The FBI has been keeping tabs on the most exploited vulnerabilities for years. They also pay close attention when it appears that hacking is being perpetrated by other nations. On May 12th, they released their list of the top 10 most exploited vulnerabilities. The list is intended to help all organizations “place an increased priority on patching the most commonly known vulnerabilities exploited by sophisticated foreign cyber...

Cybercrime led to $3.5 billion in losses in the U.S. last year, with a sharp uptick in business email compromise scams – which accounted for nearly half those losses, according to a newly released FBI Internet Crime Report, which is based on complaints the FBI received. Donna Gregory, the head of the FBI’s Internet Crime Complaint Center, emphasizes that the FBI isn’t seeing a ton of new types of fraud but rather criminals using new...

The cyber-attack against Anthem Inc., which the insurer says may have started with a spear-phishing campaign targeting five of its employees, is a warning sign of the kinds of sophisticated schemes that may be common in the year ahead.   If the Anthem breach is a result of phishing it’s emblematic of what many security experts are expecting to see in the evolution of attacks against companies and their employees.   Risks From Social...

The healthcare sector is increasingly becoming a target for cybercriminals and with a plethora of valuable information and inconsistent security procedures it’s easy to see why it’s an enticing target. In this environment of ever increasing risks, it’s critical that healthcare organizations and their business partners implement information security management practices that go far beyond just focusing on HIPAA compliance.   One of...

As we all become more reliant on technology for everything from social engagements to business, the threats to the security of our information has increased dramatically. Due to the increased threat level, the Federal Financial Institutions Examination Council (FFIEC) has implemented a number of initiatives to raise awareness of cyber-security risks and the need for risk assessment and mitigation among financial institutions.   In order to...

We know that when it comes to IT security in the healthcare field there is a vast continuum from most to least secure. With different risk factors, budgets, needs and capabilities the IT security situation of each health care provider is unique. That said every provider needs to make sure that they’re at least taking the minimum steps in the immediate future to ensure that you’re not just a costly breach waiting to happen. There are two simple...

If you currently allow, or are considering allowing, employees to use their own mobile devices for work purposes, there are some steps that need to be taken to ensure that you’re not at risk for expensive security breaches. By taking the following steps you will allow your employees to stay productive while mitigating risk and ensuring that you have plans and procedures in place in case something should happen: Create a coherent policy before...

The biggest cybersecurity threat facing healthcare organizations is a startling lack of proper security controls. Currently the areas of greatest vulnerability are medical devices, VPN applications, and other access points. Medical devices have been receiving increased attention from hackers and can pose a significant threat to hospitals and their patients PHI. The greatest risk that VPN technologies present is that once credentials are...

Phishing is one of the oldest scams in the hacker playbook. Sending fraudulent emails in an effort to obtain usernames, passwords and other sensitive information can be an extremely effective scam. It’s also one of the easiest to prevent through training and awareness. Recently ITPAC ran a phishing test for a local bank. 67.5% of the bank employees tested failed the test. 52.5% of bank employees gave up their username/password. 15% of the...