Security News

Volumes are increasing rapidly, and so is the complexity of the digital storage facilities: healthcare providers today house patient information on multiple data platforms such as on-premises servers, electronic health record systems and public/private cloud services. What's more, modern healthcare environments also span sophisticated medical systems and Internet of Things devices that are interconnected with each other and, in some cases, externally to the internet.

This article will outline some of the ways CISOs in the healthcare sector can automate cloud security controls and integrate those controls into standard deployment cycles. There are many cloud security frameworks and best practices.

Independent Living Systems, a Miami-based healthcare administration and managed care solutions provider, suffered a data breach that exposed the personal information of 4,226,508 individuals. The number of impacted individuals makes this the largest data breach in the healthcare sector disclosed this year.

Investing in digital identity can improve security, increase clinical productivity, and boost healthcare's bottom line. From a clinical perspective, digital identity makes accessing technology completely transparent - invisible even.

The number of data breaches affecting healthcare providers declined in the second half of 2022, consistent with a downward trend over the past two years, according to Critical Insight. Healthcare industry sees a decrease in data breaches.

The healthcare provider giant said on Monday that Fortra issued an alert saying that it had "Experienced a security incident" leading to some CHS data being compromised. A subsequent investigation revealed that the resulting data breach affected the personal and health information of up to 1 million patients.

A new cybersecurity advisory from the U.S. Cybersecurity & Infrastructure Security Agency describes recently observed tactics, techniques, and procedures observed with North Korean ransomware operations against public health and other critical infrastructure sectors. The document is a joint report from the NSA, FBI, CISA, U.S. HHS, and the Republic of Korea National Intelligence Service and Defense Security Agency, and notes that the funds extorted this way went to support North Korean government's national-level priorities and objectives.

State-backed hackers from North Korea are conducting ransomware attacks against healthcare and critical infrastructure facilities to fund illicit activities, U.S. and South Korean cybersecurity and intelligence agencies warned in a joint advisory. This includes "Cyber operations targeting the United States and South Korea governments - specific targets include Department of Defense Information Networks and Defense Industrial Base member networks," the authorities said.

The Gootkit malware is prominently going after healthcare and finance organizations in the U.S., U.K., and Australia, according to new findings from Cybereason. The cybersecurity firm said it investigated a Gootkit incident in December 2022 that adopted a new method of deployment, with the actors abusing the foothold to deliver Cobalt Strike and SystemBC for post-exploitation.

The Gootkit loader malware operators are running a new SEO poisoning campaign that abuses VLC Media Player to infect Australian healthcare entities with Cobalt Strike beacons. The campaign goal is to deploy the Cobalt Strike post-exploitation toolkit on infected devices for initial access to corporate networks.