Memo to businesses: Ransomware attacks are worse than ever, and unless you prepare, don’t be surprised if you or your business is the next victim, warn government cybersecurity czars. Joint advisory cybersecurity authorities in the United States, Australia, and the United Kingdom observed a marked increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally throughout 2021. They expect...

Healthcare entities should implement a more “proactive preparedness” approach for protecting their electronic health record/electronic medical record systems. Federal regulators warn that these are an increasingly attractive target for cyberattacks and other breaches. The DHHS Health Sector Cybersecurity Coordination Center, in a threat brief issued Thursday, reinforced that EHRs/EMRs are profitable to cybercriminals. Largely due to...

The Ripple Effects that Extend Outward from a Breach According to the Verizon 2020 Data Breach report, 22% of all security incidents are perpetuated by insiders. In addition, the costs of insider breaches – caused either by human error or bad actors have – risen by 47% over the past two years. As an organization, a certain amount of trust is required to ensure that business runs smoothly. But, given the inherent risks involved, that trust...

Alert Comes as Health Entities Globally Continue Battling Cyberattacks, Fallout The U.S. Department of Health and Human Services has posted a warning to the healthcare sector about increasing threats involving Pysa ransomware and the cybercriminal gang Mespinoza — also known as Gold Burlap and Cyborg Spider — which operates the malware variant. In an alert, the DHHS Health Sector Cybersecurity Coordination Center, or HC3, warns that since 2018,...

There are several trends emerging in the cyber insurance industry that are worrying for mid-size and local entities. These trends are largely a response to the havoc ransomware has caused across industries in the last 18 months. The emerging trends can be summed up as: Prices are increasing, in many cases in the range of 2x-4x Renewal and acceptance rates for policies are going down, in many cases, by 40%-60% compared to previous years Entities...

A recent breach affecting 37,636 individuals has been attributed to a terminated company executive. The information in the file included name, age, sex, race, county and state of residence, and zip code, as well as Medicare beneficiary information, such as Medicare eligibility period, spend information, and hierarchical condition category risk score. This breach highlights some of the top security and privacy challenges covered entities and...

Law enforcement and intelligence agencies in the U.S, the U.K. and Australia have issued a joint advisory on unidentified Iran government-backed advanced persistent threat (APT) actors exploiting Fortinet and Microsoft Exchange ProxyShell vulnerabilities to attack organizations in their respective countries. Attributing the attacks to a specific APT group is inherently challenging, but a senior cyber threat intelligence analyst has pointed out...

The FBI has issued a warning about Hive ransomware after the crime group took down IT systems at Memorial Health System in Ohio The alert details indicators of compromise and tactics, techniques and procedures—or TTPs—associated with ransomware attacks by the apparent ransomware-as-a-service operation. The full release can be found here:  https://www.ic3.gov/Media/News/2021/210825.pdf In addition to the details of the attack, the FBI has issued...

ENE Systems hack said to affect 3 Boston Hospitals   A hacking incident that reportedly targeted a Massachusetts-based ENE Systems that provides HVAC systems to several Boston-area hospitals and others shines a spotlight on the growing cybersecurity risks involving IoT devices and OT equipment.   Call to Action Perhaps the most high-profile incident involving an HVAC hack was the 2013 Target breach. It resulted in 41 million...

Ransomware Attacks, Vendor Incidents Continue to Dominate So far in 2021, some 383 health data breaches affecting more than 27 million individuals have been added to the HHS wall of shame. That includes 131 breaches affecting nearly 10 million since the end of May. Of the 2021 breaches, the vast majority — 283 breaches affecting 26.1 million individuals — were reported as involving hacking/IT incidents. Largest Breaches of 2021 Florida Healthy...