August 20, 2007 — SecureWorks, a managed security services provider safeguarding 1,800 clients, has seen a 57 percent increase in the number of attempted attacks directed toward its healthcare clients by Internet hackers.
Attempted attacks have increased from an average of 5,900 per healthcare client per day in the last half of 2006 to an average of 9,300 per healthcare client per day in the first half of 2007 according to the company.
HIMSS Security Special Interest Group Chair and SecureWorks Director of Development, Wayne Haber (CISSP), says that the recent spike in attacks can be attributed to several types of malware including the Iwebho, Prg, Pinch and Storm trojans and the Allaple worm.
“The volume and type of attacks targeting healthcare organizations mirrors that of other industries SecureWorks protects including financial, retail, government organizations and utilities,” said Haber. “This demonstrates that healthcare organizations are not immune to increasing attack activity. Unfortunately, these new trojans and worms have the potential to create more lasting damage than previous types of malware.”
As an example, the Iwebho trojan infects computers and captures all personal information entered into browser-based applications including bank account credentials, user names and passwords, corporate applications, credit card data, etc. lwebho used phishing e-mails that appeared to be from the Better Business Bureau claiming that a complaint had been filed against the recipient of the e-mail. The e-mail instructed the recipient to download the case documents to view the complaint; clicking on the link initiated the infection. SecureWorks discovered a cache of stolen data from 1,400 corporate executives, according to Haber, while researching the Trojan. This is one of the first examples where business users were targeted rather than home users.
For more information: http://secureworks.com