By Fran Jeffries
The Atlanta Journal-Constitution
An Atlanta man has been sentenced to serve a year and a month in prison for hacking into a competing medical practice's computer to try to lure away patients.
Eric McNeal, 38, was charged with accessing a computer without authorization, including taking patients' personal information in order to send them marketing materials. He pleaded guilty to the charge on Sept. 28.
According to prosecutors, McNeal, an information technology specialist, worked for Atlanta Perinatal Associates, a medical practice in Atlanta. He left that company in November 2009 and went to work for a competing perinatal medical practice in the same building.
In April 2010, McNeal used his home computer to hack into his former employer's patient database. He downloaded the names, phone numbers and addresses of its patients, and then deleted patient the information from his former employer's system.
McNeal then used the patient names and contact information to launch a direct-mail marketing campaign to benefit his new employer. There is no evidence that McNeal downloaded or misused specific patient medical information, prosecutors said.
“Anyone who gives their personal information to a doctor or medical facility does not expect that their information will be hacked and used to make money," said U.S. Attorney Sally Quillian Yates. "This is cybercrime. Electronic information is bought, sold and stolen, often by someone who knows a system and, with a few keystrokes, makes our community vulnerable.”
Source Article: http://goo.gl/axgwz
13 January 2012
5 reasons cybersecurity matters to small businesses
By Heather Clancy | December 28, 2011, 4:09am PST
Summary: Small businesses often think they are ‘too small’ to be worth hackers’ notice, but that assumption could be devastating.
On Christmas Day, perfectly timed for the traditionally slow news week that leads into New Year’s Eve, the cyber hacktivist group Anonymous apparently hacked the Web site and internal servers of security consulting and risk management advisory firm Stratfor.
Soon thereafter, the alleged attackers began publishing all sorts of confidential information, including the names of the company’s clients. What’s more, someone started using the credit card information obtained during the breach to make charitable donations in a vaguely Robin Hood-esque tradition.
Although the subsequent attacks that were threatened apparently have not come to pass, or least haven’t yet been disclosed publicly, the incident caps a year of pretty serious cyberhacking. Sony and RSA were just two of the big companies embarrassed by extremely public incidents. As I was reading up on this topic, I discovered that there were 760 attacks in the past decade by just one Chinese firm. That’s just one nasty organization. That should give you pause, because I can assure you there is more than one person out there in the world who would love to create trouble for your business.
So, even though I’ve already written about essential technologies for investment by small businesses in 2012, security is absolutely positively the most important infrastructure that small companies need to make.
Here are 5 reasons why:
Smaller companies are more likely to be attacked than bigger ones. Don’t believe me? Symantec.com, which keeps statistics on this sort of thing, suggests that 40 percent of attacks are against organizations with fewer than 500 employees, versus 28 percent against bigger companies. Remember, there are lots of people who could make trouble this way. Not just big groups with something to provide like Anonymous or LuluSec, but disgruntled former employees or business partners.
Breaches are potentially business-ending events. Depending on the statistics you believe, the average cost of a breach or cybersecurity incident is about $190,000. Do you have that sort of money to lose? Even more serious: about half of small businesses still don’t back up their data, so what is lost is lost forever. Which means your business might be lost forever. The Federal Communications Commission has published a useful cybersecurity guide you might want to consult.
Can you be sure you are properly controlling the access of your employees and business partners? This will only be a bigger factor, as personal tablets and smartphones become more commonly used as business tools. Improperly managed client-side software is one of the biggest known cybersecurity threat, allowing people to see information that they really shouldn’t be able to see AND allowing rogue malware to enter your infrastructure. I am dealing with an problem like this right now. Even though certain files I post to my non-profit’s web site are “gated,” for some reason, they can be accessed publicly if the right link shows up in a Google search.
Attacks could ruin your company’s reputation. I know that they say all publicity is good publicity, but think about how embarrassed Stratfor must be this week. After all, this is a security consulting company. According to the reports about the incident, the reason that the hackers were able to steal so much data — up to 200 gigabytes — and make use of it was because certain information was not encrypted. Stratfor should have known better, and so should your company.
Your company could be putting its best customers at risk. In assessing the security risks for their business, some owners and managers fail to consider that it isn’t just your own data you need to worry about, it is that of your customers. Anyone involved in healthcare already has this mantra beaten into their brain, but any company that engages in business-to-business activity with much larger businesses needs to consider their needs as the driver for their own security plans.
Article Source: ZDNet... http://t.co/vemfIXLt via @HeathClancy
Summary: Small businesses often think they are ‘too small’ to be worth hackers’ notice, but that assumption could be devastating.
On Christmas Day, perfectly timed for the traditionally slow news week that leads into New Year’s Eve, the cyber hacktivist group Anonymous apparently hacked the Web site and internal servers of security consulting and risk management advisory firm Stratfor.
Soon thereafter, the alleged attackers began publishing all sorts of confidential information, including the names of the company’s clients. What’s more, someone started using the credit card information obtained during the breach to make charitable donations in a vaguely Robin Hood-esque tradition.
Although the subsequent attacks that were threatened apparently have not come to pass, or least haven’t yet been disclosed publicly, the incident caps a year of pretty serious cyberhacking. Sony and RSA were just two of the big companies embarrassed by extremely public incidents. As I was reading up on this topic, I discovered that there were 760 attacks in the past decade by just one Chinese firm. That’s just one nasty organization. That should give you pause, because I can assure you there is more than one person out there in the world who would love to create trouble for your business.
So, even though I’ve already written about essential technologies for investment by small businesses in 2012, security is absolutely positively the most important infrastructure that small companies need to make.
Here are 5 reasons why:
Smaller companies are more likely to be attacked than bigger ones. Don’t believe me? Symantec.com, which keeps statistics on this sort of thing, suggests that 40 percent of attacks are against organizations with fewer than 500 employees, versus 28 percent against bigger companies. Remember, there are lots of people who could make trouble this way. Not just big groups with something to provide like Anonymous or LuluSec, but disgruntled former employees or business partners.
Breaches are potentially business-ending events. Depending on the statistics you believe, the average cost of a breach or cybersecurity incident is about $190,000. Do you have that sort of money to lose? Even more serious: about half of small businesses still don’t back up their data, so what is lost is lost forever. Which means your business might be lost forever. The Federal Communications Commission has published a useful cybersecurity guide you might want to consult.
Can you be sure you are properly controlling the access of your employees and business partners? This will only be a bigger factor, as personal tablets and smartphones become more commonly used as business tools. Improperly managed client-side software is one of the biggest known cybersecurity threat, allowing people to see information that they really shouldn’t be able to see AND allowing rogue malware to enter your infrastructure. I am dealing with an problem like this right now. Even though certain files I post to my non-profit’s web site are “gated,” for some reason, they can be accessed publicly if the right link shows up in a Google search.
Attacks could ruin your company’s reputation. I know that they say all publicity is good publicity, but think about how embarrassed Stratfor must be this week. After all, this is a security consulting company. According to the reports about the incident, the reason that the hackers were able to steal so much data — up to 200 gigabytes — and make use of it was because certain information was not encrypted. Stratfor should have known better, and so should your company.
Your company could be putting its best customers at risk. In assessing the security risks for their business, some owners and managers fail to consider that it isn’t just your own data you need to worry about, it is that of your customers. Anyone involved in healthcare already has this mantra beaten into their brain, but any company that engages in business-to-business activity with much larger businesses needs to consider their needs as the driver for their own security plans.
Article Source: ZDNet... http://t.co/vemfIXLt via @HeathClancy
12 January 2012
5 top cyber threats for 2012
CBC News Posted: Jan 3, 2012 1:31 PM ET
As cybercriminals improve their toolkits and malware, they’re moving away from hacking personal computers to mobile devices, as well as plotting other more sophisticated attacks, according to a report on the top cyber threats for 2012.
“Many of the threats that will become prominent in 2012 have already been looming under the radar in 2011,” Vincent Weafer, senior vice president of McAfee Labs, a technology company and subsidiary of Intel Corp., said in a release
The five top cyber threats as seen by McAfee are:
Attacking mobile devices: Techniques used in the past for online banking, such as stealing from victims while they are still logged on, will now target mobile banking users.
Embedded hardware: Embedded systems, which are designed for a specific control function within a larger system, are commonly used in vehicles, GPS systems, medical devices, routers, digital cameras and printers. Hackers with access to malware that attacks the hardware layer of such systems will gain control and long-term access to the system and its data.
Industrial attacks: Many of the environments where SCADA (supervisory control and data acquisition) systems are deployed — such as water, electricity, oil and gas utilities — don’t have sufficiently stringent security practices, leaving them vulnerable to blackmail or extortion.
"Legalized" spam: While global spam volumes have dropped in recent years, legitimate advertisers are now using the same techniques, such as purchasing email lists of users who have consented to receive advertising, or purchasing consumer databases from companies going out of business. “Legal” spam is expected to grow at a faster rate than illegal phishing and confidence scams on the internet.
Online/frontline hacktivisim: McAffee predicts the true Anonymous group will reinvent itself or die out, and those leading digital disruptions will join forces with physical protesters to target public figures such as politicians and business leaders.
As cybercriminals improve their toolkits and malware, they’re moving away from hacking personal computers to mobile devices, as well as plotting other more sophisticated attacks, according to a report on the top cyber threats for 2012.
“Many of the threats that will become prominent in 2012 have already been looming under the radar in 2011,” Vincent Weafer, senior vice president of McAfee Labs, a technology company and subsidiary of Intel Corp., said in a release
The five top cyber threats as seen by McAfee are:
Attacking mobile devices: Techniques used in the past for online banking, such as stealing from victims while they are still logged on, will now target mobile banking users.
Embedded hardware: Embedded systems, which are designed for a specific control function within a larger system, are commonly used in vehicles, GPS systems, medical devices, routers, digital cameras and printers. Hackers with access to malware that attacks the hardware layer of such systems will gain control and long-term access to the system and its data.
Industrial attacks: Many of the environments where SCADA (supervisory control and data acquisition) systems are deployed — such as water, electricity, oil and gas utilities — don’t have sufficiently stringent security practices, leaving them vulnerable to blackmail or extortion.
"Legalized" spam: While global spam volumes have dropped in recent years, legitimate advertisers are now using the same techniques, such as purchasing email lists of users who have consented to receive advertising, or purchasing consumer databases from companies going out of business. “Legal” spam is expected to grow at a faster rate than illegal phishing and confidence scams on the internet.
Online/frontline hacktivisim: McAffee predicts the true Anonymous group will reinvent itself or die out, and those leading digital disruptions will join forces with physical protesters to target public figures such as politicians and business leaders.
Subscribe to:
Posts (Atom)