The FBI is alerting the healthcare industry companies on potential cyber attacks, the law enforcement are warning companies after the attack on U.S. hospital group Community Health Systems Inc that caused the theft of millions of patient records.
“The FBI has observed malicious actors targeting healthcare related systems, perhaps for the purpose of obtaining Protected Healthcare Information (PHI) and/or Personally Identifiable Information (PII),” “These actors have also been seen targeting multiple companies in the healthcare and medical device industry typically targeting valuable intellectual property, such as medical device and equipment development data,” stated the FBI in a document obtained by Reuters agency.
Community Health is the second U.S. publicly traded hospital operator, the company revealed that a cyber attack hit his systems early this weak, threat actors have stolen data included patient names, Social Security numbers, addresses and birth dates.
Despite the company hasn’t provided details on the attack, rumors says that hackers exploited a piece of networking equipment hosted in its network and that had not been patched to fix the “Heartbleed” vulnerability. If confirmed the attack is the first major case officially disclosed in which bad actors exploited the Heartblled flaw. According to David Kennedy, chief executive of TrustedSec LLC, the attackers have exploited a bug in a piece of Juniper Networks Inc equipment to obtain employee credentials and access the company’s network.
Recent data on investigation shows that the hospital operator’s network had been plagued by malware infections for months. Of the 12,500 IP addresses associated with the CHS network, 10 were linked to malicious bots, such as Kelihos, Asprox, Gameover Zeus and Conficker, as explained by Jason Lewis, chief intelligence and collections officer at Lookingglass, in a blog post. But patches for Conficker were available since 2008, indicating that CHS machines were unpatched.
The bots performed SQL injection attacks, data exfiltration, click fraud and banking credential theft from targeted PCs.
The alert to healthcare industry doesn’t refer businesses targeted by cyber attacks and the agency hasn’t released any further comment on the document.
The FBI and Department of Homeland Security have already issued similar alerts to the businesses operating in the healthcare industry, in April it issued another warning on low level of security offered by solutions used by the companies in the sector.
Security experts believe that many other similar cases could be observed in the next months, the alert issued by authorities must be seriously considered to avoid dangerous consequences.
(Security Affairs – healthcare, data breach)