New York and Cupertino, Calif. - Last week brought yet another security scare to a health insurer. Empire Blue Cross Blue Shield, a New York-based subsidiary of WellPoint Inc., reported that Magellan Behavioral Health Services located a CD sent via UPS by Health Data Management Solutions (HDMS), a third party vendor to Magellan, an Empire benefit program administrator, that included some members' personal health information. The CD was lost in transit but was located. The insurer reports that although there was no indication that the CD had been stolen, last week Empire sent a letter to inform affected groups and members who may have been impacted.
Empire released a statement regarding the scare: "While we understood it was possible the CD would be found, to be cautious, Empire accelerated member notification as our members' security and trust are our highest priority. "We are relieved the CD has been found. The information was not transferred in accordance to our contractual terms with Magellan, who did not require HDMS to encrypt or password protect the data. We are addressing these issues and we have made it clear to both HDMS and Magellan that their security practices with respect to the data transfer were unacceptable."
As a result, Magellan will now only transmit personal health information electronically through a secure network, eliminating CDs and the use of a delivery service.
But they may still need to take extra caution, because according to new Internet security research reveals a shift toward collaborative, global online communities operated by cyber criminals. Cupertino, Calif.-based Symantec Corp.'s "Internet Security Threat Report" reveals that the current Internet threat environment is characterized by an increase in data theft, data leakage and the creation of targeted, malicious code for the purpose of stealing confidential information that can be used for financial gain.
According to the research, cyber criminals continue to refine their attack methods in an attempt to remain undetected and to create global, cooperative networks to support the ongoing growth of criminal activity.
Other findings from the report include:
- More than 6 million distinct bot-infected computers worldwide during the second half of 2006, representing a 29% increase from the previous period. However, the number of command-and-control servers used to relay commands to these bots decreased by 25%, indicating that bot network owners are consolidating their networks and increasing the size of their existing networks.
- Trojan horse programs constituted 45% of the top 50 malicious code samples, representing a 23% increase over the first six months of 2006. This significant increase supports Symantec's forecast from previous research, which noted that attackers appeared to be making a shift away from mass-mailing worms toward using Trojan horse programs.
- Symantec documented 12 zero-day vulnerabilities during the second half of 2006, marking a significant increase from the one zero-day vulnerability documented in the first half of 2006, increasing the exposure of consumers and businesses to unknown threats.
- Underground Economy Servers are being used by criminals and criminal organizations to sell stolen information, including government-issued identity numbers, credit cards, bank cards and personal identification numbers (PINs), user accounts, and e-mail address lists.
- Theft or loss of a computer or data storage medium, such as a USB memory key, made up 54% of all identity theft-related data breaches.
- For the first time, Symantec identified the countries with the highest amount of malicious activity originating from their networks. The United States had the highest proportion of overall malicious activity, with 31%; China was second, with 10%; and Germany was third, with 7%.
"As cyber criminals become increasingly malicious, they continue to evolve their attack methods to become more complex and sophisticated in order to prevent detection," says Arthur Wong, senior vice president, Symantec Security Response and Managed Services. "End users, whether consumers or enterprises, need to ensure proper security measures to prevent an attacker from gaining access to their confidential information, causing financial loss, harming valuable customers, or damaging their own reputation."
Symantec tracked the trade of stolen confidential information and captured data frequently sold on underground economy servers. These servers are often used by hackers and criminal organizations to sell stolen information, including social security numbers, credit cards, PINs and e-mail address lists. During the last six months of 2006, 51% of all known underground economy servers in the world were located in the United States.
During the reporting period, Symantec observed a rise in threats to confidential information due to the increase of Trojan horse programs and bot networks enabling an attacker to gain access to a victim's computer. Attacks that obtain sensitive data stored on an infected computer can result in significant financial loss, particularly if credit card or banking information is exposed. Threats to confidential information made up 66% of the top 50 malicious code reported to Symantec, an increase over the 48% reported in the previous period. Threats that could export user data, such as user names and passwords, accounted for 62% of threats to confidential information during the second half of 2006, up from 38% in the first half of the year.
Sources: Empire Blue Cross Blue Shield and Symantec Corp.
