Medical Databases Ripe for Next Big Attack

If there’s anything people in the United States don’t need to be reminded of twice, it’s just how archaic and ancient the networks at “modern” healthcare facilities can be.

Excruciating wait times, lost files, mixed up surgeries and misplaced charts are just a few of the issues that plague hospital administration services as they attempt to heal an entire nation at the same time, but according to netsec firm Agari, all these issues are just the tip of the iceberg if we don’t start thinking about bolstering the firewalls that keep the whole system running securely.

“Healthcare is really in a disadvantaged place in cyber-security,” said Patrick Peterson, CEO of Agari, which worked on the Citadel botnet takedown with Microsoft’s Digital Crimes Unit.

“We studied from a statistical point of view which industries are doing the most to deal with malware. Banks and social media sites are at the top while healthcare scores a near incomplete.”

While the price for a stolen credit card averages a few bucks per pop, illegally acquired medical records usually start from anywhere between $60-$100, making them high priority targets for malware manufacturers looking to turn the quickest buck for the least amount of work required.

The reason for the gulf in between these price points is simple, as Richard Boscovich from the Microsoft Digital Crimes Unit explains:

“Medical records, if you know how to game people, allows a multitude of fraud options. With that you can impersonate someone to get into their bank account, you can get everything down to the color of their hair and eyes, and if you know how to socially engineer a bank or a store or a credit card then the sky’s the limit.”

Of the dozens of healthcare providers surveyed by Agari, only two were shown to be making any sort of substantial effort to protect the sanctity of their own servers.