Home / U.S / Medical data, cybercriminals’ holy grail, now espionage target

Medical data, cybercriminals’ holy grail, now espionage target

SINGAPORE, Jun 5 Whoever was behind a latest
theft of personal information from U.S. supervision computers, they
appear to be following a new trend set by cybercriminals:
targeting increasingly profitable medical annals and personnel

This data, experts say, is value a lot some-more to
cybercriminals than, say, credit label information. And the
Office of Personnel Management (OPM) crack suggested on Thursday
suggests cyberspies competence now also be anticipating value in it.

Cyber investigators from iSight Partners pronounced they had
linked a OPM penetrate to progressing thefts of medical annals from
Anthem Inc, a health word company, and Premera
Blue Cross, a medical services provider. Tens of millions of
records competence have been mislaid in those attacks.

All 3 breaches have one thing in common, pronounced John
Hultquist of Dallas-based iSight. While cyberespionage usually
focuses on hidden blurb or supervision secrets, these
attacks targeted privately identifiable information.

The stolen information “doesn’t seem to have been monetised and
the actors seem to have connectors to cyberespionage activity”,
said Hultquist, adding that nothing of a information taken in the
earlier attacks had incited adult for sale on subterraneous forums.

A source tighten a matter pronounced U.S. authorities were looking
into a probable China tie to a crack during OPM, which
compromised a personal information of 4 million stream and former
federal employees.

Several U.S. states were already questioning a Chinese
link to a Anthem conflict in February, a chairman informed with
the matter has said.

China customarily denies impasse in hacking, and on Friday
a orator for a Foreign Ministry in Beijing pronounced suggestions
it was concerned in a OPM crack were “irresponsible and

Hultquist pronounced iSight could not endorse that China was
behind a attacks, though identical methods, servers and habits of
the hackers forked to a singular state-sponsored group.


Security researchers contend that medical information and personnel
records have turn some-more profitable to cybercriminals than credit
card data.

The cost of stolen credit cards has depressed in online black
markets, in partial since large breaches have peaked supply.

“The marketplace has been flooded,” pronounced Ben Ransford, co-founder
of confidence start-up Virta Laboratories.

The result: medical information can be value 10 times as
much as a credit label number.

Fraudsters use this information to emanate feign IDs to buy medical
equipment or drugs that can be resold, or they mix a patient
number with a fake provider series and record made-up claims with

State-sponsored hackers competence not be after money, though would
also be meddlesome in such information since they could afterwards build a
clearer design of their target.

That, pronounced Philip Lieberman of confidence program company
Lieberman Software, would boost a chances of any targeted
email attack, or stalk phish, successfully obtaining
confidential data.

Others pronounced that, given a information influenced enclosed job
histories, those targets competence be in other government
departments. “It’s expected this is reduction about income and more
about gaining deeper entrance to other systems and agencies,” said
Mark Bower of HP Security Voltage, a information confidence company.

This seductiveness in some-more granular information is pulling hackers of
all stripes into some-more resourceful ways of perspicacious a defences
of hospitals and other institutions holding such data.

TrapX, a cybersecurity company, pronounced it had discovered
criminal gangs from Russia and China infecting medical devices
such as X-Ray systems and blood gas analysers to find their way
into servers from that they stole crew and studious data.

Other confidence researchers concluded this kind of conflict was
becoming some-more common.

Billy Rios, owner of confidence association Laconicly, pronounced he
had found putrescent systems while operative with several healthcare
organisations. “Clinical program is riddled with security
vulnerabilities,” he said.

A consult by think-tank a Ponemon Institute released last
month pronounced that some-more than 90 percent of medical organisations
surveyed had mislaid data, many of it to hackers.

“This is going to get worse before it gets better,” said
Carl Wright, of TrapX, that detected a breaches around medical

(Editing by Alex Richardson)

Article source: http://www.reuters.com/article/2015/06/05/cybersecurity-usa-targets-idUSL3N0YR30R20150605