Security News

Nigerian cybercriminals specialized in business email compromise attacks were observed leveraging COVID-19 lures in recent attacks on healthcare and government organizations, Palo Alto Networks reveals. The campaigns stand out because they also attempted to compromise organizations critical to COVID-19 response efforts, including "Government healthcare agencies, local and regional governments, large universities with medical programs/centers, regional utilities, medical publishing firms, and insurance companies across the United States, Australia, Canada, Italy, and the United Kingdom."

Malicious campaigns are using password spraying as a type of brute-force attack to find weak passwords at healthcare and medical facilities. Specific attacks against healthcare providers detected by security agencies in the UK and US are using password spraying to compromise accounts with weak passwords.

What is happening during this crisis will not just change the landscape in healthcare today-it will change the way that we deliver and experience healthcare forever. So it's imperative that the technology industry come together to help healthcare meet this challenge, both to support the healthcare system when it's needed most, as well as to ensure that new digital infrastructure is implemented the best possible way.

While CIOs and CISOs have a significant role in ensuring front line healthcare workers have the tools and technologies they need to treat patients, healthcare organizations must also prioritize protecting medical devices and critical infrastructure during this crisis. As healthcare organizations look to ramp up their operations to prepare for treating the victims of this disease, many are bringing on new equipment and devices to help.

In addition to the attack on the hospital in the Czech Republic, she cited a number of healthcare cyber incidents in France, Spain and Thailand, adding that there needs to be more collaboration worldwide on protecting critical health infrastructure in times of crisis. Ransomware attacks on healthcare providers rose 350% in the fourth quarter of 2019, and Emsisoft research shows that more than 759 healthcare providers were hit with ransomware last year.

After recently directly notifying a number of hospitals about vulnerable gateway and VPN appliances in their infrastructure, Microsoft has decided to offer its AccountGuard threat notification service for free for healthcare and worldwide human rights and humanitarian organizations. "Both AccountGuard for Healthcare and AccountGuard for Human Rights Organizations will initially be available to organizations in the 29 countries where we already offer AccountGuard, subject to review of local laws and regulations, and we will be adding new countries based on need and local law."

As hospitals around the world are struggling to respond to the coronavirus crisis, cybercriminals-with no conscience and empathy-are continuously targeting healthcare organizations, research facilities, and other governmental organizations with ransomware and malicious information stealers. While the security firm didn't name the latest victims, it said a Canadian government healthcare organization and a Canadian medical research university both suffered ransomware attacks, as criminal groups seek to exploit the crisis for financial gain.

Cybercriminals aren't sparing medical professionals, hospitals and healthcare orgs on the frontlines of the coronavirus pandemic when it comes to cyberattacks, ransomware attacks and malware. Researchers have shed light on two recently uncovered malware campaigns: one targeting a Canadian government healthcare organization and a Canadian medical research university, and the other hitting medical organizations and medical research facilities worldwide.

Through the partnership, the companies will provide advanced security solutions for major healthcare organizations and other industry leaders throughout Europe, the US and Middle East. By combining cutting-edge application security from Virsec with pervasive data protection from CyVolve, the solution will provide comprehensive security for regulated industries managing sensitive and private data.

New York-based healthcare cybersecurity firm CyberMDX on Tuesday announced that it has raised $20 million in a growth round, which brings the total raised by the company to date to $30 million. The funding round was led by Sham, which is Europe's biggest insurance and risk management services provider for healthcare.