You want to know why an individual healthcare record is worth more on the black market ($50, on average) than a U.S.-based credit card and personal identity with social security number combined?
Healthcare records provide thieves with more options than credit cards.
A thief can use a healthcare record to submit false medical claims (and thus obtain free medical care), purchase prescription medication, or resell the record on the black market. This veritable menu of options also increases the value of these records, costing consumers and medical providers. The Ponemon Institute pegs the annual economic impact of medical identity theft at $30.9 billion.
Healthcare records are difficult to contain, simply because they contain a lot of disparate data, and are held in myriad locations: back office applications of insurance providers, hospital archives, clinical laboratories; and increasingly, on smartphones and tablets. An individual can't simply "cancel" a healthcare record the way they can a credit card.
These factors make healthcare data repositories a tempting target, whether they're hospitals, billing offices, insurers, or even the backseat of a clinician's car. Healthcare providers can stay one step ahead by conducting security risk assessments, as well as implementing mitigation measures such as IR (incident response) and forensics, and monitoring for any suspect activity within the walls of the healthcare provider. As a recent article in the Journal of Healthcare Information Management describes, using a basic approach that includes these measures can enable "healthcare organizations to focus their human capital and core resources on pursuing and managing innovation that furthers the mission of improving patient outcomes."