TAMPA, Fla. — Florida may be best known for its sun and surf, but it’s also one of the worst states for cyber security attacks, according to a study from Comparitech. The study, ranked Florida fourth nationwide with the most data breaches in the last 10 years, following California, New York and Texas.
Have you been a victim of a security breach?
Enter your email at haveibeenpwned.com to find out!
According to the study, between 2008 and 2019, the Sunshine state had 523 data breaches that exposed more than 350 million records.
In more recent attacks, medical appears to mean money to cyber security thieves according to Privacy Rights Clearing House, a non-profit organization that tracks government-reported breaches. According to its website, the medical/healthcare industry has reported the most data breaches over the past three years.
The key to the treasure box
“It’s the single largest source of identity theft,” explains Dr. Jay Wolfson, a health law and policy expert at the University of South Florida.
“They don’t care about your health information. They care about the data points will help them unlock various chambers of data sources that they can use to steal your assets,” he says. “It’s the key to the treasure box.”
A treasure box, experts warn, is only becoming more vulnerable as medical records go digital.
“You take what data you find and then you sell it,” explains Wolfson.
- Password: homecourse
Inside the mind of a healthcare hacker
“It’s super easy and cheap,” explains a security expert from information security firm, KnowBe4.
We were granted the interview under the condition that we would not reveal his name since he works undercover online searching for criminal activity and company vulnerabilities. After searching for less than an hour, our expert uncovered cyber hacks happening in real time and stolen records including life insurance records and medical records of patients in the US and around the world.
“They had everything from intake reports, history, examinations, actual injuries and diagnoses,” he explained while showing us some of his findings.
Perhaps as surprising, all of the records he found were accessible on surface-level search engines. In other words, stolen medical records have become so common, the days of having to secretly access the deep or dark parts of the internet to obtain them, are over.
“You don’t need to go anywhere close to the dark net to get access to this,” our expert tells us. “Now it’s ending up in these free user account forums that anyone can join. A 10-year-old can get access to this,” he said.
Our expert also showed us phone records stolen from third party companies like billing companies that are hired by healthcare companies. In one case he found, the phone records of more than 150-thousand patients were being offered online for free.
Are healthcare companies doing enough?
Stolen medical records can sell anywhere from a few hundred dollars to tens of thousands of dollars depending on the number of records and detail provided on patients.
While the government has done more to shut down the bad guys, critics say, healthcare companies need to do more to step up the security of its computer systems.
“I still think the organizations are falling short on the technical side because, every day I see examples. I see people saying, ‘I breached this website or hey I got into this area,’ our expert told us.
“That’s awful,” said 58-year-old Deborah Bouchard who suffers from Chronic Obstructive Pulmonary Disease (COPD) and lives with on an oxygen tank 24/7. As far as she knows, her patient records have never been stolen but with frequent visits to multiple doctors every month, she fears, her personal medical history landing in the wrong hands is just a matter of time.
“I think it’s awful. I don’t want my information out there to just anyone,” she told us.
Have a statewide story tip? Contact Katie LaGrone below
More from the Florida Investigative Team
- Former insider: rental car customers mistakenly accused of stealing cars is an industry-wide problem