Health industry top target of cybercriminal group

A cybercriminal group, FIN4, is targeting the email accounts of individuals who have access to private and valuable information, with the healthcare industry targeted most, according to a new report.

Instead of infecting computers with malware or a virus, this group gains access to people's usernames and passwords, according to the report from security company FireEye. Two-thirds, or 68 percent, are public healthcare and pharmaceutical companies.

Some of the hackers top targets include: C-level executives and senior leadership; regulatory, risk and compliance personnel; researchers; and scientists, the report says. And among those in the healthcare realm, 50 percent are in the biotech industry and 13 percent are in the medical device industry.

Much of the information FIN4 is gathering is on mergers and acquisitions--which are both booming in the healthcare industry.

"We believe FIN4 heavily targets healthcare and pharmaceutical companies as stocks in these industries can move dramatically in response to news of clinical trial results, regulatory decisions, or safety and legal issues," the report's authors say.

Because FIN4 uses simple tactics to gain information--like spearphishing and theft of valid credentials--it makes their activity hard to detect, according to the report's authors. However, they add, companies can protect themselves through disabling VBA macros in Microsoft Office by default, enabling two-factor authentication for Outlook Web App and checking their network logs for OWA logins from known Tor exit nodes if they suspect they are victimized.

This is just the latest threat to the security of healthcare information. Earlier this year, the Heartbleed bug paved the way for hackers to access a computer system at Community Health Systems. That breach compromised the data of more than 4.5 million patients and may cost CHS as much as $150 million.

Cybersecurity has remained, and probably will for some time, the most pressing issue for healthcare providers.

To learn more:
- read the report (.pdf)