The bottom line: Health data is more valuable than other theft proceeds because it cannot be blocked and can be repeatedly exploited for fraud and extortion.
A twelve-month analysis by Trend Micro shows that patient information ranks among the most sought-after commodities on criminal marketplaces. Unlike credit card data, medical information retains its value permanently and enables diverse fraud schemes over many years.
Trend Micro’s cybersecurity team documented thousands of listings across underground forums, marketplaces and ransomware leak sites over twelve months. The investigation confirms that health information ranks among the most sought-after commodities in the cybercrime environment. The reason lies in its permanent exploitability: while credit cards can be blocked and replaced, diagnoses, treatment histories and biometric data cannot be exchanged. This makes medical data usable for fraud, extortion and identity theft over many years.
More than one-third of all observed health data listings originate from ransomware attacks. Modern extortion campaigns combine data theft with encryption to increase pressure on victims. Attacks on electronic health record providers are particularly lucrative, since a single successful access compromises numerous downstream clinics, medical practices and healthcare facilities simultaneously. Cybercriminals monetize stolen data multiple times: through insurance fraud, forged certificates and prescriptions as well as account takeovers of patients and employees.
Attacks are becoming more professional through division of labor. Specialized Initial Access Brokers first gain access to hospital systems and resell these access rights to other criminal actors. On criminal platforms, besides datasets, complete identity packages, insurance information and forged medical documents are traded. This significantly lowers the technical barriers for attacks.
An additional risk arises from the software supply chain: cybercriminals increasingly target software vendors and platform operators to achieve broad reach through their compromise. This makes securing digital supply chains a critical success factor for healthcare security.
Source: www.it-daily.net · Published 11 June 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.