In a startling revelation, US cybersecurity firm FireEye said on Thursday that hackers broke into a leading India-based healthcare website, stealing 68 lakh files containing information about patients and doctors.
Without naming the website, FireEye said the cybercriminals – mostly based in China – were selling stolen data directly to healthcare organizations and web portals around the world, including India in underground markets.
In February, a bad actor by the name of ‘fallensky519’ stole 6,800,000 records associated with an India-based healthcare website that contains patient information and Personally Identifiable Information (PII), doctor, PII and credentials, ”FireEye said in its report shared with IANS.
Between October 1, 2018 and March 31, 2019, FireEye Threat Intelligence observed several databases associated with healthcare for sale on underground forums, many of them for less than $ 2,000.
FireEye said it continues to witness a concerted focus on acquiring health care research by several Chinese Advanced Persistent Threat (APT) groups.
“In particular, it is likely that a unique area of interest is cancer research, reflecting China’s growing concern over rising cancer and death rates, and domestic health care costs. accompanying it, ”noted the cybersecurity agency.
Open source reports indicate that cancer death rates have increased dramatically in recent decades, making cancer the leading cause of death in China.
As the People’s Republic of China (PRC) continues to strive for universal healthcare by 2020, the control of costs and domestic industry will surely affect the PRC’s strategy to maintain political stability, ”he said. FireEye report.
Another likely motivation for APT’s activity is financial: the PRC has one of the fastest growing pharmaceutical markets in the world, creating lucrative opportunities for domestic companies, especially those that provide treatment or oncology services.
“Targeting medical research and study data can allow Chinese companies to bring new drugs to market faster than their Western competitors,” the report says.
In early April this year, suspected Chinese cyber espionage actors targeted a US-based health center with a strong focus on cancer research with the “EVILNUGGET” malware.
APT22 – a Chinese group that has focused on biomedical, pharmaceutical and healthcare organizations in the past and continues to be active – has also targeted this same organization in previous years.
In the same month, several researchers at MD Anderson Cancer Research were fired over concerns about the theft of medical research on behalf of the Chinese government.
One theme that FireEye has observed among Chinese cyber espionage players targeting the healthcare sector is the theft of large sets of Personally Identifiable Information (PII) and Protected Health Information (PHI).]
Beyond Chinese nexus groups, FireEye Intelligence observed a wide variety of other cyber espionage actors and nation states involved in targeting the healthcare sector, including the Russian nexus APT28.
“The valuable research carried out within some of these institutions continues to be an attractive target for nation states seeking to overtake their domestic industries,” the report noted.
As the use of biomedical devices increases, the potential for them to become an attractive target for disruptive or destructive cyber attacks – especially by actors willing to take greater risk – may present a more contested attack surface than ‘today,’ the report says.