Healthcare Cybersecurity: Reducing the Risk of Data Breaches

JORI HAMILTON | December 22, 2019

article image
2019 has a bad year for healthcare security breaches. Over 30 million patients in the U.S. have been affected by data breaches so far this year. The majority of attacks have been traced back to third-party vendors and phishing attacks. Furthermore, the industry at large is still dragging its heels on adopting the Health Insurance and Portability Accountability (HIPAA) compliance regulations and updating technology to combat the latest threats. Cisco’s 2019 report regarding technology use in the healthcare industry revealed that over 50% of organizations still operate on legacy Windows 7 systems and outdated IoT equipment.

Spotlight

Cyber Agency

Cyber Agency is a vulnerability & threat assessment, penetration testing and cybersecurity company focused on critical infrastructure, energy, oil & gas, resources, process industries, manufacturing, telecommunications, transportation and logistics sectors. Services include: Physical and information security assessments; social engineering; alarm evasion; penetration testing / red teaming; software and network vulnerability testing; compliance and security audits. Cyber Agency is now Cyber Kinetic.

OTHER ARTICLES

New ‘Haken’ Malware Found On Eight Apps In Google Play Store

Article | February 21, 2020

Researchers have identified eight malicious Android apps in the official Google Play marketplace distributing a new malware family. The “Haken” malware exfiltrates sensitive data from victims and covertly signs them up for expensive premium subscription services. The eight apps in question, which have since been removed, had collectively been downloaded 50,000 times. The apps were mostly camera utilities and children’s games, including “Kids Coloring,” “Compass,” “qrcode,” “Fruits coloring book,” “soccer coloring book,” “fruit jump tower,” “ball number shooter” and “Inongdan.” The apps legitimately function as advertised, but in the background covertly perform an array of malicious functions. “Haken has shown clicking capabilities while staying under the radar of Google Play,” said researchers with Check Point Research, in an analysis on Friday. “Even with a relatively low download count of 50,000+, this campaign has shown the ability that malicious actors have to generate revenue from fraudulent advertising campaigns.

Read More

Ryuk: Defending Against This Increasingly Busy Ransomware Family

Article | February 12, 2020

On December 16, 2019, the U.S. Coast Guard disclosed a security incident at a facility regulated by the Maritime Transportation Security Act (MTSA). Forensic analysis suggests that the incident might have begun when an employee clicked on a link embedded in a phishing email.This action enabled a threat actor to set Ryuk ransomware loose on the facility’s network. Ultimately, the infection spread to all IT network files, leading Ryuk to disrupt the corporate IT network and prevent critical process control monitoring systems from functioning properly. Phishing is one of the primary infection vectors for most ransomware families, but there’s an interesting twist with this particular family. As noted by Malwarebytes, a typical Ryuk attack begins when a user opens a weaponized Microsoft Office document attached to a phishing email. Opening the document causes a malicious macro to execute a PowerShell command that attempts to download the banking trojan Emotet. This has the ability to download additional malware onto an infected machine that retrieves and executes Trickbot.

Read More

CYBERSECURITY AND CORONAVIRUS: KEEPING YOUR BUSINESS SAFE

Article | March 19, 2020

Measures to mitigate the outbreak of COVID-19 have led to an unprecedented increase in remote working across the board. Our guest author Philip Blake, European Regional Director at EC-Council and cybersecurity expert, outlines key challenges and tips for staying secure while away from the office. As governments and businesses work on mitigating the impact of the ongoing COVID-19 outbreak, social distancing measures are leading to an increase in remote working across all sectors. The reasoning behind the measures is best left to health authorities, and are discussed at length elsewhere. The purpose of this article is to shed light on some of the key cybersecurity challenges around the sudden spike in remote work arrangements, and propose potential measures to keep networks as secure as possible during these times.

Read More

Creating and rolling out an effective cyber security strategy

Article | April 16, 2021

What’s more, organisations should also keep in mind that prevention alone is not enough; according to IBM, the average breach detection and containment times currently sits in the region of 280 days. In this time, it’s easy for cyber attackers to gain a foothold in an environment and quickly cause damage. “When developing a cyber security strategy, traditionally enterprises have focused on the threat prevention with little attention given to detection and often none to response,” said Martin Riley, director of managed security services at Bridewell Consulting.

Read More

Spotlight

Cyber Agency

Cyber Agency is a vulnerability & threat assessment, penetration testing and cybersecurity company focused on critical infrastructure, energy, oil & gas, resources, process industries, manufacturing, telecommunications, transportation and logistics sectors. Services include: Physical and information security assessments; social engineering; alarm evasion; penetration testing / red teaming; software and network vulnerability testing; compliance and security audits. Cyber Agency is now Cyber Kinetic.

Events