Hackers Directly Targeting Health Care Organizations, FBI Warns
August 21, 2014 in News
On Wednesday, the FBI issued a flash alert warning to health care organizations that they are being targeted by hackers, Reuters reports.
The alert comes days after Community Health Systems announced that an external group of hackers attacked its computer network and stole the non-medical data of 4.5 million patients (Finkle, Reuters, 8/20).
The CHS incident is the second largest HIPAA breach ever reported and the largest hacking-related HIPAA data breach ever reported (iHealthBeat, 8/18).
In April, the FBI drew attention to health care organizations’ heightened risk of cyberattacks, warning that “[c]yber actors will likely increase cyber intrusions against health care systems — to include medical devices — due to mandatory transition from paper to electronic health records, lax cybersecurity standards and a higher financial payout for medical records in the black market” (iHealthBeat, 4/24).
FBI Notice Details
In its new notice, the FBI said the agency “has observed malicious actors targeting health care-related systems, perhaps for the purpose of obtaining protected health care information and/or personally identifiable information.”
The agency added that it has observed evidence of multiple companies being targeted, typically for “valuable intellectual property,” such as:
- Equipment development data; and
- Medical device data.
- No specific companies were identified in the alert (Reuters, 8/20).
Lawmakers Call for Legislative Action To Prevent Cyberattacks
In related news, three senators have called for legislative action in response to the recent cyberattacks on health care systems, Politico‘s “Morning eHealth” reports.
In a news release, Senate Homeland Security and Government Affairs Committee Chair Tom Carper (D-Del.) said that legal reforms are needed to counter the threat, noting that such incidents “not only hurt us in our pocketbooks and threaten our privacy, but they also represent a serious threat to our security and our country’s economy and global competiveness.”
Rep. Michael McCaul (R-Texas), chair of the House Homeland Security Committee, said “[The attack] demonstrates the urgent need for the Senate to pass legislation and the President to get serious about signing a bill into law to protect individuals’ private data, our health care systems and other critical infrastructure.”
Rep. Marsha Blackburn (R-Tenn.), vice chair of the House Energy and Commerce Committee, said it is the responsibility of the federal government “to ensure that the right security and testing are in place – particularly when it comes to large scale health care projects” (Gold et al, “Morning eHealth,” Politico, 8/21).