BreachExchange mailing list archives
FBI issues warning, EHRs vulnerable to cyber attack, theft
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 1 May 2014 19:46:27 -0600
http://www.fiercegovernmentit.com/story/fbi-issues-warning-ehrs-vulnerable-cyber-attack-theft/2014-05-01 The FBI is warning healthcare providers that lax cybersecurity standards will leave their computer systems more vulnerable to hackers as the industry transitions to electronic health records. The law enforcement agency said new EHR systems coupled with more devices connected to the Internet will create "a rich new environment" to exploit. As a result, cyber criminals could steal patient medical records and sell them on the black market. "The healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely," the FBI said in a private industry notification (pdf) dated April 8. The agency is urging recipients to report suspicious or criminal activity to local FBI offices or to its 24/7 Strategic Information and Operations Center. The agency cited recent reports from several research firms that have documented vulnerabilities and thefts in the healthcare industry. A February 2014 SANS Institute report said healthcare security strategies and practices are "poorly protected and ill-equipped" to deal with new cyber threats that expose patient records, billing and payment organizations, and intellectual property, according to the FBI notice. That SANS report also said IT healthcare professionals believe their cybersecurity defenses work even though data analysis revealed that medical devices such as radiology imaging software and security application systems, such as firewalls, have been compromised. A March 2013 Ponemon Institute also cited by the FBI said that 63 percent of healthcare organizations reported a data breach in the past two years with an average monetary loss of $2.5 million per breach. The report added that 45 percent of organizations hadn't implemented security measures to protect patient data. The FBI notice also cited a 2013 EMC²/RSA white paper that said more than 2 million healthcare records were compromised in the first half of 2013. On the black market, each partial EHR sells for $50, compared to $1 for a stolen Social Security or credit card number. Stolen EHRs, which can be very difficult to detect, can be used to file fraudulent insurance claims or get prescription medication, the white paper noted.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- FBI issues warning, EHRs vulnerable to cyber attack, theft Audrey McNeil (May 07)