Next, I looked at the current value of a medical chart on the dark web. It did not take much research to find security businesses that have blogs and articles about items being sold on the dark web. A complete chart with a copy of driver’s license and insurance card can go for as much as $1,000 to thieves setting up a new identity for someone. On average, however, medical charts can be obtained fairly inexpensively. I found a recent article from Trend Micro that showed you could purchase a single identity with insurance card for under $10. If the record includes a driver’s license, the cost increases to $170.
The real money is in purchasing an entire database. An EHR database can go for as much as $500,000, and who knows how many times the data can be sold. According to an article by Cyber Scoop, there is so much data available on the dark web, the price per complete chart has dropped from $75 to $100 in 2015 to the current price range of $20 to $50.
If you have been a victim of identity theft as my husband was, you know that the cost of repairing your credit is much more than the actual theft. I am sure that many of you already contract with a company to assist you in monitoring your personal accounts to prevent theft, but what have you done for your business? Who is monitoring those accounts regularly to make sure they have not been accessed? What about that line of credit that you rarely use? How long would it take for you to notice if someone accessed that account and transferred money out? When was the last time you changed the password on your commercial business accounts, and do you have a list of people who have access to those accounts?
The bottom line is that the healthcare business owner is where the buck stops both operationally and financially. A major breach could bankrupt a business through fines and a loss of business. One of the things I researched while investigating the cost of a chart on the dark web was to see if there were identity theft products that were geared to businesses and found multiple companies that do so. I encourage you to check them out and enlist the same protections for your company that you would to protect your personal identity.
Popular on our site: Top 10 tips to unlock telehealth's potential in your practice
The business owner also needs to review business insurance and evaluate coverage for cyber theft. I recently looked at a couple of business policies and saw that they only had $20,000 to $50,000 in coverage. That is not nearly enough for a healthcare business that can be fined by the chart that is affected. This insurance is reasonably priced and I advise on at least $1 million in coverage. Look at the number of medical practices that have paid fines between $500,000 and $750,000 to help you decide on the amount of coverage you need. Many malpractice policies also provide some coverage for cyber theft, which could combine with your business insurance coverage.