The biggest medical data theft cases

24 Sep, 2022
09:40 min read

Assaults on data on secured networks jeopardize every individual's privacy, but attacks on medical data are particularly harmful. A direct attack on life occurs when medical data is compromised. Healthcare systems are interrupted, and lives are lost each time ransomware finds its way into medical databases. In a centralized system, the medical data is exposed to three types of attacks: ransomware attacks: which block access until a ransom is paid, malware attacks: which steal and may destroy data, and big bulls, who would like to control it and profit from it just out of greed. The world has moved past this point, and people now expect that as technology advances, lives will be protected rather than put at risk. As more and more attackers become aware of the value of the data in their possession, the number of data theft cases in the medical business is enormous and rising daily. These thefts will continue unabated without a mechanism to safeguard the entire data system. 

Brief review of data heist in history

The present internet security system has, over time, detected significant thefts that are continuously occurring. The Yahoo security breach is regarded as one of the largest data theft in history. It was claimed that as early as 2015, up to 3 billion user accounts were compromised on Yahoo. For the industry, this was the beginning of the end. According to reports, the breach sprang from a weakness in the Yahoo system, endangering every customer whose data was stolen.

Another data theft involving millions of Indians' personal information occurred using the Aadhaar database. According to the allegations, the stolen data are tied to every aspect of residents' lives, including biometrics, bank accounts, and many other things.

In 2019, The first American Financial Corp, an insurance service provider, was equally hacked. In this security breach, more than 885 million data were exposed. The access was granted through a design defect in the company's security. Other notable data heists with significant data losses include:

Recently, there has been an increased emphasis on using medical data as it is more profitable. This is because identities might be perfectly forged with medical data far more easily than with credit card data or any other data type. In addition to hackers, whales enticing their way into the healthcare industry are also aware of the value of medical data. According to reports, the University of Chicago collaborated with Google to expand her medical outreach and tap into the potential for future improvements in health care. The university was sued for violating patient privacy from 2009 to 2016 by giving Google access to patient data without authorization. Over time, Google is reported to have developed and improved its digital health tools using medical records that contained data on things like height, weight, past medical histories, current health status, conditions, diseases, and a lot more. A similar collaboration between Google and the Universities of California San Francisco and Stanford was also rumored. These are a few facts about these situations in the medical field, which is constantly in a state of frenzied activity.

Data theft cases in the medical world

Attacks are becoming more and more likely in cases of data theft. Since ransomware and malware are getting better at attacking the security system as the present operating systems get upgraded. Ultimately, it seems to come down to trying your hardest and hoping you're not the next victim. In this regard, the US government recently released a security notice. Attacks against the US healthcare database system have received a lot of attention. They said that ransomware attacks from North Korea are targeting hospitals and other healthcare facilities. According to the authorities, ransomware attackers who North Korea supports are utilizing the Maui ransomware to encrypt servers and execute attacks against the computers of unwitting victims. Actors behind the Maui ransomware allegedly made $731 million from the ‘business’ last year. Ransomware criminals know that the healthcare industry is a target because other issues are at risk besides money. The number of people impacted by healthcare attacks increased from 34 million in 2020 to 45 million in 2021. According to the report, which examines breach data submitted to the U.S. Department of Health and Human Services (HHS) by healthcare organizations, that number has increased by three times in just three years, from 14 million in 2018. Few of the attacks on health care databases in the past include: 


Hackers used a cryptoworm to attack the Microsoft Windows operating system in May 2017. They ransomed the data for bitcoins after encrypting it. The assault spread via "Eternal Blue," a flaw in the Microsoft operating system at the time. The NHS was included in the attack, which compromised over 2000000 machines in 150 countries. This attack cost the NHS £97 million and £6 billion. All around England and Scotland, it impacted appointments and operations. There were a lot of cancellations and rebookings of emergency patients as a result. It was finally put to an end by Marcus Hutchins' creation of the kill switches.


A hospital chain was affected by a Ransomware attack in 2020. It is connected to over 400 locations in the US. The failure of the network resulted in practitioners filling in data with paper and pen and being unable to access data on their network. It was difficult for nurses and doctors to perform their duties because every firm's data was encrypted from their reach. It was alleged that the malware started running slowly and eventually stopped. In contrast, others say all kinds of computers just started shutting down. Inaccessibility of data dramatically slows down systems and turns emergency patients away.


The typical case of how ransomware can directly affect life is that of a reported case of a 78-year-old woman suffering from an aortic aneurysm. Her normal routine pick-up was disrupted, and the emergency was turned away to a hospital that is 32 km away. This delayed her treatment by an hour, and she died shortly after. This and others alike and more that doesn't even make it to the internet are resulting from System downgrades. Even though the occurrence can be pursued as the attack doesn't seem to have a direct link to the death to be sued for manslaughter, it's only a matter of time before ransomware leads to the direct death of patients probably not making it to the internet. Attacks like this have limited the use of technology by some hospitals for fear of security breaches.


Shield healthcare group is one of the most recent attack in march earlier this year. Unknown parties launched malware to shield healthcare databases and access their stored information. This information Includes Social Security Numbers, Birth dates, Addresses, Patient Ids, and more. Although there's no evidence of fraud or theft in the information stolen, patients live with their hearts on their sleeves due to the likelihood of a non-pleasant use of their data in the near future. 

Security breaches in healthcare are not new and are on the increasing side. Some other notable ones include:

  • The health South scandal which occurred in 2003 and millions of records were lost.
  • The community health data breach in 2014 where about 4.5 million patient records were exposed across hundreds of hospitals.
  • The UCLA Health Attack in 2015 which affected over 4 million data. 
  • The cyber attack on Excellus BlueCross BlueShield in 2015 affected over 10 million patient's data. The stolen data features SSN, PD, Credit card Information, and medical histories.
  • The Premera blue cross attack in 2015, which affected more than 11 million patients.
  • The Anthem attack 2015 where Hackers stole about 79 million records. 

Implications of medical data theft

The size of the worldwide big data in healthcare market was estimated at USD 32.9 billion in 2021 and is expected to reach USD 105.73 billion by 2030, growing at a CAGR of 13.85% from 2022 to 2030. These apparent benefits have predisposed medical data to serious thefts.

The after-effects of data heists are in two ways: monetary and non-monetary. While the Monetary involves the institution faced with a hefty sum for losses during an attack or ransom paid to decrypt data, the non-Monetary affects the reputation of institutions and individuals' data use.

Stolen data from medical databases may be used to get fake prescriptions in the owner's name, which might be expensive. The data can be sold off in a black market that predisposes its uses in many shady deals. A healthcare data record is said to be worth up to $250 per record on the black market, according to a Trustwave research. An Experian however claims the worth is about $1000 and above

Hackers might as well fake identities and file fake insurance claims. Data owners might be robbed of their hard-earned money, and their identities might be used to commit crimes and lots more. The best measure is tight data security and preventing personal data exposure to non-authorized persons.

Way forward

Malware/Ransomware directly attacks databases. These databases are mostly encrypted and secured with passwords. Despite this measure, they are mostly designed to be easily accessed by users, making them inherently vulnerable to attackers. An upgrade in corresponding malware accompanies every operating system upgrade. Over 50 percent are as a result of insider error or misuse. Solving the root of data thefts and increasing transparency in data use will require an entire change in the operating systems. The centralization of the current operating system is the root of every vulnerability.

Data stored on decentralized platforms are complicated to tamper with. This is accompanied by transparency in the use of medical data by every institution. Decentralizing medical data is the only proven way Patients can safely relax their records hidden away from any attack. This is because it uses the Blockchain technology to safely guard every data. The Blockchain technology protects its storage systems through distributed ledgers across millions of computers worldwide. In a nutshell, to successfully tamper with a blockchain-backed network: you would need to tamper with millions of computers worldwide which is most likely impossible.

Long story short

Aforesaid is prevented by DeHealth, AI & Medical Data-Based Mobile App, a decentralized application (dApp) that allows users to securely and autonomously not only store their medical data in one place but also share, manage, and monetize it directly on the dApp.

Data is recorded in the DHLT Network, making it immutable and secure in the private chain. The DeHealth Network utilizes a Proof-of-Authority consensus mechanism, and all the nodes are run internally on secure server networks. Leading Blockchain cybersecurity auditor Hacken audited DeHealth smart contract security and architecture quality, finding it to have a security score of the highest standards.

All data in the DeHealth App is encrypted and stored in a decentralized network. The system complies with Data Protection Law, GDPR, HIPAA, and the Data Protection Act to ensure that the information attached to the user’s unique ID is depersonalized and always remains anonymous.

The data synchronized from MIS, a clinic, lab, or any other data provider are authenticated and encrypted in HL7 format by the SHA256 algorithm. Health Level Seven (HL7) is a standard that defines a format for transmitting health-related information. At the same time, Secure Hashing Algorithm (SHA) 256 encrypts the transferred data by transforming it into a secure unreadable format. DeHealth users can share their data and know exactly how it’s used. In addition, users can revoke the data they share at any time. Finally, and most importantly, they never use their data — only depersonalized records appear in datasets.

Learn more about how medical data are protected in DeHealth dApp in this guide

Related Articles



DeHealth is pleased to announce the addition of Anita Lane to the global DeHealth team who will serv…

24 Jun, 2024
24 seconds read
📢 DeHealth is partnering with Scale Up!

📢 DeHealth is partnering with Scale Up!

📢 DeHealth is partnering with Scale Up to introduce our health-tech innovations worldwide! At DeHeal…

21 Jun, 2024
34 seconds read
DeHealth - Super App!  Your Health in Your Hands

DeHealth - Super App! Your Health in Your Hands

DeHealth Super App — Your health in your hands! We are thrilled to announce that DeHealth is now acce…

19 Jun, 2024
01:22 min read

You subscribed successfully

You have successfully subscribed, we will be one of the first to inform you about our significant updates.

Subscribe to our social media

Let's subscribe

Be the first to know about our news and updates

Subscribe to our social media