Today's technological age brings about new challenges not only for storage space, but the primary concern being data security. With the looming threats to data centers, big business and government entities, information security has become a newfound priority for most. One area that has yet to be guarded as a vulnerability is medical data, which cybercriminals are claiming to be the holy grail of data theft.
Medical data includes a wide assortment of information about individuals all over the world. To cybercrooks, medical data is worth a lot more than credit card information or even a person's banking account login credentials. With medical data, crooks could initiate cyber espionage activity and sell the information to the highest bidder. In all, stolen medical data could grant cybercrooks a handsome payday that lasts for many years. Think of it as their golden ticket to a life without worrying about money ever again.
In the recent data breach on the U.S. government potentially exposing records of nearly 4 million employees and former employees, it raises eyebrows as to how vulnerable infrastructure is around sensitive data. Security researchers have said that medical data and personal records have become more valuable to crooks than anything else, including our previous mention of credit cards. It is said that medical data could be worth up to ten times as much as credit card information, mostly due to the black markets being flooded with credit card numbers that serve very little monetary gain for most crooks.
After the attack on the U.S. government, which is believed to be initiated by China, some experts have concluded that the targets may be specific to departments where other systems and agencies may be exploited so deeper access is obtained. Penetrating deep into the infrastructure of government data systems could uncover massive amounts of data, information that could be the Holy Grail for the right type of attackers.
Criminal gangs from China and Russia have been infected medical devices such as X-Ray machines and blood-gas analyzers to hack into services that store patient information. With these multi-layered attacks, the cybercrooks can leverage a vulnerable system to eventually dig deeper into the groundwork and make away with valuable information. In this case, the information is medical data by way of first attacking a medical device connected to servers linked to medical data storage.
In response to the recent U.S. government data breach and attack on medical entities, Carl Wright of TrapX, who discovered breaches via medical devices, said, "This is going to get worse before it gets better."
Multi-layered attacks and ones that target large data storage entities are becoming more popular. It is the time that we all face the music and realize that cybercrooks are digging deep to make away with the gold and aren't settling for anything less. Any software or server that is riddled with security vulnerabilities should be put on notice, and that includes the U.S. government and anything that stores data of individuals and medical related information. Cyber espionage is in full effect.