Chinese hackers targeting the healthcare industry

Gangs of Chinese hackers are targeting the U.S. healthcare industry, going after intellectual property associated with new drugs and devices as well as business processes that improve efficiency, according to an article at Dark Reading.

Generally, hackers are looking for financial information they can use for identity theft and other financial fraud, but cyber espionage from Chinese gangs is growing, according to security firm CyberSquared. It released a white paper outlining some of the recent attacks.

"Many of these victims have technology or drugs that are a monopoly," Rich Barger, chief intelligence officer with CyberSquared, told Dark Reading. "If you are the first to market with some great new technology breakthrough or drug, and you get a profit from that research ... it would definitely be an issue for the Chinese to target some of these [firms]."

Though healthcare is not the only industry sector being targeted, lax security amid the push to go more digital makes it an easy target, according to the white paper.

Lack of spending on healthcare data security increases the odds that healthcare will be a cyberterrorism target, according to the journal Telemedicine and e-Health. The industry is difficult to protect because it is made up of "decentralized and loosely coupled organizations," rather than a homogenous entity, it notes.

What's more, Avi Rubin, a computer scientist and technical director of the Information Security Institute at Johns Hopkins University recently told the Washington Post that he'd never seen an industry with "more gaping security holes" than healthcare.

Still, cybersecurity ranks among the top priorities for members of the National Association of State Chief Information Officers for 2013. NASCIO officials said the nation lacks "the level of federal and state investment and leadership" necessary to reduce risk and ensure safety in areas like healthcare.

A commentary published earlier this month in the New England Journal of Medicine called on healthcare organizations to adopt best practices as the best place to start to ensure data privacy and security.

Last spring, European hackers breached Medicaid files from the Utah Department of Health. The breach wound up impacting close to 800,000 individuals.

To learn more:
- find the article
- here's the white paper (.pdf)