A recent research paper submitted to the United States Senate detailed how cybercriminals abused the stolen medical data.
These records are often sold on online black markets included in packages called “identity kits” or “fullz”.
According to James Scott, online criminals and fraudsters then use these as part of their modus operandi.
Scott is one of the authors of “Your Life, Repackaged and Resold: the Deep Web Exploitation of Health Sector Breach Victims” – the report submitted to the US Senate by the Institute for Critical Infrastructure Technology.
Their research studied the deep web, a part of the Internet they called “an amalgamation of all the sites that are not indexed by search engines and, in many cases, are not tracked by the same crawlers, ad services, cookies, and other trackers that hinder anonymity.”
Identity kits cost a few hundred dollars to make but can fetch thousands of dollars in the black market.
The deep web is a venue where criminals converge to conduct transactions that usually involve the buying and selling of stolen information.
Scott said that after a hack on medical records, the data usually “goes dark”. It will resurface after a period of time, but this time in a different variant.
He added, “…it will look like basic short-form ID theft material, but eventually the electronic health record will surface as a ‘fullz’ – the slang term on the deep web [for] a complete long-form document [containing] of all the intricacies of a person’s health history, preferred pharmacy, literally everything…”
After fullz are purchased, these criminal customers then go to a a different vendor on the black market for “dox” – a slang term for documentation. Dox are the source for a victim’s passports, licences, or social security cards; information needed to fully steal the identity of the person.
According to Scott, electronic medical records are usually sold for US $20, but doxs usually cost hundreds of dollars. These identity kits can then be sold for at least $1,500.
These ID kits could then be used for various crimes, but are usually used for pedophilia, illegal immigration, and launching more social engineering attacks.
Comprehensive multi-device protection for you and your family for up to 6 PCs, Macs, Android, and iOS devices. For more info click here.