Canada is the overall winner, with fully 53% of their hospitals exposed, with 36% of their US counterparts being exposed. The company found more than a thousand expired SSL certificates in the US alone, which is the digital equivalent of a large neon sign to a hacker.
As grim as those numbers look for the US and Canada, the picture doesn’t improve much in other parts of the world. For instance, nearly half of all NHS Trust in England suffered from a ransomware attack in the last twelve months, and even though the UK’s’ exposure is much lower than the US’s (less than 1%), they still suffered nearly a thousand data breaches last year, which speaks to the massive scope and scale of the problem.
Just how lucrative is the market for medical data on the Darkweb? As an example, a complete hospital database can sell for as much as half a million dollars.
What makes medical data so enticing for hackers is the width and breath of what it contains. The hackers can get dates of birth, social security numbers, addresses, billing and banking information, insurance information and a plethora of other financial details.
Basically, anyone armed with the data from a medical database would be able to digitally reconstruct your life and steal your identity. Worse, many of these pieces of data are unique and can’t be changed or reset if stolen.
If you work with PHI, be warned. The hackers are coming, and they’re coming for whatever data you’ve got.