Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, February 15, 2008

Report: Hacker Attacks Against Healthcare Organizations Up 85 Percent

Attempted attacks have increased from an average of 11,146 per healthcare client per day in the first half of 2007 to an average of 20,630 per healthcare client per day in the last half of 2007 through January.  Hunter King and Don Jackson, security researchers with SecureWorks Counter Threat Unit, attribute the increase in attacks to several factors.  These include the increase in client-side attacks (attacks against the employees’ PCs), the fact that healthcare organizations have large attack surfaces in which hackers can try and break in, the volume of personal, identifiable information and health insurance credentials being stored by healthcare organizations, and the valuable computing resources available to healthcare entities.

“Client-side attacks have continued to be popular with hackers because compromising an employee’s pc is often much easier than hacking directly into an organization’s database.  Many times it is simpler to compromise an employee pc because an employee’s position often requires them to have access to the web, whereas a company’s databases and backend servers are usually not open to outside networks.

Taking control of employee computers are also desirable because they have authority to communicate to a company’s backend systems, whereas communications coming from an IP address outside the network is often blocked.

Often times, healthcare organizations are architected with very open networks so as to conduct necessary business activities such as billing, the transfer of patient records, and communication with different physician networks. These open networks give hackers more openings in which to try and break in making healthcare organizations prime targets.

Healthcare Organizations Store Personal, Identifiable Information, Banking information and Health Insurance Credentials Healthcare organizations store a lot of valuable personal, identifiable information such as SSNs, names, addresses, age, in addition to banking and credit card information.  According to Don Jackson, who spent eight years working in healthcare IT security prior to coming to SecureWorks, healthcare organizations store other valuable information such as patients’ health insurance credentials.  These computing resources make healthcare entities a very attractive target to hackers because they not only have lots of PCs that can be harvested for valuable data, but these computers can be turned into spam bots.

Posted on 02/15