Evidence Solutions, Inc., (ESI) is a premier forensics company founded in 1982.

ESI Provides Elite Experts in:

Digital and Electronic Evidence, Computer Forensics, Cell Phone Forensics
Trucking, Truck Accident Investigation and Trucking Regulations, Truck Safety Consulting, Heavy Vehicles & Hazardous Materials
Sports and Fitness, Fitness Facility Standard of Care
Real Estate & Land, Real Estate Syndication
Bankruptcy and Corporate Governance
Accident Reconstruction & Product Failure Analysis!

Call Us For A Free Consultation! 866-795-7166




Electronic Medical Record Forensics Expert:
Why Electronic Medical Records are Attractive to Hackers.

EMR data is more valuable in the black hat hacker market than identities.

Data Security Forensics / Digital Evidence Forensics Articles

Part of our Forensics practice at Evidence Solutions,Inc. includes Electronic Medical Record (EMR) / Electronic Health Record (EHR) forensics. We take special interest in finding out about hacking events that affect Electronic Medical Record (EMR) Systems. Here is some information that we think you will find interesting:

Electronic Medical Record Data Breach Forensics

The Value of Electronic Medical Records to Hackers

In April of 2012, the Utah’s Department of Technology Services (DTS) and Utah’s Department of Health (UDOH) announced that over 280,000 EMRs from their Medicaid and Children’s Health Insurance Plan were stolen by hackers allegedly operating from Eastern Europe. The number of records stolen increased to an estimated total of 780,000 by the end of April 2012.

In December of 2013, hackers are estimated to have accessed data on a software development server in Vermont 15 times before being noticed. The server was owned by the Vermont Health Connect (VHC), the state's health insurance exchange arm of the Affordable Care Act. The attack was tracked back to a Romanian IP Address. The hacker attack went undetected for approximately one month. Fortunately the system that was hacked only contained test data, there was no “real” data on the server.

In May of 2014, State of Montana's Department of Public Health and Human Services (DPHHS) announced a hack which impacted up to 1.3 million individuals. The hack, which is also believed to have originated in Eastern Europe, attacked Montana’s DPHHS roughly 17,000 times an hour until the system was successfully breached.

Between April and June 2014, Community Health Systems (CHS) based in Franklin Tennessee was compromised and an estimated 4.5 million patient Electronic Health Records (EHR) were accessed. In this case the hack was believed to be based out of China. CHS operates 206 hospitals in 29 states and is currently doing further investigations regarding the attack.

This list is by no means the entire list of EMR Systems which have been attacked. The trend to hit large targets, however, appears to be growing. Health care leaders need to be more diligent than they have been in terms of security. While external attacks are becoming more common, other threats include: lost laptops and unauthorized access to records. The health care industry needs to defend against sophisticated cybercriminals who seek critical medical data to commit fraud or turn a profit.

While the value of stolen credit cards, Social Security Numbers, Identities and Electronic Medical Records varies, several sources we found indicate the following “sales prices”:

Social Security Numbers: from $0.25 to $3.00 each
Credit Card Numbers: from $2.00 to $9.00 each
Identities: From $5.00 to $10.00 each
Electronic Medical Records: From $100.00 to $1000.00 each

So why are medical records so valuable? Not only do medical records contain Personally Identifiable Information (PII) such as name, address and social security number, they also contain eligibility information and health insurance identification numbers which could allow someone to receive free medical care, including surgery.

Finally, children’s records are particularly valuable to cyber criminals because their lack of a credit report and bank account makes it difficult to monitor them for identity theft. It is possible for their identity to be exploited for years before it is uncovered. According to a report published by AllClear ID, the percentage of identity theft doubled between 2011 and 2012 data for children 5 and under. The company says: “10.7% of the children scanned from our data were victims of identity theft. This is 35 times greater than the rate of identity theft seen in adults in the same population.”

There is no doubt some of these children’s identities were obtained from EMR Systems, and were used to steal children’s identities.

By Scott Greene

Evidence Solutions, Inc.

Complex Electronic Evidence in PLAIN English.

Call us today with your Electronic Medical Record Evidence Questions: 866-795-7166 or This email address is being protected from spambots. You need JavaScript enabled to view it.


Related Forensics Expert Articles:

Three Big Data Breaches Announced This Week

Electronic Medical Records (EMR) & Copy-and-Paste = Fraud?

Nosy Healthcare Employees Snoop Electronic Medical Records! 

Healthcare Industry is Vulnerable to Cyber Attacks 

Electronic Medical Record (EMR) Forensics 


Complex Electronic Evidence in PLAIN English.

Like Evidence Solutions - Electronic Evidence on Facebook

Follow Evidence Solutions - Digital Evidence Division on LinkedIn

Circle Evidence Solutions - Digital Evidence Division on Google+

Google+ Author

Google+ Publisher