FBI warns healthcare of vulnerability to cyberattacks


The FBI has issued two warnings this month that healthcare organization systems, including medical devices, could be vulnerable to cyberattacks.

"The healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely," it said in a "private industry notice," or PIN, issued April 8.

It issued an update to that notice on April 17, an FBI spokeswoman confirmed, according to Healthcare Info Security, but did not disclose its contents. PINs generally are shared only with affected organizations who are asked to keep their contents private, according to Reuters.

The notices ask healthcare organizations to be alert for suspicious activity and to report it to local FBI bureaus or to the agency's 24/7 Cyber Watch.

Demand for healthcare information, which can be used to access bank accounts or obtain prescription narcotics, remains strong. The informatin can yield $20 each on some underground markets, compared with $1 to $2 for U.S. credit card numbers prior to the Target breach, the Reuters story says.

The FBI pointed to several reports on healthcare's vulnerability, including:

Just this week, a new Verizon data breach report chided the healthcare industry for lagging in efforts to encrypt computers and other devices.

To learn more:
- read the April 8 notice(.pdf)
- here's the Healthcare Info Security story
- find the Reuters article

Related Articles:
Status of healthcare security: 'Alarming'
Medical identity theft up 20% since 2012
Health industry lacks 'security advocacy'