Healthcare Cybersecurity Weekly Briefing 01-26-2018

Critical Informatics Healthcare Cyber Security

Critical Informatics Healthcare Cyber Security

Penetration Testing is a Reference Point, Not a Strategy
If penetration and other testing of your defenses is something you’re prioritizing this year, be aware: the information you will obtain is not revelatory, and simply addressing the specifics of whatever vulnerability was exploited will not appreciably change the outcome for the next penetration test (which may not be a test).

 

Cybersecurity: What Does the Board Want and Need?
Now more than ever, it is up to a company’s CISO to lay out the landscape in a way that is easily accessible with actionable information to ensure the organization is making cost-effective decisions regarding its handling of cyber-risks. Here is what they need to hear from the security team.

 

Survey: 42 Percent of Companies Have Experienced Ransomware Attacks 
According to the report, the top driver of cyber-attacks is now cyber-crime. Attackers are motivated by financial gain and driven by the prosperity of cryptocurrencies. Meanwhile, attacks are becoming more targeted. A determined enemy will take the time to learn the target by investing in reconnaissance, social engineering and specific tools.

 

What’s Ahead in Health Informatics for 2018? The Ransomware Crisis and Beyond 
Without an accepted standard for reasonable cybersecurity, organizations will remain unable to protect themselves from litigation claiming negligence in their data management. […] And in many cases, they will remain behind, because IT security involves what professionals describe as “asymmetric warfare,” a fancy way of saying that the cost of the attack is many times less than the cost of defense.

 

Norway Healthcare Cyber-attack ‘Could be Biggest of its Kind’
The attack appears to have been a concerted highly professional effort to target electronic patient data, connected to a Nato exercise scheduled for later this year.  The attach may have originated with a foreign state’s spy agency. One line of inquiry investigators are said to be following is that the hackers were aided by somebody inside one of Health South East RHF’s hospital partners. […] “It wouldn’t surprise me if it followed the route of simple attack to gain initial access to the relevant networks, followed by much more skilled post-breach exploitation to get at the health records,” Colman said.

 

Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.