Cybersecurity is one of the top risks organizations must manage in 2017
Homeland Security Issues Warning on Cyberattack Campaign
The Department of Homeland Security is warning IT services providers, healthcare organizations and three other business sectors about a sophisticated cyberattack campaign that involves using stolen administrative credentials and implanting malware, including PLUGX/SOGU and RedLeaves, on critical systems. […] “Some of the campaign victims have been IT service providers, where credential compromises could potentially be leveraged to access customer environments,” the alert notes. “Depending on the defensive mitigations in place, the threat actor could possibly gain full access to networks and data in a way that appears legitimate to existing monitoring tools.”
Cyberinsurance options a ‘Wild West’ for healthcare organizations
Ten million dollars in coverage is a benchmark for community hospitals, but not all of them “are there yet,” Lennon said. However, some carriers are building out pre-breach offerings as part of the policy package, working with hospitals to become as immune to breaches as possible and therefore potentially diminishing the amount of coverage they might need. Clients can also get credit for working with a monitoring system that detects potential threats.
What healthcare CISOs should know
It used to be that retail and financial services were the most popular targets for breaches and malicious attacks, but the healthcare industry is now right up there with them. The reason for that change is simple: protected health information (PHI) is more lucrative on the dark web than other forms of personally identifiable information. Also, healthcare organizations keep other useful data: access credentials, personally identifiable information, and financial records.
|Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing at: https://criticalinformatics.com/healthcare/|
Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners. © 2017 Critical Informatics, Inc. All rights reserved.