Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

FBI Issues Warning to Healthcare Industry on Cyber Security: Report

The FBI reportedly sent a warning to healthcare providers that weak cyber security practices are leaving the industry exposed to attacks.

The FBI reportedly sent a warning to healthcare providers that weak cyber security practices are leaving the industry exposed to attacks.

According to a report in Reuters, the agency sent a private notice to healthcare companies stating the industry “is not as resilient to  cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely.”

The data these firms possess could be a potential boon to hackers. In a report last year, Dell SecureWorks outlined the underground market for pieces of health insurance information ranging from contract numbers to the type of plan a customer has purchased. These packages of data, which can also feature verified bank account numbers and other information, are known in the cyber-underground as ‘fullz.’ Last year, fullz tended to go for about $500 depending on what was included, with health insurance credentials going for about $20 each with an additional $20 added whenever there is a dental, vision or chiropractic plan associated with the health plan, according to Dell SecureWorks.

News of the FBI warning comes after a cyber-security exercise for the healthcare industry known as the ‘CyberRX Initiative.’ The initiative is the result of a joint effort by the Health Information Trust Alliance (HITRUST) and the U.S. Department of Health and Human Service (HHS) aimed at determining how prepared organizations are to address cyber-threats. The first exercise was conducted during a seven-hour period on April 1, and the results were released Monday.

During the exercise, the organizations demonstrated varying levels of ability to use threat intelligence, communicate internally and work with external partners in the industry and in government.

The “weakness isn’t necessarily on technology implementations, it’s the ability to coordinate and collaborate across the myriad of participants in healthcare,” Roy Mellinger, WellPoint’s vice president and CISO, said in a phone briefing on the CyberRX results on Monday, SecurityWeek reported.

In February, the SANS Institute and security vendor Norse released a report on the healthcare industry, concluding “personal health care information (PHI) and organization intellectual property, as well as medical billing and payment organizations, are all increasingly at risk of data theft and fraud.”

“Poorly protected medical endpoints, including personal health devices, become gateways, exposing consumers’ personal computers and information to prowling cybercriminals,” according to the report.

Advertisement. Scroll to continue reading.

“Healthcare networks are not typically built with inherent mechanisms for detecting leaks or breaches in the way that financial networks might be,” said Trey Ford, global strategist at Rapid7. “When payment information like credit and debit cards are stolen and moved to the black market, the payment system is designed to pinpoint a ‘common point of purchase’ so affected accounts can be quickly identified and isolated.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Mike Byron has been named Chief Financial Officer (CFO) at Exabeam.

Ex-GitHub chief technology officer Mike Hanley has joined GM as CISO.

Network security and compliance assurance firm Titania has appointed Victoria Dimmick as CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.