The Cybersecurity Threat Environment

Near Intersect’s home in Lake Forest, IL is a historical marker commemorating the “Great Rondout train robbery. That heist by the Newton Gang netted them $3 million.  In 1924 this was the world’s largest theft. The same gang allegedly robbed 87 banks. Another robber, Willie Sutton, when asked why he robbed banks, answered “because that is where the money is.” In that era, trains and banks were the methods used to transfer and store money.

Since money is no longer transported on trains and banks no longer store large amounts of cash, they are no longer the scene of large robberies. “Sutton’s Law,” which states that one should first consider the obvious, provides the answer. Those locations are not where the money is now. Large thefts are now made electronically. They began with stolen bank and credit card data and have shifted to stolen medical records where the value is much higher.

The Black Market for Medical Records

The front-page lead article in the April 10, 2017 issue of Crain's Chicago Business read: "New frontier for hackers: Health Records. As more online thieves target medical data, hospitals and physicians' practices are playing catch-up." The article made a clear case for the reason behind this development: "As health records have gone digital in the past seven years, they've become far more vulnerable to poaching - and far more valuable to thieves, who can sell a complete medical record for more than $1,000 on the darknet. That's because the records contain not just your insurance info - which can be used for fraudulent billing and prescriptions - but also Social Security, driver's license and credit card numbers."

What's more is that, unlike credit card numbers, medical records do not "expire." When a credit card account has been breached, the issuer immediately cancels the number and reissues a new card. The loss is usually restricted to a modest amount. Credit cards also have expiration dates which invalidate accounts. Alternatively, much of the information in a medical record can not be replaced and never expires. As such, even a stolen medical record from a deceased person has value. These factors combine to increase the value of a stolen medical record to as much as 1,000 times greater than the value of a credit card number.

The Corporatization of Cyber Crime

Cybercrime groups are increasingly operating like traditional businesses. This new professionalism makes cyber-attacks more sophisticated and challenging to detect. That consideration was demonstrated in an IBM-sponsored assessment when 60% of chief information security officers said their attackers are more sophisticated than their defenses.

In benchmark research sponsored by IBM and independently conducted by the Ponemon Institute to discover the cost of a data breach, related findings were also published: Malicious or criminal attacks continue to be the primary cause of data breach. Fifty-two percent of incidents involved a malicious or criminal attack, 24 percent of incidents were caused by negligent employees, and another 24 percent were caused by system glitches, including both IT and business process failures.

The intersection of health and technology

CONTACT

230 Northgate Street #145,
Lake Forest, IL 60045
(847) 558-2258
info@intersecthealth.net

LATEST TWEETS