Healthcare Cybersecurity Weekly Briefing 5-12-2017

Cybersecurity is one of the top risks organizations must manage in 2017

  • Healthcare: ransomware attacks are projected to rise 250%, and hackers were responsible for 106 major healthcare data breaches in 2016.
  • Financial services: Despite ranking only third in volume of security incidents, the financial services industry came in first in number of incidents leading to confirmed data losses.
  • Insurance: Risk is twofold in this market, because insurers are not only targets of hackers, they’re also providers of coverage to victims.
  • Education: At the beginning of February 2016, the University of Central Florida announced a data breach had affected approximately 63,000 current and former students, faculty and staff.


Homeland Security Issues Warning on Cyberattack Campaign

The Department of Homeland Security is warning IT services providers, healthcare organizations and three other business sectors about a sophisticated cyberattack campaign that involves using stolen administrative credentials and implanting malware, including PLUGX/SOGU and RedLeaves, on critical systems. […] “Some of the campaign victims have been IT service providers, where credential compromises could potentially be leveraged to access customer environments,” the alert notes. “Depending on the defensive mitigations in place, the threat actor could possibly gain full access to networks and data in a way that appears legitimate to existing monitoring tools.”


Cyberinsurance options a ‘Wild West’ for healthcare organizations

Ten million dollars in coverage is a benchmark for community hospitals, but not all of them “are there yet,” Lennon said. However, some carriers are building out pre-breach offerings as part of the policy package, working with hospitals to become as immune to breaches as possible and therefore potentially diminishing the amount of coverage they might need. Clients can also get credit for working with a monitoring system that detects potential threats.


What healthcare CISOs should know

It used to be that retail and financial services were the most popular targets for breaches and malicious attacks, but the healthcare industry is now right up there with them. The reason for that change is simple: protected health information (PHI) is more lucrative on the dark web than other forms of personally identifiable information. Also, healthcare organizations keep other useful data: access credentials, personally identifiable information, and financial records.

Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing at:


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.