“A rise in cyber attacks against doctors and hospitals is costing the U.S. health-care system $6 billion a year as organized criminals who once targeted retailers and financial firms increasingly go after medical records, security researchers say.

Criminal attacks against health-care providers have more than doubled in the past five years, with the average data breach costing a hospital $2.1 million, according to a study today from the Ponemon Institute, a security research and consulting firm.

Medical records, which often contain Social Security numbers, insurance IDs, addresses and medical details, sell for as much as 20 times the price of a stolen credit-card number, according to Dell SecureWorks.

The numbers this year are already in excess of last year’s, after hackers accessed almost 80 million records from Anthem and 11 million from the health insurer Premera Blue Cross.

Data is resold on private forums that specialize in selling stolen credit cards or Social Security numbers, or on the dark web, where users’ identities are hidden and transactions are done anonymously in Bitcoins, said Patrick Peterson, chief executive officer of data security firm Agari Data Inc.”

Senetas high assurance security comments

The Ponemon Institute, Trend Micro Inc. and Dell SecureWorks comments highlight the very serious cyber-crime threats posed by criminal organisations that possess the creativity and opportunistic behaviour of some of the world’s cleverest businesses.

Motivated by ‘rich pickings’ where data includes highly valuable information such as tax, identification, bank account, social security and other data; these criminals develop the tools to obtain millions (if not billions) of records. That’s obvious.

A study, by Perimeter CTO Kevin Prince, highlights the top 5 industry verticals targeted by cyber-criminals and why.

Less obvious to too many organisations today is the fact that logically, all forms of security involve catch up. While police rarely prevent crime (mostly attempt to solve crime), most information security technologies continue to attempt to prevent and identify successful data breaches.

Importantly, from risk management and security due-diligence perspectives, all organisations must identify and robustly encrypt sensitive and valuable data. Robust encryption is the only information security tool that protects against a successful breach – by ensuring the data is meaningless to cyber-criminals.

Read the full article at Bloomberg Business