News Feature | December 11, 2014

Cybercriminals Targeting Healthcare

Christine Kern

By Christine Kern, contributing writer

Physical Security

FIN4 is gaining access to user names and passwords to access to healthcare information.

FIN4 – a cybercriminal group which appears to have a deep familiarity with business deals, corporate communications, and their effects on financial markets – is targeting email accounts of individuals who have access to private and valuable healthcare information, according to a new report. Though the group – dubbed FIN4 by FireEye because of its focus on the financial sector – is targeting all industries, healthcare is at the top of their list.

The report issued by FireEye says FIN4, unlike more traditional cyber-attacks, is not infecting computers via malware or viruses, but instead it gains access to user names and passwords that allow entry into protected data in the system. FireEye further found 68 percent of these attacks are aimed at public healthcare or pharmaceutical companies.

The hackers are also manipulating the stock market by accessing information on mergers and acquisitions, both of which are at high points in the healthcare industry right now, Fierce Health It reports.

FireEye further reported, “FIN4 appears to conduct intrusions that are focused on a single objective: obtaining access to insider information capable of making or breaking the stock prices of public companies. The group specifically targets the emails of C-level executives, legal counsel, regulatory, risk, and compliance personnel, and other individuals who would regularly discuss confidential, market-moving information.

“We believe FIN4 heavily targets healthcare and pharmaceutical companies as stocks in this industries can move dramatically in response to news of clinical trial results, regulatory decisions, or safety and legal issues.”

The Windows Club writes FIN4 appears to be composed of native-English speakers well-versed in Wall Street trading vernacular. They use much of the information obtained to engage in insider trading.

Over 100 firms have been attacked via email accounts since mid-2013. “We suspect they are Americans, given their Wall Street inside knowledge,” Jen Weedon, FireEye’s manager of threat intelligence told Bloomberg. “They seem to have worked on Wall Street.”

However, the attackers could also be, “Western Europeans who have worked in the investment banking industry here in the United States," Weedon told The New York Times. It’s “hard because we don't have pictures of guys at their keyboards, just that they are native English speakers who can inject themselves seamlessly into email threads.”

Sixty-eight percent of targets are publicly traded healthcare and pharmaceutical companies; 20 percent are firms advising on securities, legal, and merger and acquisition matters. Twelve percent targeted by FIN4 are publicly traded companies since more than two-thirds of the targeted organizations are healthcare and pharmaceutical companies, according to FireEye.