Why Are Ransomware Attacks Still Happening?

Here we go again: this past Thursday, officials from three US federal agencies issued a statement warning about an “imminent cybercrime threat to US hospitals and healthcare providers.” The threat in question comes from a Russia-based cybercriminal gang preparing to disrupt information technology systems at hundreds of hospitals and medical care facilities all over the US with ransomware. The attackers will make devices on the hospital networks unusable unless a sizable payoff is made, and indeed, at least five US hospitals already seem to be under attack. With patient populations surging in the wake of another wave of coronavirus cases and a presidential election on the horizon, the imminent threat could prove catastrophic without the proper security measures to fight back.
Read More

Healthcare Under Cyberattack – Advanced Ransomware, IoMT Devices, and Data Breaches

Healthcare institutions are facing unprecedented threats. We’ve all been rocked with horror at the major cyberattacks on hospitals this past week. What’s scary about these types of attacks is that they can very quickly lead to lost lives, not just lost dollars.
Read More

Increase Security: Go Beyond HIPAA Compliance Requirements

In spite of longstanding HIPAA compliance requirements, and the billions of dollars being invested to ensure HIPAA compliance, it seems that cyberthreats and attackers aren't fazed. Healthcare suffered from some of the largest breaches ever reported in 2015. The breach at Anthem compromised 78.8 million records, and two additional breaches exposed more than 10 million records each1. The following year, 2016, saw the highest number of breaches with 327 reported. The number of breaches in 2017 surpassed 2016, with more than 342 reported. While the number of breaches grew, the number of compromised records dropped from 112 million in 2016 to a little more than 14 million in 2017. Read More

Why Healthcare Cybersecurity Should Focus on the Attacker?

At a recent industry event, I got to chatting with the CISO of a major children’s hospital. Over a beer, he shared with me the challenges he faces daily. Our far-reaching conversation covered nation-state actors enticing students to exfiltrate clinical trial test results, to his search for a secure USB port cover for patient-facing devices. Maybe it was the beer, but as he described his tribulations, each to me worse than the next, his enthusiasm and energy grew. Every so often he stopped to shake his head in disbelief at his own story as if to say, “Even I can’t believe how bad this is…” Read More