The Federal Bureau of Investigation (FBI) recently issued a warning to healthcare organizations that their IT systems and medical devices were at risk for increased attacks from hackers due to lax cybersecurity standards and practices.
The memo was passed along earlier this month as a "Private Industry Notification," (PIN). It said that due to the mandatory transition from paper records to EHRs, lax security standards, and a higher payout for medical records in the black market, healthcare systems and medical devices have created a more open environment for cyber criminals to exploit.
"The healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely," the FBI wrote in the PIN. The memo was leaked by Reuters.
The FBI cited a report from the SANS Institute, a non-profit organization, that indicated healthcare security strategies were poor in protecting from cyber threats that could expose patient data. It also cited the annual Ponemon Institute report which said that 63 percent of organizations surveyed reported a data breach in the past two years at an average loss of $2.4 million per data breach.