Security News

Intellectual property theft will join ransomware, cloud-stored patient data theft and advanced phishing efforts as the main hallmarks of medical-related healthcare cyberattacks for the new year. These cyberattacks will have ramifications for geopolitics, with the "Attribution of attacks entailing serious consequences or aimed at the latest medical developments is sure to be cited as an argument in diplomatic disputes."

CyberMDX announced a partnership with Philips to integrate CyberMDX's Healthcare Security Suite into the newly introduced integrated Cybersecurity Services offered by Philips. Created as a platform for partnership with healthcare customers, the Philips Cybersecurity Services help define and implement strategic and tactical software and device protection.

U.S. healthcare provider AspenPointe notified patients of a data breach stemming from a September 2020 cyberattack that enabled attackers to steal protected health information and personally identifiable information. AspenPointe is a nonprofit funded by Medicaid, state, federal, and local government contracts, as well as donations, that manages 12 organizations serving over 50,000 individuals and families every.

With healthcare, in particular, I think that we've seen, you know, obviously, like policy in terms of like cybersecurity policy, IT procurement policy, kind of go to the wayside in order to bolster patient health, patient care and a pandemic. You know, not only are we saying, in healthcare an external attack surface, but absolutely, an internal attack surface increase as well.

CynergisTek announced the launch of their API Sentry service, developed specifically for healthcare organizations to manage the risks associated with the use of APIs within their environment. Organizations have rapidly adopted APIs to accelerate the secure exchange of electronic health records, and market research has linked the uptick of API use in healthcare to growing use of apps and wearables prescribed by medical providers and remote patient monitoring.

Moscow on Tuesday vehemently rejected claims by Microsoft that Russia was behind cyber attacks on companies researching coronavirus vaccines and treatments, saying it was being made a scapegoat. Russian Deputy Foreign Minister Sergei Ryabkov told state news agency RIA Novosti it had become "Politically fashionable" to pin the blame for cyber attacks on Moscow.

With the healthcare industry estimated to spend $134 billion on cybersecurity from 2021 to 2026, $18 billion in 2021, increasing 20% each year to nearly $37 billion in 2026, 82% of CIOs and CISOs in health systems in Q3 2020 agree that the dollars spent currently have not been allocated prior to their tenure effectively, often only spent after breaches, and without a full gap assessment of capabilities led by senior management outside of IT. Talent shortage for cybersecurity pros continues. "The talent shortage for cybersecurity experts with healthcare expertise is nearing a very perilous position," said Brian Locastro, lead researcher on the 2020 State of the Healthcare Cybersecurity Industry study by Black Book Research.

Healthcare is a growing field where the importance of security and privacy cannot be overstated. Many security professionals have gravitated toward this dynamic field, enhancing their skills and knowledge by earning the² HealthCare Information Security and Privacy Practitioner credential.

A platform used by healthcare workers in the Philippines designed to share data about COVID-19 cases contained multiple flaws that exposed healthcare worker data and could potentially could have leaked patient data. The Citizen Lab's report is the latest example of how the COVID-19 pandemic has spurred a host of security problems for the healthcare sector to deal with - including securing data and ransomware attacks.

This issue of SecurityWeek's CISO Conversations with leading CISOs from the critical industries looks at the healthcare sector. In this feature we talk to Cris Ewell, CISO at the University of Washington Medical Center, and Dan Bowden, VP and CISO of Sentara Healthcare.