US in danger of losing green-tech competition, experts say

TECHNOLOGY
- Infrastructure
  - Network
  - Security
    - Virus
    - Intruder
    - Spyware
    - Spam
    - Theft
    - Disaster Recovery
    - Privacy
    - Regulatory Compliance
  - Client
    - Desktop
    - Laptop
    - Laptop - Macbook
    - PDA
  - Server
    - Load Balancing
  - Mobile
  - Operating Systems
    - Windows
    - Windows - Vista
    - Linux
    - Mac
    - Mac - Leopard
    - Unix
    - Other
  - Data Center
  - Virtualization
- Applications
  - SaaS
  - Cloud Computing
  - ERP
  - CRM
  - BI
  - BPM
  - KM
  - SCM
  - RFID
  - Middleware/EAI
  - Portals
    - B-to-B
    - Consumer
  - Inventory Management
  - Databases
  - Document Management
  - E-Business
  - Data Warehouse
- Development
  - Open Source
  - Eclipse
  - Java
  - .NET
  - Agile
  - Web Services
- Architecture
  - SOA
  - Enterprise Architecture
LEADERSHIP

IT DRILLDOWN

NEWSLETTERS

CIO.com updates, insights and advice on technology, management and your career.

RSS Feeds »

LEADERSHIP

CIO Executive Programs

The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

CIO Executive Council

A Peer-Advisory Service and Professional Association for CIOs

Social Responsibility's Strategic Benefits

December 15, 11:30 AM - 12:30 PM US/Eastern (GMT-5)

Join Ed Granger-Happ, CIO of Save the Children, for a discussion of how creating an organization that is socially responsible improves staffing, retention, leadership development and overall corporate health.

Working With and Communicating to Your Board of Directors

January 13, 2009, 4:00 PM - 5:00 PM US/Eastern (GMT-5)

CIO panelists who will share tips and experiences working with their boards: Twila Day of SYSCO; Jeff O'Hare, West Corp.; Marc West, formerly with H&R Block.

IT's Role in Growing Mid-Market Companies

January 14, 4:00 PM - 5:00 PM ET (GMT-5)

Mid-market Council members will share their companies' stories and challenges in driving or coping with growth. Panelists represent Veterinary Pet Insurance, Medicis Pharmaceutical, and Intrax Cultural Exchange.

More / Register »

Learn more about the CIO Executive Council »

RESOURCE CENTER

buy a link »

SUBSCRIBE TO CIO

Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

Subscription Services »

Reprints »

News

Security Firm Finds Server with Health-Care Data

Security researchers with Finjan Software are seeing a growing thirst from cybercriminals for data other than credit-card numbers, with the latest findings including servers containing passwords leading to heath-care records and airline systems data.

Leave a comment

By Jeremy Kirk

June 18, 2008 — IDG News Service —

Security researchers with Finjan Software are seeing a growing thirst from cybercriminals for data other than credit-card numbers, with the latest findings including servers containing passwords leading to heath-care records and airline systems data.

The problem is two-fold: sensitive data is being stolen after PCs are infected with malicious software, and then that data sent to unprotected remote servers, said Yuval Ben-Itzhak, chief technology officer for Finjan. The content of those servers is then indexed by search engines, leaving it open to anyone who uses the right query terms.

Finjan recently came across a server located in Malaysia that contained enough information to log in into a Citrix remote-access system belonging to a major U.S. hospital, Ben-Itzhak said. Also found was log-in information for another publicly owned U.S. health-care organization that manages hospitals and other medical clinics.

Finjan didn't use the information to log in into the organizations' systems, but there's a good chance an attacker could use the credentials to gain wide-ranging access to internal systems and possibly medical records, Ben-Itzhak said.

Finjan has reported the breach to U.S. law enforcement, which then will contact the organizations, he said. Finjan also notified Google, which has removed the particular pages from its index.

The use of unprotected servers indicates the hacking is the work of amateurs. "They have no clue how to secure their own server," Ben-Itzhak said.

U.S. health-care organizations could face fines for failing to safeguard patient information as part of the Health Insurance Portability and Accountability Act.

Patient records could potentially be used to make claims to insurance companies, since the attacker would have access to medical histories and other information needed to file a bogus claim. The payoff could be better than trying to convert credit-card data into cash if the scam works.

In its monthly report, Finjan outlined possible scenarios: criminals could use the information to set up fake clinics, buy controlled prescription drugs or tamper with health records, putting a patient at risk.

Finjan has seen a decline in the value of credit-card details sold in underground online markets. Credit-card numbers used to sell for US$100 to $200, but the price has now declined almost 10-fold. But the reason is bad for consumers: there's a glut of credit-card numbers on the market, indicating that more people have been victimized, Ben-Itzhak said.

Hackers could demand a higher price for different kinds of data, Ben-Itzhak said. Finjan also found another remote server containing Citrix log-in information for a U.S. airline. Finjan theorizes that logging into the airline's system could give access to cargo lists, flight schedules and financial data.