Security News

CynergisTek announced the launch of their API Sentry service, developed specifically for healthcare organizations to manage the risks associated with the use of APIs within their environment. Organizations have rapidly adopted APIs to accelerate the secure exchange of electronic health records, and market research has linked the uptick of API use in healthcare to growing use of apps and wearables prescribed by medical providers and remote patient monitoring.

Moscow on Tuesday vehemently rejected claims by Microsoft that Russia was behind cyber attacks on companies researching coronavirus vaccines and treatments, saying it was being made a scapegoat. Russian Deputy Foreign Minister Sergei Ryabkov told state news agency RIA Novosti it had become "Politically fashionable" to pin the blame for cyber attacks on Moscow.

With the healthcare industry estimated to spend $134 billion on cybersecurity from 2021 to 2026, $18 billion in 2021, increasing 20% each year to nearly $37 billion in 2026, 82% of CIOs and CISOs in health systems in Q3 2020 agree that the dollars spent currently have not been allocated prior to their tenure effectively, often only spent after breaches, and without a full gap assessment of capabilities led by senior management outside of IT. Talent shortage for cybersecurity pros continues. "The talent shortage for cybersecurity experts with healthcare expertise is nearing a very perilous position," said Brian Locastro, lead researcher on the 2020 State of the Healthcare Cybersecurity Industry study by Black Book Research.

Healthcare is a growing field where the importance of security and privacy cannot be overstated. Many security professionals have gravitated toward this dynamic field, enhancing their skills and knowledge by earning the² HealthCare Information Security and Privacy Practitioner credential.

A platform used by healthcare workers in the Philippines designed to share data about COVID-19 cases contained multiple flaws that exposed healthcare worker data and could potentially could have leaked patient data. The Citizen Lab's report is the latest example of how the COVID-19 pandemic has spurred a host of security problems for the healthcare sector to deal with - including securing data and ransomware attacks.

This issue of SecurityWeek's CISO Conversations with leading CISOs from the critical industries looks at the healthcare sector. In this feature we talk to Cris Ewell, CISO at the University of Washington Medical Center, and Dan Bowden, VP and CISO of Sentara Healthcare.

Although it's a warning that's tailored for the healthcare sector, the report is nevertheless relevant to all of us, and we can all learn from it. Sure, some of the items in the AA20-302A report are specific to healthcare, such as contact details for cybersecurity bodies in the healthcare sector, and specific advice about security "Hardening" on medical devices, which operate under a special regulatory mechanism.

The FBI warns of a threat against the healthcare sector from Ryuk ransomware, and one that's already affected some hospitals. The healthcare industry continues to be a prime target for ransomware, so much so that the FBI and two other government agencies are now warning this sector of impending attacks using the infamous Ryuk ransomware.

The US Federal Bureau of Investigation, Departments of Homeland Security, and Health and Human Services issued a joint alert Wednesday warning of an "Imminent" increase in ransomware and other cyberattacks against hospitals and healthcare providers. "Malicious cyber actors are targeting the Sector with TrickBot malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services," the Cybersecurity and Infrastructure Security Agency said in its advisory.

Healthcare delivery organizations have been busy increasing their network and systems security in the last year, though there is still much room for improvement, according to Forescout researchers. The bad news? Some network segmentation issues still crop up and HDOs still use insecure protocols for both medical and non-medical network communications, as well as for external communications.