COVID-19 Pandemic Sparks Upswing in Healthcare Data Breaches

August 09, 2021 - The medical industry saw a spike in healthcare data breaches due to increased cyber vulnerabilities, according to a new report. 

The 2021 Identity Breach Report, PII Fuelling the Threat Economy: How Crisis Creates Targeted Vulnerabilities for Individuals, Executives, and Brands, published by Constella Intelligence on July 30, found that the healthcare industry saw a 51% increase in breaches/leakages compared to 2019, according to a press release.

“Companies in the healthcare sector saw a 51% increase in the proportion of breaches and leakages in which their corporate credentials were exposed, as compared to last year’s report,” it states. “Due to their essential role, it has been well documented that healthcare companies and organizations are facing increased vulnerabilities amidst the global pandemic.”  

Constella, a provider of digital risk protection, detected over 8,000 breaches containing over 12 billion records in 2020. 

“The report found that the COVID-19 pandemic engendered new vulnerabilities in the digital ecosystem for threat actors to exploit, resulting in items like vaccines, fraudulent vaccine certificates, and other COVID-19 related items being sold in dark marketplaces and underground forums,” the release notes.  

The report found that vaccine doses, including AstraZeneca, Pfizer, Moderna, and Sputnik, were being sold in various dark marketplaces with prices ranging from $8 to as much as nearly $850. 

“Threat actors are exploiting the pandemic for profits in underground markets, as has been well-documented by public and private research outputs since early 2020,” the report states.  

The researchers found that vaccines, both real and fake, and false vaccine certificates were for sale in underground markets.  

The report cites several dark markets selling the vaccines, including Steroid King, Cartel Marketplace, Tor Door Marketplace, DarkFox, and Invictus, with a wide range of prices for a dose.  

“As far as certificates go, German vaccine certificates are being sold for an average of $22.35, and COVID-19 antigen tests sell for an average $25 flat,” the report states. “Cryptocurrency is the exclusive form of payment.” 

The new report also found that the price of personally identifiable information (PII) spiked.  

“Notably, Constella, observed an exorbitant spike in the price of sensitive personal records sold in the deep and dark web, with the price of driver’s licenses, passports, and ID cards increasing significantly from the previous year analyzed – plausibly due to an increased demand for personal records during the pandemic,” the report notes.  

The data breach report notes that price for passports jumped by 1,185%, driver’s licenses by 328%, and ID cards by 642%. 

The surge is “possibly due to increased demand for false identification records during the pandemic,” the report states. 

“Although it is difficult to conclude the causal factors behind the substantial increase in records for sale in dark markets, we can point to certain trends that may have influenced this trend,” the report notes.  

“It is plausible that, due to the COVID-19 pandemic and limitations on travel and movement among countries, the demand for false documentation (such as passports, personal identification cards, and other types of identification documents) that permit access to foreign countries may have increased,” it notes.  

The findings of the report demonstrate how cyber criminals are exploiting a vulnerable global situation.   

“The anxieties and concerns associated with the public health crisis that has gripped the globe over the past year and a half have been converted into vectors of attack and exploitation,” it concludes.