Gyala recognized as  Sample Vendor in the Gartner's document“Emerging Tech: AI in CPS Security”  Read

How much is your medical record worth?

On the dark web, a single medical record can sell for up to $1,000

Far more than a credit card or a digital identity. But what makes this data so valuable? And what can healthcare organisations really do to defend themselves?

The steady wave of cyberattacks shows that our medical data have become a goldmine for cybercrime. We are not just talking about names, tax codes, or test results: we are talking about stories.
The real stories of people.

And in 2025, these stories — once stolen — are worth their weight in gold on the dark web, fetching prices up to ten times higher than a credit card.

Why?

Because a complete medical record is not just a document — it’s a fully usable identity.
It’s so valuable because it contains highly detailed personal information: full identity data, national insurance number, medical history, diagnoses, treatments, medications, and insurance details.

What kind of data are we talking about?

  • Complete personal information: The more personal and identifying data included (name, surname, national insurance number, addresses, contacts), the easier it is to carry out identity theft effectively.
  • Extensive medical history: Records with long treatment timelines, diagnoses, and therapies provide rich details for healthcare or insurance fraud.
  • Financial/insurance data: Policy numbers, reimbursement claims, and bank references increase value because they enable direct fraud or phishing.
  • Sensitive health information: Psychiatric diagnoses, rare diseases, HIV status, addictions, or any data exploitable for blackmail or coercion.
  • Attached ID documents: Copies of ID cards, health cards, or permits raise value as they facilitate identity reconstruction.
  • Multiple data points on the same person: A dataset that extends beyond clinical information (e.g. employment, education, marital status) enables illicit cross-market use in multiple criminal domains.

The combination, depth, and persistence of these data — which are hard to modify after a breach — determine the extremely high black-market value of medical records.Health data remain valid for years and can be resold and reused by multiple attackers.

In short, the value of a medical record on the dark web comes from the richness and durability of its information, the variety of criminal uses, and the difficulty of neutralising the data after a breach.

The most common criminal uses

Medical identity theft: Criminals use data such as names, national insurance numbers, diagnoses, and treatments to access healthcare services, obtain drugs, claim reimbursements, receive medical care, or commit insurance fraud.

Fake prescriptions: Electronic prescriptions and drug data are exploited to obtain expensive medicines for resale or to produce forged medical documentation.

Fraudulent reimbursement claims: Administrative and insurance data are used to submit fake claims to insurance companies, often on a large scale.

Blackmail and extortion: Information about sensitive conditions or medical circumstances is used to threaten patients or doctors to extract money or favours.

Data manipulation for visas or certificates: Stolen health data are sold to individuals who need to bypass medical restrictions for travel or obtain specific certifications.

Resale to pharmaceutical or marketing firms: Large datasets are traded to companies for analysis, drug development, or targeted advertising.

Targeted phishing and personalised attacks: Detailed information about health and habits fuels customised phishing and social engineering campaigns.

Those who work in healthcare know it well: hospitals are not “just” hospitals — they are complex critical infrastructures, where:

  • IT systems are often fragile or outdated;
  • OT devices (medical equipment, PLCs, sensors) were never designed to be online;
  • Wards must stay operational 24/7;
  • Technicians connect remotely, and suppliers share VPN access.

The attack surface is enormous: in 2024, the Italian healthcare sector saw a 15% increase in cyberattacks.
What’s needed is instant response, combined with smart prevention and supply-chain control —
a system capable of reacting at the first signal, even without human supervision, even on an ECG machine still running Windows XP.

What’s needed is instant response, combined with smart prevention and supply-chain control —
a system capable of reacting at the first signal, even without human supervision, even on an ECG machine still running Windows XP.


Real-world protection requires real-world answers

  • Where IT and OT coexist (but speak different languages);
  • Where you can’t install antivirus software on medical devices;
  • Where no one has time to run a 24/7 in-house SOC;
  • Where the infrastructure is a mosaic of new, legacy, segregated, and interconnected systems.

Enter Agger

A platform that protects and reacts autonomously — without human intervention.
It learns from system behaviour, detects anomalies in real time, and responds instantly.

Not just alerts.
Not just logs. But automated, customisable actions for every single IT and OT endpoint.

Complete network visibility
to always know who is talking to whom, what is moving, and what is changing.

Modularity
to secure complex networks without rebuilding them from scratch,
and to operate across hybrid, legacy, cloud, and segregated environments.