The Edge of Risk Menu Search
Stay informed on top risk issues—BRINK delivers expert insights on global risk right to your inbox, daily.
Please enter a valid email address.
Success! Thank you for signing up.
Technology Cybersecurity

Hackers Eye More Lucrative Targets Than Retail Chains

The news media has reported extensively over the past year on data breaches affecting our nation’s largest retailers. The hack of Target’s systems late in 2013 resulted in data stolen from roughly 40 million customers. And the cyberattack last fall that exposed the email addresses of 53 million Home Depot customers. But retail, while widely covered, is only a small portion of the wide swath of cyber attacks threatening global industries every day.

A reminder of this happened earlier this month, when Anthem, the mega health insurance company, fell victim to hackers who stole close to 80 million personal records from the company’s customers.

Retail breaches may have gotten more airplay in the past because the victims are visible brands with which most of us interact every day. But the magnitude of breaches in other industries, including health care, is no less severe, and the information is usually much more valuable.

“Medical data ranks much higher than credit cards because you can get full information on someone and use it to create a fake line of credit,” Aleksandr Yampolskiy of SecurityScorecard told Ben DiPietro of the Wall Street Journal this month.

Not only does it rank much higher, but stolen health care data will actually sell for a significantly greater price in black market auctions.

A study conducted by the Ponemon Institute found that data collected from credit card fraud sold at auction for an average of 33 cents. Complete health records retrieved from a hack, however, commanded a much more impressive price: $251 on average.

“Probably the crown jewel of confidential information across all industries is your health record,” said Larry Ponemon, founder of the Ponemon Institute. “Not only does it contain your physiological factors and health conditions and pharmaceuticals you take, but it also contains payment information like your health ID or, if you co-pay, your debit or credit card might be on file.”

Cybersecurity-Prioritization-by-Sector-Percentage_chartbuilder

Because health care is so valuable for cyber criminals, and because the sector has traditionally lagged in updating its cybersecurity infrastructure, many analysts are confident that health care breaches will remain something to seriously watch out for this year, Ponemon said. Reuters even called 2015 the “Year of the Healthcare Hack.”

But Ponemon, who has studied privacy and data protection for decades, warns that other industries in addition to health care may become vulnerable this year, as well. He mentioned three in particular:

  • Hospitality companies like hotels and travel sites have very sensitive information about individuals. These companies know where you like to stay, what kind of foods you like, and what sorts of things you like to buy on vacation.
  • The automotive industry, as BRINK has previously reported, will also become increasingly vulnerable to cyber attacks. With traditional cars becoming old news, and “smart cars” becoming de rigueur for auto companies, hackers now have a ripe target for driver habits and data that can sell for high price points on the black market.
  • And maybe most surprising is the utility industry. Energy and oil companies are using old technologies that we may not initially assume are hackable, but contain reams of information on customers that make tempting targets.

While retail cyber attacks are won’t go away, we should remember that other industries are equally or even more vulnerable to large-scale cyber attacks. And the information stolen from these other industries, which have not yet felt the pressure to upgrade their cybersecurity apparatuses, is often extremely valuable on the black market.