By Mark K. Phillips, Bank Iowa

A stolen credit card number sells for about $5 on the dark web. A medical record, on the other hand, can go for as much as $50.

Why is the latter so much more valuable? There are several reasons.

First, one patient record is a treasure trove of personally identifiable information or PII. This is data such as social security numbers, birth dates, home addresses and even emergency contacts. Even better, patient records include the type of information rarely shared on social media or with financial institutions or other entities. These are details like chronic illnesses, allergies and physical or mental conditions, and of course, prescriptions. Armed with all of this information, a cybercrook can do way more than purchase a TV; he can take over the life of his victim.

Second, an individual can’t exactly “cancel” his or her patient records. A credit card, on the other hand, takes just one call to the financial institution or the toggle of a digital button within a card control app.

Third, medical records are still fairly easy to steal. As the Internet of Medical Things grows, many of the IT departments and third-party managed service providers responsible for thwarting the attacks are becoming overwhelmed. Systems simply aren’t being patched quickly enough. Crimeware as a service, a burgeoning trend within the underbelly of the Internet, is making it super simple for even unsophisticated criminals to deploy automatic attacks with minimal effort for big returns.

Given the above, it’s pretty easy to see why hospitals, clinics and surgery centers are increasingly under fire from cybercriminals. These network and cloud-savvy crooks are launching malware, cryptomining, ransomware and whaling attacks at health care providers left and right.

In 2017, the health care industry suffered at least 130 breaches that burned more than 3.3 million people. And these are only the attacks that were reported. According to Netsurion, most victims of medical identity theft paid an average of $13,500 to resolve the crime.

Here are a few tips Bank Iowa gives their clients to protect against cybercriminals:

1) Make sure each of your medical providers has your most current information on file. If they are breached and your information is exposed, you want to be sure they can reach you.

2) Check your credit reports three times a year. Each of the three bureaus offers one free report annually.

3) Use strong passwords, and never use the same one on your medical accounts that you use on social media or your online / mobile banking. Keep your passwords fresh, too. Don’t wait until a breach notification. Consider using a secure and trusted cloud-based app to help with password management.

Mark K. Phillips is cash management services manager for Bank Iowa, Iowa’s second largest family-owned financial institution. He can be reached at To learn more, visit Member FDIC.

Foster Group and Bank Iowa are unaffiliated entities. Foster Group is registered as an investment adviser and only transacts business in states where it is properly registered, or is excluded or exempted from registration requirements. Registration as an investment adviser does not constitute an endorsement of the firm by securities regulators nor does it indicate that the adviser has attained a particular level of skill or ability. All investment strategies have the potential for profit or loss.

PLEASE NOTE LIMITATIONS: Please see Important Disclosure Information and the limitations of any ranking/recognitions, at A copy of our current written disclosure statement as set forth on Part 2A of Form ADV is available at