Automated Solution Searches Dark Web for Stolen Healthcare Data

Hackers are targeting healthcare organizations and are breaking through defenses and stealing data. Healthcare data carries a high value on the black market and the potential profits from a healthcare data breach are considerable. It is therefore no surprise that healthcare data breaches are on the rise. The Department of Health and Human Services’ Office for Civil Rights data breach portal shows healthcare data breaches are occurring at record levels.

A look at the breach notices issued by healthcare organizations reveals that it often takes months to discover that cybercriminals have gained access to systems and have stolen data. The longer it takes for a breach to be discovered, the greater the resolution costs are likely to be. Fast identification of data breaches allows healthcare organizations to take prompt action to mitigate risk and warn patients of instances of data theft.

Now, healthcare organizations have been offered a new tool that can help identify data breaches more quickly. Rather than searching end points and servers for potential intrusions, the new tool looks for hard evidence of data theft.

Hackers may be able to steal data, but they must then turn that stolen data into cash. To do that, hackers commonly try to sell the stolen data on the darknet. By monitoring the darknet for stolen data, healthcare organizations can identify data breaches more quickly.

Terbium Labs has announced it has a solution. The Baltimore-based firm has developed a new automated data intelligence solution that can rapidly identify stolen data on the dark web. The solution, called Matchlight, could shorten breach detection from months to a matter of hours, according to the firm.

The firm’s solution creates a digital fingerprint of data, allowing it to be rapidly identified when it turns up on the dark web, via a data dump or a marketplace listing.

One of the problems with such a solution would be healthcare organizations would have to disclose ePHI to the solution provider. However, in this case, Terbium Labs does not need access to sensitive data.

Danny Rogers, co-founder and CEO of Terbium Labs, says “We can monitor for HIPAA-protected information in a way that we don’t ever have to possess patient data.” The system detects the data signature and alerts the healthcare provider the instant it appears on the darknet.

Even with the most advanced cybersecurity defenses, data breaches still occur. Being able to track instances of data theft allows healthcare organizations to take rapid action to mitigate risk and protect patients. Fast detection of data breaches not only limits the harm cased, it can also reduce the cost of mitigation.

A data breach takes an average of 200 days from the date it occurs to the organization discovering data has been stolen. Matchlight can reduce that time frame to hours.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of