In-Depth: Up to $1K offered on dark web for patient medical records

Posted at 5:31 PM, May 11, 2021
and last updated 2021-05-11 20:31:59-04

SAN DIEGO (KGTV) - It's been nearly two weeks since a malware attack upended operations at Scripps Health but there still haven't been answers about whether patient records were compromised.

Nick Culbertson is the CEO of Protenus, which specializes in insider threat detection for healthcare systems. He said that if hackers steal records from any hospital, those records could be sold on the dark web.

"While a credit card number or social security number can go for 25 cents to a dollar, a medical record by itself can go for anywhere from a dollar to up to a thousand dollars depending on the content that's in it," he added.

He explained why they're so valuable. "You can't change your medical record. You can't change the fact that you had a broken leg in 2016 and so, as a result, someone who steals your medical record can actually use that to steal your identity not only now but five to ten years in the future," he told ABC 10News.

Culbertson added that hospitals that have previously paid ransoms are often asked to do so in some form of cryptocurrency. "The reason that ransomware hackers like to use cryptocurrencies is because it's not traceable where a bank wire would be traceable," he said.

Scripps Health has not said whether any patient records were stolen. The hospital's CEO wrote in part Monday, "I do want you to know that this malware attack targeted our information systems. At this time, we have no reason to believe individual data incidents affecting employees, physicians or patients are related to our current incident."

Scripps Health has explained in part that it has a team working around the clock to fix the issue while the investigation continues, but as of now, it's unknown when the system could be back online.

The hospital has maintained that it's still able to deliver care at its facilities using backup processes and that its urgent cares, emergency departments, and Healthexpress locations remain open.