Cybersecurity Updates
Fortinet Security published report on healthcare cybersecurity:
o 87% of healthcare providers use IoT devices
o 79% are making cloud adoption a strategic priority
o 59% of breaches are carried out by internal threats
o 60% increase in cyber attacks in past year
o 41% of breaches are caused by email
o 51% fail to comply with HIPAA Right to Access
83% recognize that HIPAA compliance is not enough to address cyber
threats
72% on average comply with HIPAA Security Rule
o 88% experienced at least 1 malicious intrusion in past year
51% had at least 3 malicious intrusions in past year
Methods of attacks:
• 53% = malware
• 41% = spyware
• 31% = insider threats
• 29% = mobile
• 25% = ransomware
• 20% = DDoS
• 20% = email phishing
• 17% = SQL injection
• 15% = zero day
• 14% = man in the middle
Impact of breaches:
• 41% = operational outage affected productivity
• 39% = outage put safety at risk
• 32% = damaged brand
• 31% = reduced revenue
• 25% = lost business critical data
• 72% = leaked PHI
- 451 Research published report on IT security initiatives survey:
o 28% = cite inability to integrate security products as top pain point
o 80% = have switched managed IT services providers or are planning to switch, due to issues with scalability, managing alerts, or network architecture
o 45% = of logs are being ingested by existing SIEM solution, leaving customer
blind to over half of activities
o 43% = are unable to act on at least 25% of security alerts generated
o 49% = are overwhelmed by SIEM, endpoint detection and other data capture
systems
- Illumio Security published report on endpoint security survey:
o FBI report shows $1 billion spent annually on ransomware payments
o 46% = have yet to address self-propagating ransomware and malware
o 60% = have taken care of malware moving from laptops to servers
o 41% = have addressed or plan to address credential harvesting
o 39% = do not currently have protection in place to prevent ransomware
invading through endpoints
- Baugo Community School District of Indiana notified an unknown number of students that their info may have been exposed after cyber attack.
- The Institute for Integrative Nutrition, headquartered in New York City, NY, notified an unknown number of patients that their PHI may have been exposed after email phishing attack.
- Villa at Palos Heights Nursing Home in Illinois notified an unknown number of patients that their PHI was stolen by a former employee who used it for monetary gain.
o Anna Zur, 39, was arrested by police and charged with the theft
- Pinnacle Clinical Research of San Antonio, TX, notified an unknown number of
patients that their PHI may have been exposed after email phishing attack.
- Dynasplint Systems of Severna Park, MD notified 102,800 patients that their PHI was exposed after cyberattack.
- Bleeping Computer magazine reported a new ransomware gang, named SunCrypt, which is using Maze ransomware to attack organizations in the U.S.
- Ventura Orthopedics, headquartered in Ventura, CA, notified an unknown number of patients that their PHI was exposed after ransomware attack.
- Gosnell School District of Arkansas notified an unknown number of students that their info may have been exposed after ransomware attack.
- Valley Health System, headquartered in Huntington, West Virginia, notified an unknown number of patients that their PHI was exposed after ransomware attack.
- Clark County School District of Nevada notified an unknown number of students that their info may have been exposed after cyber attack.
- Daily Mail newspaper is reporting that hackers in Singapore have developed software named “SpiKey” that can use a smartphone microphone to listed to a key opening a lock, and then produce a design for a key that will open the lock.
- Freepik notified an unknown number of its Freepik and Flaticon database platforms that hackers stole info on 8.3 million customers.
- The American College of Radiology published report warning radiologists that theymay be unknowingly posting PHI from medical images online, as part of stored Microsoft PowerPoint presentations.
- Snyk Security published report that more than 1200 iOS applications in the Apple App Store may have an SDK (software developer kit) from Mintegral of China, that can allow hackers to steal information.
- Dr. Rita Luthra of Springfield, Mass, was sentenced to one year probation for exposing patient PHI while working as a rep for Atelvia drugs.
- Egor Igorevich Knuchkov of Russia, was arrested in the U.S., and charged with
attempting to recruit and convince an employee of Tesla company to install malware on the company network for $1 million.
- Haywood County School District of North Carolina notified an unknown number of students that their info was exposed after ransomware attack.
- The South Dakota Department of Public Safety notified an unknown number of COVID-19 patients that their PHI was exposed after a data breach.
- The University of Kentucky Health System notified an unknown number of patients with COVID-19 that their PHI was exposed after it was inadvertently made available on a publicly accessible website.
- The Institute for Integrative Nutrition in New York City notified an unknown number of patients that their PHI may have been exposed after email phishing attack.
- The FBI published warning of increased “vishing” attacks, where hackers call large company employees, pretending to be company staff, and attempt to steal info.
- Acronis published report on healthcare cybersecurity:
o Average cost of downtime from cyberattack is $5600 per minute
o Takes an average of 308 days to discover a breach
o 70% of all malware attacks are ransomware