SINGAPORE (Reuters)—Whoever was behind the latest theft of personal data from U.S. government computers, they appear to be following a new trend set by cybercriminals: targeting increasingly valuable medical records and personnel files.
This data, experts say, is worth a lot more to cybercriminals than, say, credit card information. And the Office of Personnel Management (OPM) breach revealed on Thursday suggests cyberspies may now also be finding value in it.
Cyber investigators from iSight Partners said they had linked the OPM hack to earlier thefts of healthcare records from Anthem Inc, a health insurance company, and Premera Blue Cross, a healthcare services provider. Tens of millions of records may have been lost in those attacks.
All three breaches have one thing in common, said John Hultquist of Dallas-based iSight. While cyberespionage usually focuses on stealing commercial or government secrets, these attacks targeted personally identifiable information.
The stolen data “doesn’t appear to have been monetized and the actors seem to have connections to cyberespionage activity”, said Hultquist, adding that none of the data taken in the earlier attacks had turned up for sale on underground forums.
A source close the matter said U.S. authorities were looking into a possible China connection to the breach at OPM, which compromised the personal data of 4 million current and former federal employees.
Several U.S. states were already investigating a Chinese link to the Anthem attack in February, a person familiar with the matter has said.
China routinely denies involvement in hacking, and on Friday a spokesman for the Foreign Ministry in Beijing said suggestions it was involved in the OPM breach were “irresponsible and unscientific”.
Hultquist said iSight could not confirm that China was behind the attacks, but similar methods, servers and habits of the hackers pointed to a single state-sponsored group.
Black Market Flooded
Security researchers say that medical data and personnel records have become more valuable to cybercriminals than credit card data.
The price of stolen credit cards has fallen in online black markets, in part because massive breaches have spiked supply.
“The market has been flooded,” said Ben Ransford, co-founder of security start-up Virta Laboratories.
The result: medical information can be worth 10 times as much as a credit card number.
Fraudsters use this data to create fake IDs to buy medical equipment or drugs that can be resold, or they combine a patient number with a false provider number and file made-up claims with insurers.