Healthcare Providers Targeted by Identity Thieves During Q4 2009

The fourth quarter of 2009 proved to be an especially busy month for hackers attempting to commit crimes using the information of healthcare clients, according to a leading medical identity theft prevention service.According to SecureWorks Inc., an information security company that serves more than 2,700 clients, online scammers drastically increased their identity theft attacks on the customers of the 82 healthcare clients they protect at the end of 2009.During the year’s fourth quarter, the company reported blocking an average of 13,400 hacker identity theft attacks per healthcare client every day. Over the nine months prior, SecureWorks reported daily medical identity theft scammer attack figures closer to 6,500 per client, showing an increase in the amount of attempts in 2009.”From October through December of 2009, we blocked hundreds of SQL Injection and Butterfly/Mariposa Bot malware attacks launched at our healthcare clients. These attempted medical identity theft attacks were responsible for the increase of our attack statistics,” said Hunter King, security researcher with SecureWorks’ Counter Threat Unit(SM) (CTU).While the healthcare companies recorded a surge in attacks, none of the other types of organizations that utilize SecureWorks recorded an increase in identity theft scam attempts.The likely reason for the uneven increase in attempted healthcare system breaches was due to the type data stored by the healthcare companies. With Social Security data, financial information, and other personal information on hand for every customer of a health insurance provider, breaking into a system could prove to be a goldmine for hackers attempting to commit medical ID theft crimes.Additionally, because many healthcare networks are spread out and contain numerous related external networks, identity thieves may find it easier to find a security flaw they are capable of exploiting in order to obtain confidential information.”In order for healthcare organizations to effectively protect their sensitive patient data, they should consider employing a defense-in-depth strategy. This approach involves implementing multiple layers of protection to shield the organization from current and emerging threats,” added Jon Ramsey, SecureWorks’ CTO.