This week, the FBI released a formal alert warning that healthcare related systems are being targeted by malicious actors. The FBI believes with HIGH confidence that these systems are being targeted, possibly for the purpose of obtaining Protected Health Information (PHI) and/or Personally Identifiable Information (PII). Multiple companies in the healthcare and mobile device industry are being targeted.
A recent intrusion into a healthcare system prompted the FBI’s Alert. Although details are still unknown, it is believed that the hackers used a spear phishing email attack to deliver the initial malware. Spear phishing is an attempt to obtain unauthorized access to confidential information.
These sophisticated attacks can result in data exfiltration, where the hacker’s primary goal is to transfer, copy or retrieve specific data from a targeted machine. The FBI warns that in addition to PHI and PII, these malicious actors are targeting intellectual property, including medical device and equipment development data.
The FBI’s official warning underscores a tough reality that’s become overwhelmingly evident in the healthcare space. We are under attack.
The value of the data we hold has been discovered, and is increasingly coveted, by sophisticated criminals. Our industry is indeed going to serve as the next cybersecurity battleground. Understanding this, ask yourself how your organization would stand up against a cyber-attack. Are you ready?
HIPAA checklists and “good faith effort” are no longer enough. Organizations who invest in comprehensive, thoughtful and strategic approaches to information risk management will give themselves a fighting chance against elaborate hack attacks and other emerging external threats. Those who don’t, probably won’t know what hit them until it’s too late.
[box]Contact a Clearwater representative to learn how you can gain a better understanding of the maturity of your risk management processes. It’s time we all get prepared for battle.[/box]