BreachExchange mailing list archives
Medical Records Are A Gold Mine For Cybercrime
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 25 Feb 2014 19:23:54 -0700
http://motherboard.vice.com/blog/medical-records-are-a-goldmine-for-cybercrime These days, credit card digits and even Social Security numbers are small potatoes for black market merchants and fraudsters. The real good stuff? Medical records. They're full of your most sensitive personal details, revealing a snapshot of your entire life history. Which is why cyberattacks targeting health care providers are escalating. A new report out today by security firms Norse and SANS found nearly 50,000 instances of malicious attacks on health care institutions, including 375 cases where the network was breached. Researchers collected the data by setting up "honeypot" traps to detect malicious traffic and tracing it back to the original source. The numbers confirm what a handful of earlier studies also found: That hackers increasingly have their eyes trained on the health care industry. Last year, it suffered more cyberattacks than any other industry in the US, including, for the first time, the business sector--by a long shot. "The report is a snapshot of what's happening throughout the industry," researchers wrote. "No health care organization is immune. Reports of breaches against health care organizations, large and small, continue to rise." Cybercriminals have good reason to target health care providers. Medical records can fetch $50 to $500 on the black market, experts say, compared with credit cards, which can go for as little as one buck, especially after a massive breach like the recent Target hack. Think about it: The confidential files contain your Social Security number, home address, insurance records, birth records, family details, billing info, medications, and medical history. It simply gives hackers more bang for their buck, and more options for how to exploit the valuable information: identity theft, insurance fraud, using prescriptions to buy or sell drugs, even holding sensitive data ransom. Not to mention, it can be dangerous to have cybercriminals messing with your medications and insurance policy. There's a lot more at stake than if someone swipes your shopping rewards card. Security experts attribute the influx of attacks to a "perfect storm" of vulnerabilities in the medical biz. One, the push to digitize medical records is putting more and more patient files online. Two, the Internet of Things trend has taken root in hospitals and doctors' offices, which stock a growing number of "smart" medical devices. And three, the health care industry is totally overwhelmed--we're in the middle of a crisis, remember. Staffers haven't prioritized infrastructure security, and researchers found security protocols were alarmingly inept in most institutions. One stolen USB gadget, compromised web camera, or flimsy password and an intruder can access thousands of patient records. Internet-enabled devices act like gateways into the network. And the proliferation of connected hardware--radiology imaging software, printers, web cameras, health monitors--means a growing number of entry points waiting to be exploited, researchers warn. Once in, a hacker can install malicious software to collect all all sorts of valuable information to use to wage an attack: type of network, IP addresses for computers and devices, passwords for firewalls, building blueprints, and encryption keys. Data thieves will sometimes dump piles of documents on a file-sharing site like 4shared.com, where it can sit exploitable for months before a breach occurs, the report states. Meanwhile, the health care provider has no clue they've got a bullseye on their back.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Medical Records Are A Gold Mine For Cybercrime Audrey McNeil (Mar 03)