Security News

SAN FRANCISCO - Cybercriminals are pushing boundaries in looking for new ways to cash in on the healthcare space - whether it is persuading desperate patients to download health information apps that actually infect their devices with malware, attacking hospitals with ransomware attacks or even selling patients fraudulent insurance or medicine on illicit online markets. Not only is the medical space a treasure trove of personal identifiable information collected from patients, but medical device manufacturers and hospitals lack basic security hygiene, experts say.

The leak came from an S3 bucket that was left unsecured. The unsecured S3 bucket appeared to be powering Rotherwood's internal system, a CRM-style software suite that looks to be used to capture and store essential data about staff and patients alike.

The leak came from an S3 bucket that was left unsecured. The unsecured S3 bucket appeared to be powering Rotherwood's internal system, a CRM-style software suite that looks to be used to capture and store essential data about staff and patients alike.

The healthcare industry has significantly more exposed attack surfaces than any other industry surveyed, according to Censys's research findings of cloud risks and cloud maturity by industry, revealed at RSA Conference 2020. The healthcare industry showed significantly more exposed databases and more exposed remote login services.

"Phishing continues to be one of the primary breach vectors in the healthcare industry. It is cheap, effective and profitable to the cyber-criminal element," says Rich Curtiss, director of healthcare risk assurance services at security consultancy Coalfire. "Health records command a hefty price on the 'dark web' and are relatively easy to acquire through phishing attacks. Phishing is an organizational threat and not an IT problem. Addressing the threat must be a strategic imperative and, to be truly effective, must be part of the organizational culture."

Number of records exposed in healthcare breaches doubles. According to the findings, the total number of records breached more than doubled from 2018 to 2019.

As we enter the twenty-twenties, healthcare has separated from the pack and is, by a wide margin, the most cyber-targeted industry. The healthcare industry plays host to roughly 70% of all US data breaches.

As Head of Research at CyberMDX, Elad Luz gathers and analyzes information on a variety of connected healthcare devices in order to improve the techniques used to protect them and/or report about their security issues to vendors. Care critical devices that are directly connected to patients like infusion pumps, ventilation, anesthesia, patient monitoring and such obviously represent the most critical endpoints from a security perspective.

Cynerio announced the addition of the virtual segmentation capability to their platform. The Cynerio platform's new virtual segmentation capability automatically delivers safe and effective policies in a matter of weeks by customizing segmentation policy for every device type, limiting the attack surface, and ensuring clinical services remain intact.