Posted on 06/13/23
| News Source: WBAL TV
The U.S. Office for Civil Rights is investigating 17 recent data breaches at Maryland businesses that affected more than 100,000 people, the 11 News I-Team has learned.
The OCR, a division of the U.S. Department of Health and Human Services, opens investigations into all "breaches of unsecured protected health information affecting 500 or more individuals," according to its website.
Nick Yuran, CEO of Harbor Labs, which, among other things, helps health care companies secure their IT systems, said these cyberattacks show how valuable personal health information, or PHI, is to the hacker community.
"There are so many things a hacker can do with the right type of PHI in their hands," Yuran told the I-Team. "They could open a bank account, they could file a false tax return, they could make a large credit purchase. There's a lot of cleanup that has to be done in the aftermath of an attack like this."
Yuran said hackers are seeking two things when they go after PHI: "Important medical information -- diagnostic information, medical history, history of your treatment, drugs you've taken." He said that's No. 1, explaining that if a medical provider can't access that information after a breach, it can impact the way they treat you as a patient, potentially causing them to miss something critical.
Yuran said hospitals, in particular, can be targets for these cyberattacks, and the entry point can be via medical devices without proper cyber security defenses. Once hackers gain access through these devices, they can access the rest of the network, he said.
Yuran said the second reason hackers want PHI is that it often gives them access to things like Social Security numbers, dates of birth and addresses.
"This is all the ingredients for identity theft," he said. "In the hands of a serious hacker, there are a number of very serious financial crimes that they could commit."