Security News

Think of physical access, badge access, wireless access, you know, all these sorts of building access type things that you can use to say, okay, who was in the building at what time, who has been exposed, these are demands that we're seeing the market asked for that CISOs are having to bear the burden for. So there's all sorts of new demand on the CISO. So there's possible litigation at the feet of employers, if they go back, and they're sort of needed outcome around exposure notification, and this sort of vaccination status, a wallet need and where that goes, I don't know.

The European Medicines Agency today revealed that some of the Pfizer/BioNTech COVID-19 vaccine data stolen from its servers in December was leaked online. "The Agency continues to fully support the criminal investigation into the data breach and to notify any additional entities and individuals whose documents and personal data may have been subject to unauthorized access."

In November, after a series of hacks directed at Universal Health Services and others, the cybersecurity agency CISA warned of an "Increased cybercrime threat to U.S. hospitals and healthcare providers." Large healthcare organizations can have a potentially vast attack surface, so making an inventory of potential vulnerabilities is essential.

Websites of multiple Indian government departments, including national health and welfare agencies, are leaking COVID-19 lab test results for thousands of patients online. This week, while searching for a means to obtain COVID-19 test results online, I accidentally came across what looked like exposed COVID-19 test results for thousands of patients.

The Singapore government has decided to use data gathered by its TraceTogether COVID-19-coronavirus contact-tracing app in criminal investigations. Minister of State for Home Affairs Desmond Tan replied by saying that Singapore's Criminal Procedure Code means its Police can obtain any data for criminal investigations, including data gathered by TraceTogether.

The United States Department of the Treasury's Financial Crimes Enforcement Network has issued an alert to warn financial institutions of fraud and cyberattacks related to COVID-19 vaccines. In its newly released alert, FinCEN tells financial institutions to be wary of "Potential for fraud, ransomware attacks, or similar types of criminal activity related to COVID-19 vaccines and their distribution."

The US Treasury Department's Financial Crimes Enforcement Network warned financial institutions of ransomware actively targeting vaccine research organizations. "FinCEN is aware of ransomware directly targeting vaccine research, and FinCEN asks financial institutions to stay alert to ransomware targeting vaccine delivery operations as well as the supply chains required to manufacture the vaccines," the US Treasury Department bureau warned [PDF].

Espionage attacks have recently zeroed in on the COVID-19 vaccine supply chain, The Zebrocy malware continues to be used by hackers in vaccine-related cyberattacks. Hackers Put Bullseye on Healthcare IP. Similarly, the U.S. Justice Department recently accused Chinese-sponsored cybercriminals of spying on COVID-19 researcher Moderna.

CFOs are taking on greater strategic and enterprise-building roles after guiding their organizations through the challenges of COVID-19. CFO Research of Argyle Advisory & Research Services and FTI Consulting surveyed 325 corporate finance executives to better understand how CFOs and the finance function drive enterprise value.

North Korean nation-state hackers tracked as the Lazarus Group have recently compromised organizations involved in COVID-19 research and vaccine development. After slithering into their network, the North Korean state hackers deployed Bookcode and wAgent malware with backdoor capabilities.