| SINGAPORE, June 5
SINGAPORE, June 5 Whoever was behind the latest
theft of personal data from U.S. government computers, they
appear to be following a new trend set by cybercriminals:
targeting increasingly valuable medical records and personnel
This data, experts say, is worth a lot more to
cybercriminals than, say, credit card information. And the
Office of Personnel Management (OPM) breach revealed on Thursday
suggests cyberspies may now also be finding value in it.
Cyber investigators from iSight Partners said they had
linked the OPM hack to earlier thefts of healthcare records from
Anthem Inc, a health insurance company, and Premera
Blue Cross, a healthcare services provider. Tens of millions of
records may have been lost in those attacks.
All three breaches have one thing in common, said John
Hultquist of Dallas-based iSight. While cyberespionage usually
focuses on stealing commercial or government secrets, these
attacks targeted personally identifiable information.
The stolen data "doesn't appear to have been monetised and
the actors seem to have connections to cyberespionage activity",
said Hultquist, adding that none of the data taken in the
earlier attacks had turned up for sale on underground forums.
A source close the matter said U.S. authorities were looking
into a possible China connection to the breach at OPM, which
compromised the personal data of 4 million current and former
Several U.S. states were already investigating a Chinese
link to the Anthem attack in February, a person familiar with
the matter has said.
China routinely denies involvement in hacking, and on Friday
a spokesman for the Foreign Ministry in Beijing said suggestions
it was involved in the OPM breach were "irresponsible and
Hultquist said iSight could not confirm that China was
behind the attacks, but similar methods, servers and habits of
the hackers pointed to a single state-sponsored group.
BLACK MARKET FLOODED
Security researchers say that medical data and personnel
records have become more valuable to cybercriminals than credit
The price of stolen credit cards has fallen in online black
markets, in part because massive breaches have spiked supply.
"The market has been flooded," said Ben Ransford, co-founder
of security start-up Virta Laboratories.
The result: medical information can be worth 10 times as
much as a credit card number.
Fraudsters use this data to create fake IDs to buy medical
equipment or drugs that can be resold, or they combine a patient
number with a false provider number and file made-up claims with
State-sponsored hackers may not be after money, but would
also be interested in such data because they could then build a
clearer picture of their target.
That, said Philip Lieberman of security software company
Lieberman Software, would increase the chances of any targeted
email attack, or spear phish, successfully obtaining
Others said that, given the data affected included job
histories, those targets might be in other government
departments. "It's likely this is less about money and more
about gaining deeper access to other systems and agencies," said
Mark Bower of HP Security Voltage, a data security company.
This interest in more granular data is pushing hackers of
all stripes into more inventive ways of penetrating the defences
of hospitals and other institutions holding such data.
TrapX, a cybersecurity company, said it had discovered
criminal gangs from Russia and China infecting medical devices
such as X-Ray systems and blood gas analysers to find their way
into servers from which they stole personnel and patient data.
Other security researchers agreed this kind of attack was
becoming more common.
Billy Rios, founder of security company Laconicly, said he
had found infected systems while working with several healthcare
organisations. "Clinical software is riddled with security
vulnerabilities," he said.
A survey by think-tank the Ponemon Institute issued last
month said that more than 90 percent of healthcare organisations
surveyed had lost data, most of it to hackers.
"This is going to get worse before it gets better," said
Carl Wright, of TrapX, which discovered the breaches via medical
(Editing by Alex Richardson)