Schedule Your Free Consultation:



Hackers And Dark Web: How Safe Are Our Medical Records?

UP TO DATE | June 30, 2016

When KCUR radio's Up To Date with Steve Kraske wanted an expert to weigh in on breaking news reported by CSO, a Thompson Reuters company, they called our own Maureen Brady.

Steve Kraske, "This week, 655,000 medical records from three healthcare organizations, including one in Farmington, Missouri, were listed for sale on the "Darknet." As we hear of more and more big data breaches, what does this mean for individuals? And what's the market for stolen health information?"

The impetus for the show surrounded a criminal hacker claiming to have stolen close to 10 million patient records, selling them for about $820,000 on the dark web black market. The records included: names, addresses, dates of birth, and Social Security numbers - all of which could be used to commit identity theft or access the patient's bank accounts.

Health care providers are particularly popular targets for cyber attacks because of the type and volume of data they hold. According to Ponemon Institute's Sixth Annual Benchmark Study on Privacy and Security of Healthcare Data, data breaches are costing the industry $6.2 billion a year. The study also found that, in the last two years:

  • 89% of health care organizations and 60% of their business associates have suffered data breaches.
  • 79% of health care organizations experienced multiple (more than two) data breaches - 20% up since 2010.
  • 34% of health care organizations experienced two to five data breaches.
  • 45% of health care organizations experienced more than five data breaches.

The report observes: "Although there's been a slight increased investment over last year in technology, privacy and security budgets, and personnel with technical expertise, the majority of healthcare organizations still don't have sufficient security budget to curtail or minimize data breach incidents."

What does this mean in regards to HIPAA?

Health care organizations are bound by the Health Insurance Portability and Accountability Act (HIPAA), whose Administrative Simplification rules regulate the use and disclosure of protected health information (PHI) by covered entities.

Civil monetary penalties (CMPs) for HIPAA violations can be as much as $50,000 per compromised record, up to an annual maximum of $1.5 million, and criminal penalties can incur fines of up to $250,000 and ten years' imprisonment.

See what Maureen Brady had to say in the interview above, or visit KCUR for more from Up To Date. To read more on the breach, read the entire article here.

As always, if you or a loved one believes your medical records have been compromised, please call McShane and Brady for a free consultation at 816-888-8010.

No Comments

Leave a comment
Comment Information
  • The Missouri Bar
  • Best of the bar
  • Super Lawyers Lucy Mcshane
  • Association for Women Lawyers of Greater Kansan City
  • Super Lawyers Maureen Brady
  • Avvo
  • Mata

Want To Learn If You Have A Case?

Bold labels are required.

Contact Information

The use of the Internet or this form for communication with the firm or any individual member of the firm does not establish an attorney-client relationship. Confidential or time-sensitive information should not be sent through this form.


Privacy Policy

email us for a response

Helping Clients Throughout The Kansas City Metro Area

McShane & Brady, LLC
1656 Washington St
Suite 120
Kansas City, MO 64108

Phone: 816-569-9772
Fax: 816-332-6295
Map & Directions