TRENDING:

Illegal Pharmacy Sites Pose Cyberthreats

FDA Crackdown Highlights the Risks Involved Marianne Kolbasuk McGee (HealthInfoSec) • July 12, 2013    
Illegal Pharmacy Sites Pose Cyberthreats

The Food and Drug Administration, with the help of U.S. and international law enforcement agencies, recently busted 9,600 websites that sell counterfeit or illegal drugs. These websites not only peddle potentially dangerous products to consumers; they also pose cybersecurity risks.

See Also: Key Security Challenges and Tooling Approaches for APAC in 2024

"These pharmacies pose non-health-related risks to consumers, including credit card fraud, identity theft, or computer viruses," says an FDA statement announcing the bust, dubbed "Operation Pangea VI."

Bruce Murphy, a principle of technology risk management services at the consulting firm Deloitte, notes: "These sites are a breeding ground for malware and launching ground for cyber-attacks." The illegal pharmacy sites "are not only fraudulent, they are not well controlled," he says.

Malware and related risks to consumers on these sites range from unintentional - due to the shoddy cybersecurity controls of the organizations who operate them - to intentional. "That includes harvesting [consumer] data like credit card numbers ... to launching denial-of-service attacks," says Kelly Bissell, global lead for cybersecurity at Deloitte's U.S. IT risk management practice.

As a result, consumers need to be attentive that the sites they visit are legitimate and secure. Also, employers need to make workers aware of the hazards these sites potentially pose while also using tools to detect employees visiting unsafe sites.

Snake Oil, Viruses, and Fraud

The FDA doesn't have a head count for how many consumers may have fallen victim to these sites. Nor does the agency have specific information on the kind of malware these websites can spread, FDA spokesman Christopher Kelly told Information Security Media Group.

"Many of these websites appeared to be operating as a part of an organized criminal network that falsely purported its websites to be 'Canadian Pharmacies,'" the FDA statement notes. "These websites displayed fake licenses and certifications to convince U.S. consumers to purchase drugs they advertised as 'brand name' and 'FDA approved."

The FDA says its Office of Criminal Investigations, in coordination with the U.S. Attorney's Office for the District of Colorado, seized and shut down 1,677 illegal pharmacy websites in the bust. "OCI seizure banners are now displayed on those websites," Kelly says. Other actions taken against many of the illegal websites include regulatory warnings.

"FDA focused its efforts on larger online pharmacy networks that operate in violation of the Federal Food, Drug, and Cosmetic Act and other U.S. laws and regulations by selling to U.S. consumers misbranded, unapproved, or suspected counterfeit medicines, or by selling prescription medicines without requiring a prescription; operating without a valid pharmacy license, and shipping medicines into jurisdictions in which it is not authorized to ship," Kelly says.

"Because of the volume of illegal online pharmacies FDA could not take action on all of these pharmacies, so we had to prioritize our efforts."

Although FDA and law enforcement swooped in on nearly 10,000 sites, that's not the end of the problem. "There are potentially tens of thousands of illegal online pharmacies in operation. The investigation took months, and continues," Kelly says.

"The FDA is focused on protecting consumers from illegal online pharmacies and works on an ongoing basis to shutdown these illegal websites," he says. "The FDA also takes enforcement action, such as seizing illegal products, as needed throughout the year."

Consumer Protection

Kelly recommends that consumers be on the lookout for these fake online pharmacies and report suspicions to the FDA.

"Illegal pharmacy websites often display bogus pharmacy license numbers, pharmacy association or regulatory authority [such as FDA] approval certificates, or logos that have no real meaning or value and which may make it difficult for consumers to identify the websites as fake," he says.

These sites often trick consumers by having website URLs that look like the names of real pharmacy chains.

Additionally, fraudulent online pharmacies often offer deeply discounted products. "The low prices might seem too good to be true, and they probably are," Kelly says.

Consumers should beware of online pharmacies that allow visitors to buy medicine without a prescription from their doctors, send spam or unsolicited e-mail offering cheap drugs, and are located outside of the United States or ship worldwide, he advises.

Other Steps to Take

Besides avoiding these sites, what else can consumers and employers do to protect themselves from becoming victims of these fraudsters and criminals?

For starters it's important to remember that cybersecurity threats from fraudulent websites are a problem across all sectors, from retail to banking, not just pharmacy-related sites, Deloitte's Bissell says. "It's estimated that cybercrime ranges from $52 billion to close to a trillion dollars," he says.

Consumers should keep their anti-malware software updated and validate that they are on the correct website before making purchases online. That includes looking for SSL key locks that show the site is secure, Bissell says.

Meanwhile, organizations need to be watchful in protecting their systems from the cybersecurity threats these fraudulent sites pose because employees sometimes shop online using corporate-owned computers.

Most organizations have given up trying to block all web surfing by employees, Deloitte's Murphy notes. And it's often difficult to block access to risky sites, he adds./p>

Web filters and monitoring tools can help detect user activity on unsafe websites, he says, but awareness campaigns to deter unwanted user behavior are also necessary.

"This is a problem across all sectors, not just in the U.S., but globally," he says. "The bad guys are creative and persistent. People and companies need to stay vigilant."

Previous
Cyber-Attacks a Business Problem
Next
WellPoint to Pay $1.7 Million Settlement

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.



Around the Network

Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.