Friday, August 01, 2014

It Looks Like Things Are Getting Much Nastier Out There! Be Prepared And Alert.

This appeared a little while ago.

Why Hackers Are Targeting Health Data

CIO: 'Today It's a Totally Different Kind of Attack'

By Marianne Kolbasuk McGee, July 7, 2014. Follow Marianne @HealthInfoSec
Two years ago, a Utah Department of Health server was breached, allegedly by Eastern European hackers, and 780,000 individuals were impacted.
Last month, the Montana health department confirmed a server breach impacting up to 1.3 million individuals.
And now the State of Vermont confirms that a development server of the Vermont Health Connect, the state's health insurance exchange under the Affordable Care Act, experienced a cyberattack last December, in which hackers allegedly accessed data 15 times. The attack, which was tracked to a Romanian IP address, went undetected for about a month.
In this latest case, because the server was only a development system that did not contain any production data, there was no breach, Lawrence Miller, Vermont's chief of healthcare reform, tells Information Security Media Group.
Still, the incident was a wake-up call to Vermont, and technology services firm CGI Group, which developed the state's exchange and hosts it. "We're constantly evaluating and improving security," Miller says. "I can't speak for the hackers' motives, but anytime hackers attack it's usually because they're looking for something of value, or are doing it for the sport of seeing what they can do."
Combined, these incidents represent a trend that has caught the attention of healthcare security leaders nationwide. External attacks are on the rise, and healthcare organizations need to be prepared to defend against more than the more common threats they see - i.e. lost laptops and unauthorized access to records. They need to defend against sophisticated cybercriminals who seek critical medical data to commit fraud or turn a profit.
In the past, "hackers were MIT freshman who attacked the Harvard network for fun," says John Halamka, CIO at Beth Israel Deaconess Medical Center in Boston. "Today it's a totally different kind of attack - highly sophisticated, organized criminals attempting to get medical Identities."
While a stolen Social Security number might sell for 25 cents in the underground market, and a credit card number might fetch $1, "A comprehensive medical record for me to get free surgery might be $1,000," Halamka says. "It is a commodity that is hot on the black Internet [market]."
Much, much more here:
There are a range of useful ideas found in the rest of the article.
I especially liked the suggestion of using ‘big data’ approaches to analyse logs.
"The Internet is increasingly a swamp," Halamka says. "It's no longer sufficient to just look at standard security logs. You need integrated security information event management that brings together network logs, users logs, application logs and server logs, and looks for non-obvious associations."
I would be interested to see how useful that might be.

No comments: