Monday, April 14, 2008

Medical Phishing

There has recently been a reported attack targeted GP’s login information.
“A number of NHSmail users have recently received an email fraudulently claiming to be from the NHSmail team. The email asks users to send their name and password to an email address. Under no circumstances should you respond to any email or other form of communication requesting your password.”

This attack targeted GP’s and it is unclear how much patient data could be compromised from a successfully phished GP account.
Phishing for medical records is likely to become much more common as computerized access to medical records become more common. Google have announced plans to store medical information.
“Google Health aims to solve an urgent need that dovetails with our overall mission of organizing patient information and making it accessible and useful. Through our health offering, our users will be empowered to collect, store, and manage their own medical records online.”

Not that Google health has been targeted by phishers but being aware it is a potential target is important. Increasing patients access to their medical records also presents opportunities to phishers. The market for phishing bank details is obvious, who will buy medical records is less clear. But any information private that has value will be phished for and we should anticipate this when new information is made computer accessible.

No comments: