Data theft is increasing in the health sector, probably to accelerate research and development of new products.
Hospitals and medical research centers are currently among the favorite targets of ransomware writers. Highly publicized, these attacks unfortunately hide a reality no less brutal, that of the looting of health data. According to a recent report by the company FireEye, the main experts in this field are Chinese groups who apparently have been pounding the health sector with diligence and method since at least 2013.
Among the last sites targeted is a US center in April 2019. The attack was made through documentary traps. The same organization had already been in sight in 2018 and in previous years, and this by several groups of different Chinese hackers, including APT41 and APT22. Between July 2014 and 2016, APT41 malwares were detected in the systems of a subsidiary of a medical device manufacturer and a biotech company. Those of ATP10 and APT18 were seen in various organizations between 2013 and 2017.
A special attraction for cancer
According to FireEye, the purpose of these operations would be twofold: to spy on foreign laboratories and manufacturers to better compete in the international market, but also to strengthen the Chinese health system. In terms of data and targeted systems, the fight against cancer appears to be one of the priorities of this vast data theft.
However, the Chinese cyberespions are not the only ones interested in this information. In the past, FireEye has also identified attacks from groups of Russian or Vietnamese origin. Moreover, purely criminal hackers are also quite active. Between October 2018 and March 2019, FireEye's bloodhounds detected a dozen health databases, put on sale in underground forums for a price ranging from $ 200 to $ 5,500. Remote access to computers owned by health organizations is also available for sale at rates of up to $ 10,000.