hackers. Unfortunately, even if you weren’t a victim of that hack, there’s a good chance your medical file is already in the hands of cybercriminals.

Find help for common financial problems in our Solutions Center!

According to CNN Money, 90 percent of health care organizations have either exposed their patients’ personal data or it’s been stolen.

In the meantime, medical facilities have been busy converting paper patient records to digital files. And medical files can be easy prey for hackers, because the data is rarely encrypted, many health care clinics are using outdated technology, and hackers can usually access patient records on the same computer network that clinics and hospitals use for other business.

The New York Times said:

Security experts have long predicted that the digitization of medical records would invite hackers. Last year, Stephen Cobb, a senior researcher at ESET, the antivirus company, calculated that 24,800 Americans had protected health information exposed — per day — in 2013, based on the number of breaches disclosed on the website of the Health and Human Services Department last year.

But why do cybercriminals want patient records? CNN Money said medical files equal big money for hackers. While stolen credit card information might get $1 on the black market, medical records bring in a minimum of $50 per record. And there’s lots of ways your stolen medical file can be used.

CNN Money said:

Criminals can use medical records to fraudulently bill insurance or Medicare. Or they use patients’ identities for free consultations. Or they pose as patients to obtain prescription medications that can later be sold on the street.

The cyberattack on Tennessee-based Community Health Systems, which affected 4.5 million patient files, is not unusual. But, according to Reuters, the sheer magnitude of the hack makes it stand out.

The attack is the largest of its type involving patient information since a U.S. Department of Health and Human Services website started tracking such breaches in 2009. The previous record, an attack on a Montana Department of Public Health server, was disclosed in June and affected about 1 million people.

My two children and I received letters from the state of Montana in June, notifying us that hackers had broken into the state health department computer server, gaining access to our names, address, dates of birth and Social Security numbers, along with other personal information. The letter said there was no indication that any information was stolen.

“So, while the federal Health and Human Services department promises ‘electronic health records will not change the privacy protections or security safeguards that apply to your health information,’ in reality, data breaches are becoming a regularity,” CNN Money said.

Have your patient files been part of a hacking scheme? Share your comments below or on our Facebook page.

Sign up for our free newsletter

Like this article? Sign up for our newsletter and we'll send you a regular digest of our newest stories, full of money saving tips and advice, free! We'll also email you a PDF of Stacy Johnson's "205 Ways to Save Money" as soon as you've subscribed. It's full of great tips that'll help you save a ton of extra cash. It doesn't cost a dime, so why wait? Click here to sign up now.

Check out our hottest deals!

We're always adding new deals and coupons that'll save you big bucks. See the deals to the right and hundreds more in our Deals section.

Click here to explore 1,322 more deals!

Comments & discussion

We welcome your opinions, but let’s keep it civil. Like many businesses, we reserve the right to refuse service to anyone. In our case, that means those who communicate by name-calling, racism, using words designed to hurt others or generally acting like an uninformed bully. Also, comments that include links to email addresses or commercial websites typically aren't posted. This isn't a place to advertise your business.

  • broad0505

    Republic wireless. I had enough when AT&T started forcing me to pay
    for a ($30) data plan because I was using an iphone even thought I did
    not use data. I did not need data away from home and at home I used
    wifi. They could detect the iphone and automatically added the plan to
    your bill.,,,,