Medical big data is offered for sale on the darknet
Recently, the concept of the so-called Big Data has become more and more popular, which in the simplest way can be defined as data characterized by extensive volume, diversity and variability. Their analysis goes far beyond simple operations on one given type of information and includes aspects of data analysis, such as the generation of hypotheses, and not simply testing them. Willy-nilly, the era of big data has come, and computer scientists, economists, mathematicians, political scientists, sociologists and other scientists are demanding access to a huge amount of information generated by people, things, and their mutual interactions.
Medical big data relies on medical documentation which represents one of the most comprehensive means for collection of information regarding a person’s identity, in addition to other personal sensitive private information. A recently published paper examined the theft and illegal sales of medical big data on the darknet and some surface web sites. Throughout this article, we will take a look at some of the interesting information presented in this paper.
Big data – A double edged sword:
Big Data ignites utopian as well as dystopian rhetoric. On the one hand, Big Data is considered a powerful tool for solving various social problems, and offering enormous benefits in multiple research sectors such as treatment of cancer, terrorism, sociology, and climate change. On the other hand, they are presented in terms of the disturbing manifestation of the “Big Brother”, facilitating invasion into the sphere of privacy, reduction of civil liberties, and increased governmental and corporate control. As with all socio-technical phenomena, overlapping visions of hope and fear often obscure the more nuanced and subtle changes that are just taking place.
The market “sees” Big Data as a chance for quick profit, namely marketers use it to target advertising, suppliers use it to optimize their offer, and Wall Street bankers use it for market analysis. Legislation has already been proposed in many countries to limit the collection, storage and processing of data, usually in connection with privacy concerns.
Theft of big medical data and its sale on the darknet:
The theft of big medical data is a relatively new practice. The first large-scale theft was recorded by the US Department of Health and Human Services in 2012. In subsequent years, there were more thefts on a similar scale, reaching around a thousand by 2016. In particular, the attention of hackers focused on the theft of personal data, dates of birth, addresses of patients, and in particular social security numbers.
Medical information can be worth 10 times more than credit card numbers that are offered for sale on darknet marketplaces. Those who are willing to buy this type of information are mainly fraudsters who can easily use this data to create fake IDs, to buy medical equipment with reimbursement, or even drugs. You can also link a patient’s social security number to a fake service provider or, moreover, with fictitious claims from the insurer. Unknowing patients often find that their credentials have been stolen a long time after the fraudsters have used their personal medical ID to impersonate them and get health benefits. For example, it should be pointed out that the theft of credit card data can be quickly reported to banks that can act immediately because we have the opportunity to track the account history and relatively quickly identify unwanted transactions.
Interestingly, Reddit’s r/DNMSuperlist includes .onion links of places that offer, among others, the sale of sensitive data, including those of a medical nature. On the Reddit pages there are so-called superlists, you can easily find a superlist containing links to websites that are outlets for illegal data. A given superlist is a list of popular links that contain a direct reference to pages on the Tor network (.onion). Even though most of the sold big data came from digital medical records, the health information alone was not popular. The vast majority of medical big data included the date of birth, name, place of residence, and social security number. The cost of buying such information amounted to about 1-1.5 dollars on average. However, if one assumes that one theft of medical big data means several million bits of information about users, and that after some time some part will be sold at the above prices, the profit from such a one-off transaction can amount to several million dollars.
Sales of medical big data on the darknet can redirect the attention of hackers to less popular attack targets. For example, hacking hospital servers can evolve to become a lucrative business, because it is characterized by low costs (poor security), low risk and high, long-term rate of return, when medical data is appreciated and sold for high prices on the darknet!