FBI Warns Hackers Are Targeting Health Care Organizations
On Wednesday, the FBI issued a flash alert warning to health care organizations that they are being targeted by hackers, Reuters reports.
Background
The alert comes days after Community Health Systems announced that an external group of hackers attacked its computer network and stole the non-medical data of 4.5 million patients (Finkle, Reuters, 8/20).
The CHS incident is the second largest HIPAA breach ever reported and the largest hacking-related HIPAA data breach ever reported (California Healthline, 8/21). The Tennessee-based health system operates 206 hospitals across 29 states -- including California (California Healthline, 8/19).
In April, the FBI drew attention to health care organizations' heightened risk of cyberattacks, warning that those systems were lax compared with other industries and they are vulnerable to hackers looking to access bank accounts or get prescriptions.
FBI Notice Details
In its new notice, the FBI said the agency "has observed malicious actors targeting health care-related systems, perhaps for the purpose of obtaining protected health care information and/or personally identifiable information."
The agency added that it has observed evidence of multiple companies being targeted, typically for "valuable intellectual property," such as:
- Equipment development data; and
- Medical device data.
No specific companies were identified in the alert (Reuters, 8/20).
Lawmakers Call for Legislative Action To Prevent Cyberattacks
In related news, three senators have called for legislative action in response to the recent cyberattacks on health care systems, Politico's "Morning eHealth" reports.
In a news release, Senate Homeland Security and Government Affairs Committee Chair Tom Carper (D-Del.) said that legal reforms are needed to counter the threat, noting that such incidents "not only hurt us in our pocketbooks and threaten our privacy, but they also represent a serious threat to our security and our country's economy and global competiveness."
Rep. Michael McCaul (R-Texas), chair of the House Homeland Security Committee, said "[The attack] demonstrates the urgent need for the Senate to pass legislation and the President to get serious about signing a bill into law to protect individuals' private data, our health care systems and other critical infrastructure."
Rep. Marsha Blackburn (R-Tenn.), vice chair of the House Energy and Commerce Committee, said it is the responsibility of the federal government "to ensure that the right security and testing are in place - particularly when it comes to large scale health care projects" (Gold et al, "Morning eHealth," Politico, 8/21).
This is part of the California Healthline Daily Edition, a summary of health policy coverage from major news organizations. Sign up for an email subscription.