While some data breaches are localized, a group of cyber criminals has been stealing email credentials to game the stock market, according to a report from FireEye.
The criminals, known as Fin4, are engaged in a specific type of email phishing known as “spearphishing,” in which the criminals contact individuals at the organizations directly, eventually leading them to a fraudulent email login page, which records email credentials for the criminals, according to a report from UT San-Diego. Those targeted within the organizations have been at the management levels of the organization, including senior executives.
After obtaining the email credentials, Fin4 then reads emails, looking for stock information, patient data and insurance information.
The group has accessed confidential data of 80 publically traded organizations, and its attacks on health-based companies have increased this year, according to the report. According to a report from the New York Times, two-thirds of the Fin4-hacked organizations are in healthcare. Half of these organizations are biotechnology-based, while 13 percent manufacture medical devices, 12 percent sell medical equipment and 10 percent are in pharmaceuticals.
Fin4 likely has American ties and has intimate knowledge of the investment and banking industry, according to the report, though whether the email data thefts have resulting in definitive financial gain for the criminals is still unknown.
More articles on health IT:
Promedica launches med-tech business incubator