Abney and Associates, Crisis looming as hackers dig into goldmine of unprotected healthcare records
A combination of poor cyber security and high-value information is going to make the healthcare sector the next major target for hackers and scammers, according to the Microsoft-backed team charged with taking down the world's biggest botnets.
"Healthcare is really in a disadvantaged place in cyber-security," said Patrick Peterson, CEO of security firm Agari, which worked on the Citadel botnet takedown with Microsoft's Digital Crimes Unit.According to the group's remarks, hospitals and healthcare organization’s are simply not making cyber security a priority.
"We studied from a statistical point of view which industries are doing the most to deal with malware," Peterson said. "Banks and social media sites are at the top while healthcare scores a near incomplete."
Agari has been spending its time monitoring criminal marketplaces online, and Peterson said that the price for a valid stolen credit card was only a couple of dollars on the black market.
Compare that to a patient's medical records, which will set a budding cyber-criminal back around £40 a person, and you get a sense of why healthcare organizations are going to be the next big target for the dark underbelly of the Internet.
The report comes as the UK government tries to push through the creation of the controversial £50 million Care. Data database, which has raised a number of serious security concerns, not least from the NHS itself.
"Medical records, if you know how to game people, allows a multitude of fraud options," said Richard Boscovich, assistant general counsel for the Microsoft Digital Crimes Unit.
"With that you can impersonate someone to get into their bank account, you can get everything down to the color of their hair and eyes, and if you know how to socially engineer a bank or a store or a credit card then the sky's the limit. These guys are good, we've seen that happen."
While it's understandable that a busy hospital is going to have a number of critical concerns that rank in higher priority than cyber security, if the problem isn't addressed, a real crisis could be looming in the future.