Hacking medical records on the rise; McAfee Labs
Intel Security has highlighted the healthcare sector is at risk from cyber crime
Intel Security released its "McAfee Labs Health Warning" report which addressed how cybercriminals are beginning to target intellectual property in the pharmaceutical and biotechnology industries, highlighting cyber crime in the health care sector is growing.
Intel Security found that the price per record for stolen patient medical records remains lower than financial account records and retail payment account information, despite the increasingly time-sensitive, or perishable, nature of data such as credit and debit card numbers.
Intel Security's research found the average health record price point to be greater than that of basic personally identifiable information, but still less than that of personal financial account data. The per record value of financial account data ranged from $14.00 to $25.00 per record, credit and debit cards drew around $4.00 to $5.00, but medical account data earned only from $0.03 to $2.42.
The findings suggest financial account data continues to be easier to monetise than personal medical data, which could require an investment that financial payment data does not require. Upon stealing a cache of medical records, it is likely cybercriminals must analyse the data, and perhaps cross-reference it with data from other sources before lucrative fraud, theft, extortion, or blackmail opportunities can be identified. Financial data, therefore, still presents a faster, more attractive return-on-investment (ROI) opportunity for cybercriminals.
Raj Samani, Intel Security's CTO for Europe, the Middle East, and Africa, said: "In an industry in which the personal is paramount, the loss of trust could be catastrophic to its progress and prospects for success. Given the growing threat to the industry, breach costs ought to be evaluated in the second economy terms of time, money, and trust, where lost trust can inflict as much damage upon individuals and organisations as lost funds."
Intel Security's research also investigated the targeting of biotechnology and pharmaceutical firms for their intellectual property and business confidential information. The researchers suggest that the economic value of such information is considerably higher than the cents-per-record data Intel Security's researchers identified within patients' health care accounts.
"When a well-developed community of cybercriminals targets a less prepared industry such as health care, organisations within that industry tend to play catch-up to protect against yesterday's threats, and not those of today or tomorrow," Samani continued.
"Gaining the upper hand in cybersecurity requires a rejection of conventional paradigms in favour of radical new thinking. Where health care organizations have relied on old playbooks, they must be newly unpredictable. Where they have hoarded information, industry players must become more collaborative."