Cyberthreats are becoming increasingly complicated and are spreading across industries. The world of healthcare is no exception. But hospitals don’t have to face these perils alone. At the American Hospital Association Annual Membership Meeting yesterday, FBI Director James Comey had some advice for hospitals.
“One of the most depressing facts is that the vast majority of [data] intrusions are not reported to law enforcement,” he said, according to MedPage Today. “The instinct [not to] is horribly shortsighted, because the idea that this will go away … [that you should] remediate without telling anyone, is foolish.”
Comey painted an inviting picture of the FBI, encouraging hospitals to reach out when they’re attacked by cybercriminals. “We will be open and honest with you and treat you as what you are: victims,” he said, according to AHA News Now. He added that the agency doesn’t need hospitals’ sensitive information like memos or patient histories. Instead, the FBI needs “the fingerprints of digital intrusion,” which it will use to hunt down the cybercriminal.
To illustrate his point, Comey used the example of a hospital having a relationship with a nearby fire department, according to FierceHealthcare. Although the fire department doesn’t know the hospital inside and out, the firefighters know where the hydrants and exits are, which is enough to help them save people during a fire.
For its part, the FBI is also taking action to be more active in responding to hospitals. “I don’t want to give you too much information because our interests are not aligned in this area,” Comey said. “But we’re trying to do a number of things.” He noted that the FBI is helping law enforcement officials get up-to-date on digital technologies and ensuring cybercriminals have to face the consequences of their actions.
During his speech, Comey went on to address the darker side of cyberattacks, including what hackers do with the health information they steal. On some occasions, cybercriminals use sensitive data to reopen health savings accounts and use the money to buy and sell goods, according to Politico. In other instances, hackers could steal genomic databases and sell them to unethical innovators.
A Deep-dive Into Specialty Pharma
A specialty drug is a class of prescription medications used to treat complex, chronic or rare medical conditions. Although this classification was originally intended to define the treatment of rare, also termed “orphan” diseases, affecting fewer than 200,000 people in the US, more recently, specialty drugs have emerged as the cornerstone of treatment for chronic and complex diseases such as cancer, autoimmune conditions, diabetes, hepatitis C, and HIV/AIDS.
For these and other reasons, Comey urged hospitals to rethink paying hackers in the case of a ransomware attack. Paying up, he said, is ultimately harmful because it encourages cybercriminals to keep targeting healthcare organizations. Instead, hospitals and health systems should keep adequate backup systems.
Comey’s speech at AHA comes a little more than a month after the FBI issued a private industry notification to medical and dental facilities, warning them of the looming dangers of cyberattacks.
Photo: turk_stock_photographer, Getty Images
