Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

What happens to patient information on the dark web?

What happens to patient information on the dark web?

Hospitals and healthcare organizations are no strangers to cybersecurity and ransomware attacks. For years hackers have been tapping into networks to take data hostage in exchange for money or power.


What is the dark web?


The dark web is part of the internet that houses encrypted online content that search engines cannot index. The average internet user will not stumble across the dark web by accident. To access the dark web, you need to use a special browser such as the Tor browser. This browser makes your IP address unidentifiable.

The dark web is mainly known as a marketplace for drugs, stolen data, and other illegal activity. But it also provides a social outlet for people to express themselves freely without being tracked. The privacy and anonymity of the dark web also allow law enforcement to go undercover and track down criminal organizations. The dark web is quite literally a web that holds information about everything and anyone. 

While the dark web is not illegal, it’s not for the faint-hearted. Without proper security measures, you risk infecting your device with viruses and malware. You also risk getting caught in a scam or phishing attack.


How a hacker infiltrates a network


The biggest threat to an organization’s networks is ransomware. Ransomware is malicious software that holds an organization’s data hostage. It attacks the network by encrypting data so the company cannot access patient information until they pay a ransom. 

The most common way to infiltrate a network is through phishing. Email phishing is when a hacker sends a fraudulent email that contains a link or virus embedded in a computer file. These emails are usually sent to unsuspecting employees who open the file, unknowingly setting ransomware free into the network.

A ransom is usually set by the criminal or criminal organization involved in the breach.

The average requested ransom fee increased from $5,000 in 2018 to $200,000 in 2020. If the company is unwilling or unable to pay the ransom, they risk its records being released and sold to other criminals. One of the largest ransoms ever paid was made by an insurance company for $40 million in 2021.

See more: What is ransomware and how to protect against it


What hackers can do with patient information


Patient information and medical records come in all shapes and sizes. Information found in company networks that can be harmful to patients include:

  • Medical history
  • Demographics
  • Health insurance
  • Contact information
  • Credit card information
  • Social security number
  • Test/lab results
  • Treatments


If criminals aren’t holding data hostage for ransom, then they are selling it to anyone willing to buy it. A social security number can go for as little as $. A driver’s license can sell for $20. And a complete medical record of a patient can sell for $1,000.

Criminals use data they have purchased in a variety of fraudulent ways.

  • Obtain prescription medications
  • Get a procedure or test in the patient’s name
  • File fraudulent medical claims
  • Steal patient identity


Related: Emory Healthcare system reports data breach of over 1,600 patients

Ransomware attacks have become mainstream since the start of the pandemic. Malicious emails are up 600% due to COVID-19 and will continue to rise.

Cybersecurity attacks have a major impact on the healthcare industry because it impacts patient care. Tampering with medical data can lead to “faulty treatment, with fatal and irreversible losses to patients.” And unlike credit cards, medical records can never be canceled.

See more: Ransomware attacks on healthcare increased in 2022


How to stop it


While cybersecurity attacks aren’t 100% preventable, there are many things an organization can do to keep attacks at bay. 

  • Implement cybersecurity program
  • Training employees on how to avoid phishing attacks
  • Limit who has access to patient health records
  • Backup plan in case of attack
  • Disaster recovery plan
  • Backing up data
  • Having HIPAA compliant email solutions


When measuring your organization’s security standards, remember that Paubox provides an easy compliant email solution. Our Paubox Email Suite provides advanced email threat protection to keep your organization secure and patient data safe. Paubox offers robust inbound email protection against threats like malware, spam, viruses, and phishing scams


Try Paubox for free


Paubox Email Suite for HIPAA compliant email

Keep your patient data safe from ransomware, phishing attacks, and other dangers with advanced email threat protection.


Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.