Criminals Stepping Up Healthcare Attacks

Thursday, February 28, 2008 by Mistlee

David A. Utter

Criminals Stepping Up Healthcare Attacks

It does no good to be the world's greatest security pro if the users on the network continue to browse to dodgy websites and click too-good-to-be-true links in emails. The real nightmare comes as the healthcare industry takes tentative steps toward embracing more connectivity.

One commenter on a Network World report summed it up well, saying he didn't want his hospital to be the TJX of healthcare. TJX, parent of retailer TJ Maxx, suffered an epic, long-running security breach that exposed millions of personal details to thieves.

Medical records include all the personal information a criminal could want: birth dates, Social Security numbers, addresses and phone numbers, etc. Though the doctor who made the comment saw compromised machines serving as spam relays or porn hosts as a current problem, criminals fully understand juicier prizes exist.

Security vendor SecureWorks said attacks against healthcare organizations grew to an average of 20,630 per healthcare client per day in the last half of 2007 thru January 2008.

PCs remain a top target, according to SecureWorks. A criminal who compromises one may be able to tap databases full of patient information, leading to identity theft and fraud.

Education efforts for employees and the right combination of software has to be part of the solution. We think the problem facing healthcare is no different than that of any other industry. To be fought effectively, threats should be combated at the boundary, not on the network.

We will also mention again a recent update at OpenDNS to provide hosted filtering of Internet sites. That free service could help greatly in keeping people away from potentially dangerous sites posing an attack threat to a PC.

SecurityProNews About Us News Archives Feedback