Everyone knows the law of supply and demand: when a resource is scarce, the price is high. When the market is glutted, the price falls. The internet black market is no different.
It appears that cybercriminals have flooded the market with Electronic Health Records (EHR) and have forced their value down to the degree that in ordered to make the same amount of money as they used to, they now have to commit more cyberattacks.
Last year, a single health record could fetch a hacker between $75 and $100. By contrast, that same record is only worth $20 to $50 today. As a result, criminals are changing how EHRs are sold. Now rather than put everything they have up for sale immediately, at first they only auction off general information stolen in the breach, and then later they sell off the long-form records.
Additionally, it’s no longer profitable to steal one piece of information, so criminals are finding ways to package and sell stolen information. Hackers take things like utility bills and insurance information then put it together with a corresponding EHR to make a complete false IDI kit.
Unfortunately, clogging up the market with stolen healthcare files and consequently driving the price is only going to make matters worse. Hackers still see the healthcare industry as a cash cow, but criminals are starting to look for ways to regain lost revenue, and executives need to pay attention.