Monday, September 28, 2009

Cybercriminals rob not-for-profit healthcare providers

What's happening: Several not-for-profit health care providers have been hit with the same kind of online bank fraud that's affecting businesses and schools. Banks are resisting returning the stolen money claiming they follow "commercially reasonable practices."

What it means: Every organization must assume that they will come under attack and prepare accordingly. As our post from August 27 says: Trust No One.

What to do: Management must get on top of this problem. Train staff to recognize cybercrime danger signs. Tightly manage technology controls. Consider replacing anti-virus / anti-spyware solutions with intrusion detection / prevention solution. Check your cyber-insurance. Be prepared to sue your bank: Email your attorney our Guide: An Emerging Information Security Minimum Standard of Due Care.

**********************************
From Brian Krebs; Washington Post: Cyber Gangs Hit Healthcare Providers

Organized cyber thieves that have stolen millions from corporations and schools over the past few months recently defrauded several health care providers, including a number of non-profit organizations that cater to the disabled and the uninsured.

http://voices.washingtonpost.com/securityfix/2009/09/irs_scam_e-mail_could_be_costl.html