Healthcare organizations targeted with Maui ransomware
A less known ransomware threat dubbed Maui has been and is likely to continue hitting healthcare organizations, a new CISA alert warns. Maui is unusual in many ways: it does not show a ransom note, it does not rely upon external infrastructure to receive encryption keys, and it does not encrypt files and/or systems indiscriminately….
Many Healthcare, OT Systems Exposed to Attacks by NUCLEUS:13 Vulnerabilities
Collectively referred to as NUCLEUS:13, the issues likely affect safety-critical devices, such as anesthesia machines, patient monitors and other types of devices used in healthcare. Other types of operational technology (OT) systems are also impacted. The most important of the newly identified issues is CVE-2021-31886 (CVSS score of 9.8), a stack-based buffer overflow that exists…
COVID-19’s Healthcare Feeding Frenzy for Cybercriminals
The vast increase in staff from all industries working from home, outside of their corporate network defenses and often on poorly protected home computers, has been a treasure trove for hackers. Two common attack methodologies have been phishing (where the pandemic has provided the opportunity to add two of the most compelling social engineering triggers:…
Money for nothing: Making sense of data collaborations in healthcare
Several leading health systems got together recently to announce the formation of Truveta, an independent company that will pool patient medical records from the participating health systems and analyze them for insights to drive healthcare outcomes. The announcement highlighted the benefits of sharing de-identified data for driving research, new therapies, and improved health outcomes. In…
Bolstering healthcare IT against growing security threats
As the COVID-19 pandemic unfolds, healthcare organizations are scrambling to ensure the safety and support of patients and staff, while also integrating and learning new technologies to support telehealth practices. The constantly evolving healthcare environment has placed immense financial strain on hospitals and increased pressure on healthcare staff, which has been made worse by the…
The future history of medical device cybersecurity
In 1555, Nostradamus published his famous Les Prophéties containing obfuscated prophecies for the world to come. Some believe that one of these predictions pertains to the year 2020 and it reads, in part: “The false trumpet concealing madness / will cause Byzantium to change its laws.” Yeah… I have no idea what that means either!…
85% of COVID-19 tracking apps leak data
71% of healthcare and medical apps have at least one serious vulnerability that could lead to a breach of medical data, according to Intertrust. The report investigated 100 publicly available global mobile healthcare apps across a range of categories—including telehealth, medical device, health commerce, and COVID-tracking—to uncover the most critical mHealth app threats. Cryptographic issues…
Telehealth is healthcare industry’s biggest cybersecurity risk
While COVID-19 has proven the healthcare industry’s overall resilience, it has also increased its cybersecurity risk with new and emerging threats. The rapid adoption and onboarding of telehealth vendors led to a significantly increased digital footprint, attack surface, and cybersecurity risk for both provider and patient data, a new report released by SecurityScorecard and DarkOwl…
Ensuring cyber awareness in the healthcare sector
As a result of the COVID-19 pandemic, healthcare professionals have increased their reliance on the internet to carry out their job. From connectivity with patients, to the interconnectivity of different medical devices passing patient data, the threat vector has expanded dramatically, so cyber awareness has become crucial. Healthcare under attack: What about cyber awareness? This…
Cybercriminals exposed 5 billion records in 2019, costing U.S. organizations over $1.2 trillion
Cybercriminals exposed over 5 billion records in 2019, costing over $1.2 trillion to U.S. organizations, according to ForgeRock. Coupled with breaches in 2018 costing over $654 billion, breaches over the last two years have cost U.S. organizations over $1.8 trillion. Healthcare: The most targeted industry Healthcare emerged as the most targeted industry in 2019, accounting…