FBI Says Health Systems, Medical Devices at Risk for Cyberattacks
April 24, 2014 in News
Earlier this month, the Federal Bureau of Investigations issued a notice warning that health care systems and medical devices face an increased risk of cyberattacks, Health Data Management reports (Slabodkin, Health Data Management, 4/23).
According to Reuters, private health data are more valuable on the black market than some financial information, such as credit card numbers, because they tend to include specific details that can be used to:
- Access individuals’ bank accounts; and
- Obtain prescriptions for controlled medications.
Meanwhile, experts say that demand for such data remains high on criminal marketplaces because:
- Victims of such theft usually take longer to realize their information has been taken and report the incident; and
- The data can be used in various ways (Finkle, Reuters, 4/23).
Details of Notice
The FBI notice says, “Cyber actors will likely increase cyber intrusions against health care systems — to include medical devices — due to mandatory transition from paper to electronic health records, lax cybersecurity standards and a higher financial payout for medical records in the black market.”
The agency added that the industry “is not technically prepared to combat against cyber criminals’ basic cyber intrusion tactics, techniques and procedures, much less against more advanced persistent threats” and “is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely” (Health Data Management, 4/23).
The notice urged health systems to report any criminal or suspicious activity to the FBI (Reuters, 4/23).