Tuesday, December 30, 2014

Obamacare's legacy: medical information hacking

Obamacare requires the use of electronic medical records (and even budgets to help that transition).  This looks to be a massively attractive target for the Black Hats:
Carl Leonard, principal security analyst for Websense, says hackers are breaking into the computer networks of health-care facilities with increasing frequency and taking valuable personal information that is often secured improperly. In August, Websense researchers reported that over the previous 10 months they had observed a 600 percent increase in attacks on hospitals (See “Hackers Are Homing In on Hospitals”). Leonard’s group now predicts that in 2015 the health-care industry will see a “substantial increase” in thefts of data.
Why are they doing it?  Like Willie Horton said about why he robbed banks, that's where the money is:
Credit card information is less valuable on the black market than it was several years ago, says Don Jackson, director of threat intelligence at the security firm PhishLabs. That market is flooded, and credit card information is becoming less useful without supporting identification information, he says.

Medical records, however, often contain both identification information, such as Social Security numbers, and financial information. This can be enough to build a near-complete picture of an individual. And such information can command hundreds of dollars from black-market customers wanting to impersonate someone for the purpose of accessing bank accounts or drug prescriptions.
Security:  not an afterthought, it wasn't thought of at all.

No comments: