Following a cyber attack on the health care company Community Health Systems Inc., the FBI has issued a warning stating that other health care organizations are also at risk of malicious activity from hackers. Although specific victims have not been specified by the FBI warning, the alert does state that other malicious actors have been observed targeting these organizations.
The attack on Community Health Systems led to the theft of approximately 4.5 million patient records, making it the largest hack-related HIPAA data breach on record according to California Healthline. As reported by the company, the hackers stole Social Security numbers, birth dates, addresses and other non-medical information. Community Health Systems is the second-largest publicly traded hospital company in the country. The company announced the data breach on Aug. 18, 2014, and the FBI warning was issued two days later on Aug. 20. However, the FBI has been concerned about the security of health care data systems for some time, issuing a notice to health care organizations in April citing their lax security. The previous alert states that health care organizations are more vulnerable to cyber attacks than the finance and retail sectors. These vulnerabilities are a big concern because hackers could potentially obtain prescriptions or even patients' bank account information.
The FBI alert states that malicious actors may be targeting health care organizations for the purpose of securing patients' personally identifiable information or health care information. The agency also cites evidence of these actors targeting a number of companies in order to obtain intellectual property such as medical device and equipment development data. The one-page flash alert mentions no victims, and an FBI spokesperson has not commented on the matter.
It is not uncommon for both the FBI and the Department of Homeland Security to issue alerts letting American businesses and organizations know what cyber threats are present in order to help them identify and prevent attacks. For instance, the agency issued a warning to retailers following the devastating cyber attacks on major retail chain Target in late 2013.
Following the attack on Community Health Systems, Senate Homeland Security and Government Affairs Committee Chair Tom Carper said in a news release that the U.S. must push for legal reforms. It states that these types of attacks on health care organizations and other businesses represent a threat to the nation's economy, global competitiveness and security in addition to personal privacy.
The FBI's alert may not be the first notice that has gone out to health care organizations in relation to cyber security, but it is an important warning that must be heeded in order to protect the information of millions of patients. Onlookers are hoping that these organizations are planning major changes in order to increase resiliency against cyber attacks.
Photo courtesy of Chanpipat at FreeDigitalPhotos.net