Finjan finds "crimeware" servers hosting medical and business data

[audio http://healthbb.files.wordpress.com/2008/06/finjan3.mp3]
Finjan, Inc., a maker of network security products, has a malicious page of the month feature on its website. High-tech criminals are especially clever and I'm always impressed with the degree of innovation they display. And of course it's fairly obvious how publication of these malicious pages leads to interest in Finjan's security offerings.This month's malicious page details how security was compromised at a couple of prominent US health care organizations. As I've discussed recently (see Why stolen personal health information is so valuable), medical records are particularly valuable to thieves. Their value has remained high even as the value of traditional targets of hackers (such as credit cards) has fallen.Most of the stories I've seen focus on the theft of laptops or of individual patient records. What Finjan has discovered is a little bit worse: stolen Citrix credentials, which hackers can use to gain broad access to an organization's health care files without leaving much of a trace.In this podcast I interviewed Finjan's Chief Technology Officer, Yuval Ben-Itzhak, who shed some light on what's going on.