Resources
Large Hacking Incidents Increasing Since February
The number of major health data breaches and the number of individuals posted to the HHS “Wall of Shame” so far in 2022 has surged in recent weeks as reports of large hacking incidents continue to flow into regulators. As of last week, the HIPAA Breach Reporting Tool website shows that 117 breaches affecting about 5.32 million people have been posted in 2022. That’s an increase of nearly 83% in the number of breaches posted on the HHS site for 2022 and about a 72% surge in the number of individuals affected by those incidents since Feb....
read moreU.S. Sanctions Add Layer Of Risk To Ransomware
Ransomware has been on a dramatic upswing over the last couple of years. The proliferation of Ransomware As A Service (RAAS), the subsequent lowering of barriers for both criminal groups and state actors, as well as the payment of ransoms have helped drive this dramatic increase. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), most ransomware attacks start through phishing, exploitation of remote desktop protocols, or software vulnerabilities. Therefore, increasing security and training in these areas can help...
read moreCyber Agencies Warn: Ransomware Attacks Are Worse Than Ever
Memo to businesses: Ransomware attacks are worse than ever, and unless you prepare, don’t be surprised if you or your business is the next victim, warn government cybersecurity czars. Joint advisory cybersecurity authorities in the United States, Australia, and the United Kingdom observed a marked increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally throughout 2021. They expect the increase to continue in 2022. Though efforts are being made to track, combat, and mitigate...
read moreHHS Warns of Threats to Electronic Health Records
Healthcare entities should implement a more “proactive preparedness” approach for protecting their electronic health record/electronic medical record systems. Federal regulators warn that these are an increasingly attractive target for cyberattacks and other breaches. The DHHS Health Sector Cybersecurity Coordination Center, in a threat brief issued Thursday, reinforced that EHRs/EMRs are profitable to cybercriminals. Largely due to the fact that these records contain more and more valuable information than any other data source,...
read moreInsider Threats are a Quiet Risk in your System
The Ripple Effects that Extend Outward from a Breach According to the Verizon 2020 Data Breach report, 22% of all security incidents are perpetuated by insiders. In addition, the costs of insider breaches – caused either by human error or bad actors have – risen by 47% over the past two years. As an organization, a certain amount of trust is required to ensure that business runs smoothly. But, given the inherent risks involved, that trust should be limited to guard against breach risk. The threat of sensitive, critical assets getting...
read moreHHS Warns Healthcare Sector of Pysa Ransomware Threats
Alert Comes as Health Entities Globally Continue Battling Cyberattacks, Fallout The U.S. Department of Health and Human Services has posted a warning to the healthcare sector about increasing threats involving Pysa ransomware and the cybercriminal gang Mespinoza — also known as Gold Burlap and Cyborg Spider — which operates the malware variant. In an alert, the DHHS Health Sector Cybersecurity Coordination Center, or HC3, warns that since 2018, the cybercrime group Mespinoza has had a history of targeting healthcare and continues to develop...
read moreWorrying Trends in Cyber Insurance
There are several trends emerging in the cyber insurance industry that are worrying for mid-size and local entities. These trends are largely a response to the havoc ransomware has caused across industries in the last 18 months. The emerging trends can be summed up as: Prices are increasing, in many cases in the range of 2x-4x Renewal and acceptance rates for policies are going down, in many cases, by 40%-60% compared to previous years Entities seeking cyber insurance are receiving more scrutiny The first two trends on that list are pretty...
read moreFormer Company Executive Causes Breach Affecting Nearly 38,000
A recent breach affecting 37,636 individuals has been attributed to a terminated company executive. The information in the file included name, age, sex, race, county and state of residence, and zip code, as well as Medicare beneficiary information, such as Medicare eligibility period, spend information, and hierarchical condition category risk score. This breach highlights some of the top security and privacy challenges covered entities and business associates face with insiders. Texas-based accountable care organization Premier Patient...
read moreFox Kitten Strikes Again?
Law enforcement and intelligence agencies in the U.S, the U.K. and Australia have issued a joint advisory on unidentified Iran government-backed advanced persistent threat (APT) actors exploiting Fortinet and Microsoft Exchange ProxyShell vulnerabilities to attack organizations in their respective countries. Attributing the attacks to a specific APT group is inherently challenging, but a senior cyber threat intelligence analyst has pointed out that Iran-based Fox Kitten APT group has exploited vulnerabilities like this in the past. The APT...
read moreFBI Warning Issued About Hive Ransomware
The FBI has issued a warning about Hive ransomware after the crime group took down IT systems at Memorial Health System in Ohio The alert details indicators of compromise and tactics, techniques and procedures—or TTPs—associated with ransomware attacks by the apparent ransomware-as-a-service operation. The full release can be found here: https://www.ic3.gov/Media/News/2021/210825.pdf In addition to the details of the attack, the FBI has issued a list of mitigations for any victims of a Hive ransomware attack. Per the FBI release: If your...
read more