Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

FBI Issues Warning to Healthcare Industry on Cyber Security: Report

The FBI reportedly sent a warning to healthcare providers that weak cyber security practices are leaving the industry exposed to attacks.

The FBI reportedly sent a warning to healthcare providers that weak cyber security practices are leaving the industry exposed to attacks.

According to a report in Reuters, the agency sent a private notice to healthcare companies stating the industry “is not as resilient to  cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely.”

The data these firms possess could be a potential boon to hackers. In a report last year, Dell SecureWorks outlined the underground market for pieces of health insurance information ranging from contract numbers to the type of plan a customer has purchased. These packages of data, which can also feature verified bank account numbers and other information, are known in the cyber-underground as ‘fullz.’ Last year, fullz tended to go for about $500 depending on what was included, with health insurance credentials going for about $20 each with an additional $20 added whenever there is a dental, vision or chiropractic plan associated with the health plan, according to Dell SecureWorks.

News of the FBI warning comes after a cyber-security exercise for the healthcare industry known as the ‘CyberRX Initiative.’ The initiative is the result of a joint effort by the Health Information Trust Alliance (HITRUST) and the U.S. Department of Health and Human Service (HHS) aimed at determining how prepared organizations are to address cyber-threats. The first exercise was conducted during a seven-hour period on April 1, and the results were released Monday.

During the exercise, the organizations demonstrated varying levels of ability to use threat intelligence, communicate internally and work with external partners in the industry and in government.

The “weakness isn’t necessarily on technology implementations, it’s the ability to coordinate and collaborate across the myriad of participants in healthcare,” Roy Mellinger, WellPoint’s vice president and CISO, said in a phone briefing on the CyberRX results on Monday, SecurityWeek reported.

In February, the SANS Institute and security vendor Norse released a report on the healthcare industry, concluding “personal health care information (PHI) and organization intellectual property, as well as medical billing and payment organizations, are all increasingly at risk of data theft and fraud.”

“Poorly protected medical endpoints, including personal health devices, become gateways, exposing consumers’ personal computers and information to prowling cybercriminals,” according to the report.

Advertisement. Scroll to continue reading.

“Healthcare networks are not typically built with inherent mechanisms for detecting leaks or breaches in the way that financial networks might be,” said Trey Ford, global strategist at Rapid7. “When payment information like credit and debit cards are stolen and moved to the black market, the payment system is designed to pinpoint a ‘common point of purchase’ so affected accounts can be quickly identified and isolated.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.