News Feature | August 29, 2014

FBI: Hackers Are Coming

Katie Wike

By Katie Wike, contributing writer

Healthcare Hackers Coming

The FBI warns that it has detected hackers attempting to crack into healthcare systems.

The FBI is warning the healthcare industry that “malicious actors” have been targeting the healthcare system. Reuters reports the FBI issued the statement following a highly publicized breach at Community Health Systems Inc. which compromised millions of patient records.

According to Venture Beat, the Community Health Systems breach lost data from 5.4 million patients. The attack has been determined to have been executed using the Heartbleed bug which was used to access login credentials. Experts estimate this breach could cost up to $150 million.

"The FBI has observed malicious actors targeting healthcare related systems, perhaps for the purpose of obtaining Protected Healthcare Information (PHI) and/or Personally Identifiable Information (PII)," said the FBI. "These actors have also been seen targeting multiple companies in the healthcare and medical device industry typically targeting valuable intellectual property, such as medical device and equipment development data.”

The FBI issued a similar warning in April, when it stated that healthcare industry security systems were not as strong as other industries. "The healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely," the FBI said at the time.

In June, a study from BitSight Technologies ranked healthcare last when it came to cyber security. "In our recent assessment of medical devices used in clinics and hospitals around the country, weak encryption, lack of key management, poor authentication and authorization protocols, and insecure communications were all common findings," Chandu Ketkar, technical manager at Cigital, said in a statement. "These gaps in security can lead to a compromise in data confidentiality and integrity. When sensitive data is compromised, it can not only create risks for patients but also expose health care providers and device manufacturers to regulatory and business risks."