News Feature | May 5, 2014

FBI: Mobile Devices High Breach Risk

Christine Kern

By Christine Kern, contributing writer

Mobile Device's Breach Risk

The FBI’s cyber division is alerting healthcare systems of increased cyber intrusions for financial gains.

The healthcare field is particularly vulnerable to cyber-attacks, according to the FBI.

An FBI notice states of cybercrime against healthcare systems and mobile devices will likely be on the rise due to the mandatory transition from paper records to EHR, lax standards of cybersecurity, and a higher financial payout for medical records on the black market.

The FBI notice explains, "The deadline to transition to EHR is January 2015, which will create an influx of new EHR coupled with more medical devices being connected to the Internet, generating a rich new environment for cyber criminals to exploit."

Further, the agency stated that the healthcare industry "is not technically prepared to combat against cyber criminals’ basic cyber intrusion tactics, techniques and procedures, much less against more advanced persistent threats" and "is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely."

Symantec released its annual Internet Security Threat Report earlier this month, in which the information protection vendor revealed that 37 percent of all data breaches in 2013 were in healthcare – the largest number of disclosed data breaches for any industry. According to the report, over 6 million identities were exposed in 2013 in the healthcare industry alone.

“The impact that this could have is significant because it could cost a consumer thousands of dollars to have their identity stolen and it can also put their healthcare coverage at risk, leading to legal problems or inaccurate medical records,” warned Satnam Narang, security response manager at Symantec.

Narang explained that data breaches in healthcare are particularly troubling. They provide unauthorized access to health and personal information such as Social Security numbers, these kinds of data breaches and could potentially result in false claims being filed, free medical treatment and ordering of prescription drugs. And with the rise in use of mobile devices such as unencrypted laptops and other mobile devices by healthcare providers, the threats are growing and more serious.

In just one example of this growing cyber threat to healthcare data, The Department of Health and Human Services Office for Civil Rights announced on April 22 that it collected nearly $2 million to resolve potential HIPAA violations from two firms for failure to secure protected health information on laptops and mobile devices.