Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

FBI Issues Warning to Healthcare Industry on Cyber Security: Report

The FBI reportedly sent a warning to healthcare providers that weak cyber security practices are leaving the industry exposed to attacks.

The FBI reportedly sent a warning to healthcare providers that weak cyber security practices are leaving the industry exposed to attacks.

According to a report in Reuters, the agency sent a private notice to healthcare companies stating the industry “is not as resilient to  cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely.”

The data these firms possess could be a potential boon to hackers. In a report last year, Dell SecureWorks outlined the underground market for pieces of health insurance information ranging from contract numbers to the type of plan a customer has purchased. These packages of data, which can also feature verified bank account numbers and other information, are known in the cyber-underground as ‘fullz.’ Last year, fullz tended to go for about $500 depending on what was included, with health insurance credentials going for about $20 each with an additional $20 added whenever there is a dental, vision or chiropractic plan associated with the health plan, according to Dell SecureWorks.

News of the FBI warning comes after a cyber-security exercise for the healthcare industry known as the ‘CyberRX Initiative.’ The initiative is the result of a joint effort by the Health Information Trust Alliance (HITRUST) and the U.S. Department of Health and Human Service (HHS) aimed at determining how prepared organizations are to address cyber-threats. The first exercise was conducted during a seven-hour period on April 1, and the results were released Monday.

During the exercise, the organizations demonstrated varying levels of ability to use threat intelligence, communicate internally and work with external partners in the industry and in government.

The “weakness isn’t necessarily on technology implementations, it’s the ability to coordinate and collaborate across the myriad of participants in healthcare,” Roy Mellinger, WellPoint’s vice president and CISO, said in a phone briefing on the CyberRX results on Monday, SecurityWeek reported.

In February, the SANS Institute and security vendor Norse released a report on the healthcare industry, concluding “personal health care information (PHI) and organization intellectual property, as well as medical billing and payment organizations, are all increasingly at risk of data theft and fraud.”

“Poorly protected medical endpoints, including personal health devices, become gateways, exposing consumers’ personal computers and information to prowling cybercriminals,” according to the report.

“Healthcare networks are not typically built with inherent mechanisms for detecting leaks or breaches in the way that financial networks might be,” said Trey Ford, global strategist at Rapid7. “When payment information like credit and debit cards are stolen and moved to the black market, the payment system is designed to pinpoint a ‘common point of purchase’ so affected accounts can be quickly identified and isolated.”

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...