FBI Warns Healthcare Sector of Vulnerability to CyberattacksApr 25, 2014
The Federal Bureau of Investigation (FBI) has warned healthcare providers that inadequate cybersecurity systems make them vulnerable to attacks by hackers seeking medical records and health insurance data.
The FBI says that health data is more valuable to hackers than credit card numbers because it often contains details that can be used to access bank accounts or obtain prescriptions for controlled substances, Reuters reports. "The healthcare industry is not as resilient to cyber intrusions” as the financial and retail sectors are, the FBI said. Increased cyber intrusions are likely, according to a private notice distributed to healthcare providers and obtained by Reuters.
The notice urged recipients to report suspicious or criminal activity to local FBI bureaus or the agency's 24/7 Cyber Watch. Such private industry notices (PINs), though typically unclassified, are usually shared only with affected organizations, which are asked to keep the contents private. Reports published over the past few years have urged healthcare systems to boost security, Reuters reports.
With so many stolen credit card numbers on the market, their value has dropped, Reuters reports, but medical information remains valuable, in part because it takes victims of such thefts longer to realize the information has been stolen and report it. Cyber criminals can get $20 for health insurance credentials, compared with $1 to $2 for U.S. credit card numbers, according to Dell SecureWorks, a cybersecurity firm.
Criminals can use medical data for financial fraud, creating false identities and opening new accounts, but many use the records to impersonate patients and obtain prescriptions for controlled substances, according to Reuters. The FBI alert cited a report from the SANS Institute, which trains cybersecurity professionals. SANS warned that the healthcare industry was not well prepared to fight cyber threats, noting hundreds of attacks on radiology imaging software, video conferencing equipment, routers, and firewalls.