The Federal Bureau of Investigations (FBI) just warned about the increased risks of cyber attacks associated with health care systems and medical devices.
On the black market, private health data carries more value than financial information, such as credit card numbers, according to a Reuters report. The value of health data has to do with access to individuals’ bank accounts and the ability to obtain prescriptions for controlled medications, wrote Reuters.
Experts believe that the demand for medical data is on the rise among criminals because it takes longer for victims of these crimes to discover that their data has been breached and then to report those crimes. Adding to the issue is that stolen data may be used in myriad ways, according to Reuters.
The FBI notice indicated that, “Cyber actors will likely increase cyber intrusions against health care systems—to include medical devices—due to mandatory transition from paper to electronic health records, lax cyber security standards, and a higher financial payout for medical records in the black market,” iHealthBeat reported.
The FBI notice also stated that, industry “is not technically prepared to combat against cyber criminals’ basic cyber intrusion tactics, techniques, and procedures, much less against more advanced persistent threats” and “is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely,” according to Health Data Management.
The FBI notice urges health care systems to report criminal or suspicious activity to the FBI, wrote Reuters.
According to the Federal Times, organizations must transition to electronic health records by 2015. This transition, says the FBI’s cyber division, will likely lead to increased cyber attacks. When medical devices are breached, cyber attackers are then better able to access even more critical health systems, the notice indicated, according to the Federal Times.
In its yearly Internet Security Threat Report released this month, Symantec indicated that 37 percent of all data breaches in 2013 occurred in healthcare, according to HealthDataManagement. This represents the largest number of disclosed data breaches in any industry. Symantic also indicated that it learned that, in 2013, more than 6 million identities were exposed in just the healthcare industry.
“The impact that this could have is significant because it could cost a consumer thousands of dollars to have their identity stolen and it can also put their healthcare coverage at risk, leading to legal problems or inaccurate medical records,” says Satnam Narang, security response manager at Symantec, according to HealthDataManagement. Narang pointed out that data breaches that lead to unauthorized health and personal information access, including Social Security numbers, may potentially lead to the filing of false claims, the receipt of free medical treatment, and the ordering of prescription drugs, wrote HealthDataManagement. Health information threats include networks, unencrypted laptops, and other mobile devices, he added.