The shift to electronic health records is opening up new opportunities for biopharma research, but it also makes the information vulnerable to hackers. Having assessed the situation, the FBI has issued a warning to healthcare providers: Your data is at the top of hackers' hit lists and your cybersecurity is lax.
Reuters reports that the FBI told healthcare providers of its concerns in a private industry notification (PIN) earlier this month. The PIN warned healthcare providers that their cybersecurity practices lag behind those of other sectors, notably companies in financial and retail, which increases the likelihood of them being hacked. The value of healthcare data also makes providers a target. Dell SecureWorks found that U.S. credit card numbers trade for $1 to $2 on the black market. Health insurance credentials are worth $20.
Buyers can use the stolen medical data for financial fraud or to get prescriptions for opiates and other controlled substances. Last year Edward Ferrara, principal analyst of security and risk at Forrester Research, told The Wall Street Journal that biopharma companies were increasingly outsourcing security, a strategy that has worked for the financial sector. But the FBI warning suggests that the healthcare providers these companies work with to administer and test drugs may lack their rigor.
The FBI warning cited a February report by cybersecurity training body the SANS Institute. SANS also noted that healthcare is ill-prepared to defend itself against hackers and cited hundreds of known attacks on radiology imaging software, video conferencing equipment, routers and firewalls as evidence.
- read Reuters' article