I think you're right that it's medical. The author calls out PII was the target. Sure, there's PII in Defense/Fintech/Government, but it's probably not the target in those sectors and PII doesn't have the same spotlight on it as in the Medical world (e.g. HIPPA & GDPR).
Are you saying that, for example, the addresses of military generals and spies are less of a target for hackers than the addresses of medical patients? While there are laws to protect medical information, I think all governments care more about protecting national security information.
Ah, good point! No, I was not saying that at all, and thank you for pointing that out.
When I was thinking of "defense", I was thinking of the defense contractors who are designing/building things like the next-gen weapons, radar, vehicles, and the like. In that context, when it comes to what they can exfiltrate, I think attackers probably prioritize the details & designs over PII. Just a guess though.
Not just vaccines, but basically all your data, including billing and disease history. Perfect for both scamming and extortion.
Keep in mind that you actually want your medical provider to have that data, so they can treat you with respect to your medical history, without killing you in the process.
True. However, reading between the lines, the exfiltration "project" was targeted (i.e. one-off), skilled and long. I would put the cost anywhere between 1 megabuck and 10 megabucks. Given risks and dubious monetization, I would assume the "sponsor" demands at least a 10x ROI.
How about psychiatric data from the area around Washington DC? Hospitals/practices that are frequented by New York CEO-types? I can picture that being quite valuable to the right parties.
I think you're right that it's medical. The author calls out PII was the target. Sure, there's PII in Defense/Fintech/Government, but it's probably not the target in those sectors and PII doesn't have the same spotlight on it as in the Medical world (e.g. HIPPA & GDPR).
Are you saying that, for example, the addresses of military generals and spies are less of a target for hackers than the addresses of medical patients? While there are laws to protect medical information, I think all governments care more about protecting national security information.
Ah, good point! No, I was not saying that at all, and thank you for pointing that out.
When I was thinking of "defense", I was thinking of the defense contractors who are designing/building things like the next-gen weapons, radar, vehicles, and the like. In that context, when it comes to what they can exfiltrate, I think attackers probably prioritize the details & designs over PII. Just a guess though.
At least in the USA, the addresses of military generals has already been pwned (at least by the CCP/PRC). https://en.wikipedia.org/wiki/Office_of_Personnel_Management...
> the addresses of military generals and spies are less of a target for hackers than the addresses of medical patients?
Why not both? Think how valuable the medical information of military staff would be as a source of coersive power.
Not just vaccines, but basically all your data, including billing and disease history. Perfect for both scamming and extortion.
Keep in mind that you actually want your medical provider to have that data, so they can treat you with respect to your medical history, without killing you in the process.
True. However, reading between the lines, the exfiltration "project" was targeted (i.e. one-off), skilled and long. I would put the cost anywhere between 1 megabuck and 10 megabucks. Given risks and dubious monetization, I would assume the "sponsor" demands at least a 10x ROI.
Is medical data really that valuable?
How about psychiatric data from the area around Washington DC? Hospitals/practices that are frequented by New York CEO-types? I can picture that being quite valuable to the right parties.