Healthcare Cybersecurity Weekly Briefing 9-29-2017

Critical Informatics Healthcare Cyber Security

Critical Informatics Healthcare Cyber Security

Healthcare Accounted for 26 Percent of Cybersecurity Incidents in Q2 2017 
The security firm reported that the health care sector and social media sites were popular cyberattack targets in the second quarter of 2017, and the health, education and public sectors accounting for more than half of total cybersecurity incidents globally in 2016 and 2017. McAfee Labs saw healthcare surpass the public sector to report the greatest number of security incidents in the second quarter of this year.

 

Why Diverse Cybersecurity Teams are Better at Understanding Threats, Patient Needs
“When security professionals have a broader lens through which to look at security, we’ll be able to provide better answers and support in protecting our systems,” Kwon said. […] “Such diversity in hiring cybersecurity professionals will naturally result in better gender and racial balance as well. If you are going to build a winning baseball team, you cannot fill the team with only pitchers or catchers.”

 

Lax Security to Blame For Record Pace of HIPAA Breaches, Feds Say
The 221 major breaches reported under HIPAA regulations so far this year mark a 66-percent increase over the 133 breaches reported for all of 2016, according to our analysis of records from the U.S. Department of Health and Human Services Office of Civil Rights (OCR). […] “Additionally, reported breaches of 500 or more due to ‘hacking or IT incidents’ are on the rise, which is consistent with the increase in cybersecurity threats aimed at health care organizations,” he added. “Cyber criminals target organizations who devote too little resources to security, which consequently makes such organizations vulnerable targets.”

 

Docs Ran a Simulation of What Would Happen if Really Nasty Malware Hit a City’s Hospitals. RIP 🙁
On average, a connected device had about 1,000 exploitable CVE flaws, with some going over the 1,400 mark, it was claimed. Not all of these flaws are remotely exploitable, but many are, “and it only takes one,” said Joshua Corman, director of the Atlantic Council’s Cyber Statecraft Initiative and one of the aforementioned speakers. “Governments aren’t ready for this and hospitals certainly aren’t – 85 per cent of US hospitals don’t have any IT security staff,” he added.

 

Myth Busted: Contract Security Companies are Definitely Worth the Money
Many providers are running at break even before any additional costs. It’s created healthcare deserts.” […] Others turn to security contractors, but with many providers also facing budgetary constraints, it’s not always feasible, said Corman. And many don’t find value in spending thousands of dollars on the service. […] But contract security companies are often unfairly lumped into that group, and as a result, most executives fail to see the value of the expense.

 

Cyber Attacks on Healthcare Continue to Increase
The disruption caused by WannaCry and another example, NotPetya, to healthcare systems, in particular, was well publicised. When turning on infected devices, users were asked for payments to remove the ransomware.  […] “It has been claimed that these ransomware campaigns were unsuccessful due to the amount of money made,” said Samani. “However, it is just as likely that the motivation of WannaCry and NotPetya was not to make money but something else. “If the motive was disruption then both campaigns were incredibly effective. “We now live in a world in which the motive behind ransomware includes more than simply making money, welcome to the world of pseudo-ransomware.”

 

Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>