Cyber crooks will go after medical records next

As security firms and law enforcement agencies continue to cooperate and successfully take down botnets, cyber crooks will be forced to look for new and more lucrative targets, and especially ones that are poorly secured.

In a panel held at the RSA Conference held last week in San Francisco, the Microsoft/Agari team behind the Citadel botnet takedown said that these new targets will likely be in the healthcare industry.

After explaining just how they went about effecting the takedown, they explained the reasoning behind their belief that healthcare IT systems and hospital databases are next in line for data breaches.

Agari CEO Patrick Peterson shared that the price of medical records belonging to a single person might fetch around $60, while a single credit card record is worth a couple of dollars in the underground markets.

He also pointed out that among the industries targeted so far, financial organizations and social networks have worked hard on protecting their customers, and have made cybercriminals’ attempts more difficult and, therefore, more costly.

On the other hand, the majority of the healthcare industry has not followed suit.

In addition to all this, medical records give crooks much valuable information about a target that can be misused for mounting effective social engineering attacks, noted Richard Boscovich, assistant general counsel with the Microsoft Digital Crimes Unit.

You might believe that information such as that contained in medical records might be that helpful, but in the hands of skilled social engineers it can turn to gold. “These guys are good, we’ve seen that happen,” commented Boscovich.