Medical Records are Worth $50 Each on the Black Market

Veriphyr proactively reports impermissible use of PHI the first time it happens.


A single patient’s personal protected health information (PHI)  is worth $50 on the black market, according to a panel of experts at the Digital Health Conference held in December 2011 in New York city.

The panel of experts pointed out that instances of impermissible use of patient privacy at healthcare and insurance companies are an increasing source of stolen medical data. This includes data lost or stolen by insiders such as healthcare or insurance workers.

Criminals sell an individual’s medical records at a such a high price because, unlike a stolen credit card, medical records cannot be cancelled. This also means it is much harder to prevent stolen medical data from being used.

Medical record data is worth $50 on the black market. Much more than Social Security numbers ($3), credit card information ($1.50), date of birth ($3), or mother’s maiden name ($6).

Impermissible use of medical data — such as electronic health records or patient financial data — is lucrative because thieves submit it for an insurance tax refund, commit credit card fraud, and other forms of identify theft – all at the patient’s expense.

High profile patients run an even higher risk for their medical privacy being breached due to increased interest in their records: eleven out of 58 cases of impermissible use at a prominent university hospital in 2017 involved the records of high profile patients.

The panelists at the Digital Health Conference explained how impermissible use of medical data is detectable; activity in electronic health record applications and other clinical and financial computer systems can be tracked and analyzed.

Learn how Veriphyr uses Structural Analytics to detect “impermissible use” of patient data in clinical and business applications by employees, contractors, and third parties.

(b) Digital Health Conference – Digital Health Conference, December 1-2, 2011
(a) DHC: EHR Data Target for Identity Thieves – MedPage Today – 12/07/2011