FBI warns healthcare firms they are targeted by hackers

Whatsapp News

FBIBOSTON – The FBI has warned that healthcare industry companies are being targeted by hackers, publicizing the issue following an on .S. hospital group Community Health Systems Inc that resulted in the theft millions patient records.

“The FBI has observed malicious actors targeting healthcare related systems, perhaps for the purpose obtaining Protected Healthcare (PHI) and/or Personally Identifiable (PII),” the agency said in a “Flash” alert obtained by Reuters on Wednesday.

“These actors have also been seen targeting multiple companies in the healthcare and medical device industry typically targeting valuable intellectual property, such as medical device and equipment development data,” the one page document said.

The FBI and Department Homeland Security periodically release alerts to provide .S. businesses with technical details and other they can to either or identify cyber . Such reports are typically only issued to businesses and not distributed to the .

The FBI has been concerned about healthcare providers for several months. In April, it warned the industry that its systems were lax compared with other sectors, making it vulnerable to hackers looking to access bank accounts or obtain prescriptions.

The agency has also reached out to other industries, including a warning to retailers in January alerting them to expect more credit card breaches in the wake of last year’s on Target Corp. [eap_ad_2] The recent alert to healthcare companies did not identify any specific victims targeted by hackers. An agency declined to comment on the document.

Community Health, the No. 2 .S. publicly traded hospital operator, disclosed the on , saying stolen data included patient names, addresses, birth dates and Social Security numbers.

The healthcare company has said little about how its network was attacked.

David Kennedy, an expert in healthcare security, said he has learned the hackers broke into the company’s computer system using a piece of networking equipment that had not been patched to fix the “Heartbleed” Internet bug. The break-in was the first known large-scale cyber attack to exploit that vulnerability.

Kennedy, who is chief of TrustedSec LLC, said multiple people familiar with the investigation told him hackers exploited the bug in a piece of Juniper Networks Inc equipment to obtain employee credentials and access the company’s network. Once in, they hacked their way into a database containing Social Security numbers and other records.

Juniper spokeswoman Danielle Hamel declined to comment on the breach, but said her company issued patches in April to protect customers against Heartbleed.

Community Health spokeswoman Tomi Galin did not respond to requests for comment on Heartbleed.[eap_ad_3]