Experts believe that hackers in China increasingly are targeting organizations in the medical industry.
Rich Barger—chief intelligence officer for CyberSquared, a data security company—said his firm can confirm that at least three Chinese advanced persistent threat groups, or APT groups, have targeted medical organizations.
The attacks—which are described in a new CyberSquared white paper—involve groups of hackers that:
- Posed as a Beijing-based life sciences and drug discovery company to deliver malware to related companies from that industry;
- Developed the malware Sykipot for various APT-type attacks; and
- Ran a cyberespionage campaign that targeted NIH and about 900 other organizations across a broad base of industries.
Meanwhile, Richard Bejtlich—chief security officer of Mandiant, an information security firm—said his company has identified at least five Chinese hacker groups that actively are targeting the health care industry.
According to Barger, many organizations affected by the hacking attacks are companies that have developed a new breakthrough drug or technology. Barger said that "it would definitely be an issue for the Chinese to target some of these" companies to gain a competitive edge.
Bejtlich said his firm has worked with numerous health care organizations that have been targeted by hacking attacks. Bejtlich said that most of the affected groups have been:
- Health care providers;
- Insurers; and
- Organizations in the health care infrastructure sector.
Many of the Chinese hacking groups that Mandiant has encountered are not just seeking intellectual property information but are stealing data on how the organizations conduct business.
Bejtlich said, "They are taking proprietary data to increase operational efficiency, data to replicate processes and insider knowledge for how organizations are operating inside China or with the Chinese health care industry" (Higgins, Dark Reading, 3/14).