Why Experts Think e-Commerce Hacker FIN6 Is Moving Into Healthcare

Samara Rosenfeld
FEBRUARY 28, 2019
cybersecurity

A few years ago, a notorious e-commerce hacking group called FIN6 reportedly stole millions of credit card records from thousands of retail and hospitality point-of-sale systems and sold the records on the dark web for what could be as much as $400 million in profit.

Now, FIN6 could be back. And the group might be targeting more healthcare providers.

While the group is still deploying Cobalt-Strike and FrameworkPOS scraping malware to attack finance and insurance sectors in the U.S., Japan and India, Morphisec, a cybersecurity company, found that at least one healthcare company — a diagnostic image processing provider — has been a victim.

>> READ: Your MRI Is Hacked: Transfer $100K in Bitcoin, Please

Morphisec identified attacks that have been taking place for eight to 10 weeks, with a particular spike on Feb 6 that saw multiple attempts to down the Cobalt Strike backdoor.

FIN6 is dangerous.

In one case, the cyberattackers deployed malware on roughly 2,000 systems, allowing the group to compromise millions of cards.

Michael Gorelik, chief technology officer at Morphisec, told Inside Digital Health™ that due to the increasing digitization of the healthcare industry, health systems are at more risk of a cyberattack.

Gorelik said that while he does not believe that this puts patient’s health information at risk, due to online payment models, patients are at a higher risk of having their credit card information stolen.

And with the healthcare industry already reporting more cyber incidents than any other industry, it is essential for providers to make sure they are practicing good cybersecurity methods and start protecting their networks better.

Tom Bain, vice president of security strategy and marketing at Morphisec, told us that 89 percent of healthcare companies are purchasing cybersecurity software just to meet Health Insurance Portability and Accountability Act (HIPAA) requirements.

Providers who take a step further than just getting software to meet HIPAA requirements and that add layers to their defense are making it more difficult for attackers to get through.

Bain also suggested that education is a great opportunity for healthcare providers.

Employees should be made aware of the cybersecurity best practices, as employee neglect is one of the top causes of healthcare data breaches.

The experts at Morphisec said that based on the initial indicators, the attacks are tentatively being connected to FIN6, though there are some indicators that a group called EmpireMonkey could also be involved.

Get the best insights in healthcare analytics directly to your inbox.

Related
If You Can’t Beat the Hackers, Join Them
Phishing Emails Play on Our Fear of Failure
Inexpensive Actions Against Expensive Data Breaches

SHARE THIS SHARE THIS
32
Become a contributor