Sign up for our Technology Newsletter 
Medical Data Becoming Valuable To Hackers
Comments Off on Medical Data Becoming Valuable To Hackers
The personal information stored in health care records fetches increasingly impressive sums on underground markets, making any company that stores such data a very attractive target for attackers.
“Hackers will go after anyone with health care information,” said John Pescatore, director of emerging security trends at the SANS Institute, adding that in recent years hackers have increasingly set their sights on EHRs (electronic health records).
With medical data, “there’s a bunch of ways you can turn that into cash,” he said. For example, Social Security numbers and mailing addresses can be used to apply for credit cards or get around corporate antifraud measures.
This could explain why attackers have recently targeted U.S. health insurance providers. Last Tuesday, Premera Blue Cross disclosed that the personal details of 11 million customers had been exposed in a hack that was discovered in January. Last month, Anthem, another health insurance provider, said that 78.8 million customer and employee records were accessed in an attack.
Both attacks exposed similar data, including names, Social Security numbers, birth dates, telephone numbers, member identification numbers, email addresses and mailing addresses. In the Premera breach, medical claims information was also accessed.
If the attackers try to monetize this information, the payout could prove lucrative.
Credentials that include Social Security numbers can sell for a couple of hundred dollars since the data’s lifetime is much longer compared to pilfered credit card numbers, said Matt Little, vice president of product development at PKWARE, an encryption software company with clients that include health care providers. Credit card numbers, which go for a few dollars, tend to work only for a handful of days after being reported stolen.
Zeus Attached To Cancer Email Scam
March 28, 2014 by admin
Filed under Around The Net
Comments Off on Zeus Attached To Cancer Email Scam
Thousands of email users have been hit by a sick cancer email hoax that aims to infect the recipients’ computers with Zeus malware.
The email has already hit thousands of inboxes across the UK, and looks like it was sent by the National Institute for Health and Care Excellence (NICE). It features the subject line “Important blood analysis result”.
However, NICE has warned that it did not send the malicious emails, and is urging users not to open them.
NICE chief executive Sir Andrew Dillon said, “A spam email purporting to come from NICE is being sent to members of the public regarding cancer test results.
“This email is likely to cause distress to recipients since it advises that ‘test results’ indicate they may have cancer. This malicious email is not from NICE and we are currently investigating its origin. We take this matter very seriously and have reported it to the police.”
The hoax message requests that users download an attachment that purportedly contains the results of the faux blood analysis.
Security analysis firm Appriver has since claimed that the scam email is carrying Zeus malware that if installed will attempt to steal users’ credentials and take over their PCs.
Appriver senior security specialist Fred Touchette warned, “If the attachment is unzipped and executed the user may see a quick error window pop up and then disappear on their screen.
“What they won’t see is the downloader then taking control of their PC. It immediately begins checking to see if it is being analysed, by making long sleep calls, and checking to see if it is running virtually or in a debugger.
“Next it begins to steal browser cookies and MS Outlook passwords from the system registry. The malware in turn posts this data to a server at 69.76.179.74 with the command /ppp/ta.php, and punches a hole in the firewall to listen for further commands on UDP ports 7263 and 4400.”
ID Theft Projected To Cost $21B
August 16, 2012 by admin
Filed under Around The Net
Comments Off on ID Theft Projected To Cost $21B
A new audit of the Internal Revenue Service (IRS) has discovered that the agency paid refunds to criminals who filed fraudalent tax returns, in some cases on behalf of people who had died, according to the Treasury Inspector General for Tax Administration (TIGTA), which is part of the U.S. Treasury.
The IRS stands to lose as much as US$21 billion in revenue over the next five years due to identity theft, according to TIGTA’s audit, dated July 19 but publicized on Thursday.
TIGTA noted that the IRS did not agree with the $21 billion figure, but wrote that the figure does include estimated savings from new fraud control filters. Without new controls, TIGTA estimated losses of $26 billion.
Part of problem is that the IRS is not gathering enough data about fraud trends, such as how a return was filed, income information from W-2 forms, the amount of refunds and where those refunds were sent, TIGTA said.
“We found that $8.1 million in potentially fraudulent tax refunds involved tax returns filed from one of five addresses,” the audit said.
The IRS said it detected 938,664 fake tax returns during the 2011 processing year, which would have cost $6.5 billion. While TIGTA said the figure was “substantial,” it believes the IRS doesn’t know how many identity thieves are filing bogus returns and how much money is lost.
The IRS has implemented new fraud detection measures, but TIGTA found that institutional procedures were undermining those efforts. For example, taxpayers can begin filing returns in mid-January, but third parties that have information linked to those tax returns do not have to file until March 31.
The IRS is contacting some taxpayers to verify their identity. That simple measure stopped the issuance of $1.3 billion in potentially fraudulent tax returns as of April 19, TIGTA said.
Fed Contractor Arrested For Software Theft
January 28, 2012 by admin
Filed under Around The Net
Comments Off on Fed Contractor Arrested For Software Theft
Bo Zhang worked at the bank and took advantage of his position to commit the crime, according to prosecutors, and was arrested yesterday by the FBI and the Treasury Department.
“As today’s case demonstrates, our cyber infrastructure is vulnerable not only to cybercriminals and hackers, but also alleged thieves like Bo Zhang who used his position as a contract employee to steal government intellectual property,” said Manhattan US Attorney Preet Bharara.
“Fighting cyber crime is one of the top priorities of this office and we will aggressively pursue anyone who puts our computer security at risk.”
A complaint against Zhang has been unsealed and according to that he pilfered the Government-Wide Accounting and Reporting Program code by copying it to a hard drive owned by the Federal Reserve Bank of New York.