Hospital Hackers
Cyberattacks against hospitals jumped 600% in the 10 months ending Aug. 31, Websense said.
That spike was partly due to a summer attack by Chinese hackers on Franklin, Tenn.-based Community Health Systems (NYSE:CYH). That affected 4.5 million patients in 206 hospitals across 29 states.
As hospitals and other health care organizations shift to electronic medical records, hackers want to exploit fledgling defenses to steal health care records that hold "a treasure trove" of personal information that can be used in many types of attacks and fraud, Leonard said.
The FBI's Cyber Division warns physicians that criminals are increasingly targeting electronic health records that are then sold on the black market for $50 or more per chart vs. less than $1 for credit card information.
As law enforcement and security company investigators collaborate to take down cybercrime gangs in the financial sector, crooks have more reason to go further underground.
Illicit underground "cybercrime marketplaces" are popping up where criminals buy, sell and trade malicious software, William Noonan, deputy special agent in charge of Secret Service cyberoperations, told the Senate Committee on Banking, Housing and Urban Affairs during a Dec. 10 hearing titled "Cybersecurity: Enhanced Coordination to Protect the Financial Sector."
Such marketplaces, some boasting 80,000 users, offer access to sensitive networks, spamming services, payment card data, bank and brokerage account information, hacking services and counterfeit identity documents, Noonan said.
Secret Service cybercrime investigations, focused on the financial sector, have resulted in more than 5,940 arrests over the past five years associated with $1.53 billion in fraud losses and prevention of $11.71 billion in potential fraud losses, Noonan said at the hearing.
The Department of Homeland Security's Computer Emergency Readiness Team reported there have been more than 220 hacking incidents at energy companies over the past two years. The agency, along with the FBI, is sharing the latest threats at classified meetings with energy providers and utilities in cities across the country.
Symantec researchers say groups calling themselves "Dragonfly" or "Energetic Bear" are among those that have compromised energy grid operators, electricity generation firms, petroleum pipeline operators and industrial equipment providers.
Regardless of industry, companies should set up multilayered security, with defenses on the perimeter as well as inside to limit damage and increase the amount of time the firm has to respond, says CyberArk (NASDAQ:CYBR) CEO Udi Mokady.
"Once hackers gain access, it's almost like a Pac-Man," he said. "They take the first bite and become stronger, bringing them to other areas of the network that they continue to explore until they get the data they're looking for."
By MICHAEL PERRAULT, INVESTOR'S BUSINESS DAILY
Posted 01/05/2015 06:21 PM ET
Integra Systems, Inc. is working on the next generation healthcare ID card for multi-factor authentication to include authentication to medical devices. Significant IP has been filed. www.blustor.co
