Liquidity trumps longevity in marketplace for stolen health data

Healthcare data is much, much cheaper than financial.

Despite the fact that healthcare institutions are under increasing threat from cybercriminals and ransomware, the data that gets stolen from these institutions is still much, much cheaper on the black market than, say, financial data. This is according to Intel Security’s latest report in the topic, entitled McAfee Labs Health Warning. 

It is particularly interesting, the report claims, because data found in healthcare institutions should remain valid longer than their financial counterparts. With credit card and similar information, the data such as number or expiration date can change quickly, and is dubbed ‘perishable’, while healthcare data, such as mother’s maiden name or birthdates, always remain the same, thus being ‘non-perishable’.  

Here are the numbers: The per record value of financial account data ranged from $14.00 to $25.00 per record, credit and debit cards drew around $4.00 to $5.00, but medical account data earned only from $0.03 to $2.42.

Despite the fact that healthcare data is non-perishable, it’s cheaper because it’s harder to monetise. The report says that hackers need to analyse healthcare data to identify lucrative opportunities, which is not the case with financial data. 

“Liquidity trumps longevity in the race to monetise stolen data,” said Raj Samani, Intel Security’s CTO for Europe, the Middle East, and Africa. 

“If I steal a million credit or debit card numbers, I can quickly sell this digital merchandise before banks and retailers discover the theft and cancel these numbers. Alternatively, a million medical records contain a rich cache of permanent PHI and personal histories, but such data requires a greater investment of time and resources to exploit and monetise it.”