FBI warns healthcare of vulnerability to cyberattacks

The FBI has issued two warnings this month that healthcare organization systems, including medical devices, could be vulnerable to cyberattacks.

"The healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely," it said in a "private industry notice," or PIN, issued April 8.

It issued an update to that notice on April 17, an FBI spokeswoman confirmed, according to Healthcare Info Security, but did not disclose its contents. PINs generally are shared only with affected organizations who are asked to keep their contents private, according to Reuters.

The notices ask healthcare organizations to be alert for suspicious activity and to report it to local FBI bureaus or to the agency's 24/7 Cyber Watch.

Demand for healthcare information, which can be used to access bank accounts or obtain prescription narcotics, remains strong. The informatin can yield $20 each on some underground markets, compared with $1 to $2 for U.S. credit card numbers prior to the Target breach, the Reuters story says.

The FBI pointed to several reports on healthcare's vulnerability, including:

  •  A report published in February by The SANS Institute that called the status of healthcare security "alarming." This report said that cybersecurity strategies have fallen behind.
  • A Ponemon Institute report from 2013 in which 63 percent of the health care organizations surveyed reported a data breach in the previous two years with an average monetary loss of $2.4 million per data breach.

Just this week, a new Verizon data breach report chided the healthcare industry for lagging in efforts to encrypt computers and other devices.

To learn more:
- read the April 8 notice(.pdf)
- here's the Healthcare Info Security story
- find the Reuters article