Cyberattacks against accounting software firm Wolters Kluwer and the City of Baltimore in May showed how the newest wave of malicious hacking can have significant, often...Technologyread more
The European parliamentary election is the second largest democratic exercise in the world.Europe Newsread more
Biden had criticized Kim Jong Un as a "dictator" and a "tyrant" at a recent rally in Philadelphia. North Korean state media responded by calling Biden a "fool of low IQ" among...Politicsread more
Buybacks have gotten a bad rap from both Republicans and Democrats. But stocks would be trading at a massive discount without them.Marketsread more
Fiat Chrysler and France's Renault could soon partner up to take on the sweeping changes to the global auto industry, according to a report in the Financial Times. The...Autosread more
Microsoft shares have gained 133% since November 2015, outperforming a tech "basket of unicorns" over that stretch.Technologyread more
The president's state visit comes amid tensions with carmaker Toyota over potential auto tariffs. Trump has repeatedly threatened Japanese and European carmakers with tariffs.Traderead more
The IRS is about to release a new draft of Form W-4, which will more closely reflect the changes stemming from the Tax Cuts and Jobs Act. For workers, that means they'll need...Personal Financeread more
The Mega Millions jackpot has spilled over $400 million. It would be the ninth largest winning since the game began in 2002.Personal Financeread more
Trump was speaking at a meeting of Japanese business leaders in Tokyo during his state visit to Japan on Saturday.Marketsread more
The biggest U.S. gasoline price surge in years is running out of steam just in time for the start of the summer driving season.Energyread more
Forget your credit card data. The smartest hackers are now targeting your medical records.
Cybercriminals are now going after health-care sites more than they are retailers, financial institutions and utility companies, according to a study published Wednesday by the security firm BitSight Technologies.
BitSight analyzed security performance of companies in the S&P 500 stock index in February and found that not only are health-care and pharma companies being targeted more, but these companies are also much slower in detecting and resolving the security issues, said Stephen Boyer, BitSight's co-founder and chief technology officer.
"We were expecting utilities to be one of the worst performers, but they weren't so bad. The one that surprised us was that health care scored so low. Anything that falls below retail is a little bit scary to us," Boyer said.
He said that health-care companies lacked many of the basic protections that security experts would expect in a company's network.
"They don't have the proper encryptions or protocols or behaviors you would expect to have, and security just isn't their top talent," Boyer said.
One reason this industry is coming under attack is because electronic medical records on the black market sell for more than credit card numbers, Boyer said. He cited examples of medical records selling for $20, while with credit cards the going rate was around $1. The records are being used to help criminals get access to drugs and other treatments, he said.
Securing medical data quickly doesn't look promising either because so many hospitals and other medical facilities are equipped with poor IT equipment, Boyer said,
"I don't see the response (will) be lightning quick, with all those legacy systems in hospitals, you just can't fix this overnight," he said.
Also worth noting, when BitSight investigated reasons why health-care companies may be falling behind in security, researchers discovered that the pay of IT professionals working for health-care companies was less than all other IT staff in the industries also included in the study.
BitSight's report comes after February's release of a report by the IT security-focused SANS Institute, which said the health-care industry is dealing with an "alarming" number of security breaches.
The SANS report noted that about 94 percent of medical institutions have reported being the victims of cyberattacks.
"Now, with the push to digitize all health-care records, the emergence of HealthCare.gov and an outpouring of electronic protected health information (ePHI) being exchanged online, even more attack surfaces are being exposed in the health-care field," the report said.
The report also said that the number of breaches in the health-care sector "not only confirmed how vulnerable the industry had become, it also revealed how far behind industry-related cybersecurity strategies and controls have fallen."
"Unlike e-commerce–related theft and fraud expenses from which most consumers are shielded, consumers are responsible for costs related to compromised medical insurance records ... costs that reached $12 billion in 2013," SANS noted.
In 2009, the U.S. Health and Human Services Department began mandating that any data breach involving unsecured protected health information be reported to HHS. Since then, the department said, there have been 116,000 reports of breaches of unsecured protected health information involving fewer than than 500 individuals each.
There have also been more than 980 reports of breaches involving health information for 500 or more people, HHS said. In those combined cases, information for more than 31.3 million people was breached, the department said.
Of those larger breaches, the locations where they occurred broke down in this way: laptops, 23 percent; paper records, 22 percent; desktop computers, 15 percent; portable electronic devices, 14 percent; network servers, 11 percent; email, 3 percent; electronic medical records, 2 percent; and other, 11 percent.
—By CNBC's Cadie Thompson.