Security News

Let's begin with a thought-provoking question: among a credit card number, a social security number, and an Electronic Health Record (EHR), which commands the highest price on a dark web forum? ...

Norton Healthcare, which runs eight hospitals and more than 30 clinics in Kentucky and Indiana, has admitted crooks may have stolen 2.5 million people's most sensitive data during a ransomware attack in May. During the intrusion, the criminals accessed names, contact information, Social Security Numbers, dates of birth, and may have included may have also included driver's license and government ID numbers, financial account information, and digital signatures. The not-for-profit healthcare system said it discovered the security incident, later determined to be a ransomware infection, on May 9, two days after the intrusion.

Kentucky health system Norton Healthcare has confirmed that a ransomware attack in May exposed personal information belonging to patients, employees, and dependents. "On May 9, 2023, Norton Healthcare discovered that it was experiencing a cybersecurity incident, later determined to be a ransomware attack," it said in a press release published on Friday.

American healthcare company Henry Schein has reported a second cyberattack this month by the BlackCat/ALPHV ransomware gang, who also breached their network in October. Henry Schein is a Fortune 500 healthcare products and services provider with operations and affiliates in 32 countries and a revenue of over $12 billion reported in 2022.

To put an end to the growing, existential threat that healthcare faces, it will take creativity, innovation, partnership, and a willingness to change the current state of IT security and risk management in healthcare. How has the transition to cloud computing changed the cybersecurity landscape for healthcare organizations?

Security researchers are warning that hackers are targeting multiple healthcare organizations in the U.S. by abusing the ScreenConnect remote access tool. [...]

Fortify password policies - At the heart of many breaches lies poor password hygiene. Tools, such as Specops Password Policy enables IT teams to set stringent password protocols, from meeting compliance standards, setting length and complexity requirements, to ensuring the absence of common and weak terms, as well as blocking known compromised passwords, which significantly tightens access controls.

The rate of data encryption following a ransomware attack in healthcare was the highest in the last three years, according to Sophos. Only 24% of healthcare organizations were able to disrupt a ransomware attack before the attackers encrypted their data-down from 34% in 2022; this is the lowest rate of disruption reported by the sector over the past three years.

The BlackCat ransomware gang claims it breached the network of healthcare giant Henry Schein and stole dozens of terabytes of data, including payroll data and shareholder information. Henry Schein is a healthcare solutions provider and a Fortune 500 company with operations and affiliates in 32 countries and revenue of over $12 billion in 2022.

Once they gain access to a healthcare organization's system, cybercriminals can utilize AI to analyze large datasets, allowing them to gather valuable data, such as patients' personal identifiable information, for identity theft, fraud, or ransomware attacks. AI-powered attacks can exploit vulnerabilities in medical devices, compromise electronic health records, or disrupt critical healthcare services - forcing organizations to quickly revert to paper systems and human intervention for equipment monitoring or record exchanges.