The Change Healthcare Cyberattack Is Still Rocking Healthcare in the U.S.
See how the Change Healthcare ransomware attack has impacted the entire healthcare sector in the U.S. as well as the patients who rely on it.
Read MoreSee how the Change Healthcare ransomware attack has impacted the entire healthcare sector in the U.S. as well as the patients who rely on it.
Read MoreDiscover the vital role of cybersecurity in securing schools. Read this blog to learn about effective strategies, challenges and why digital safety matters.
Read MoreWhy should schools be worried about cybersecurity? Explore the top 5 cybersecurity threats for K-12 schools & how to affordably mitigate them.
Read MoreHealthcare cyberattacks increase worldwide as ransomware and phishing skyrocket but BullPhish ID and Dark Web ID can help combat the threat.
Read MoreNew information from CISA and NCSC details how healthcare organizations are under attack by cybercriminals looking to profit from COVID-19 data. These tips can help stop them.
Read MoreOver the past several years, holiday shopping trends have shifted significantly. Standing in long lines or driving to crowded malls has been replaced by browsing on social platforms and entering discount codes at website checkouts. This year, Cyber Monday online sales hit an all-time high, reaching a nearly 20% year-over-year increase with online shoppers spending $9.4 billion. However, the allure of single-day shopping sprees has been extended to encompass a full season. Since November 1st, shoppers have spent a record-setting $81.5 billion. In the days and weeks ahead, the figures will continue to add up as the shopping boon crescendos on Christmas and continues for weeks to come. While this is excellent news for SMBs, bad actors have also taken notice. Hackers are zeroing in on this holiday shopping season as the perfect opportunity to siphon off money and credentials from unsuspecting consumers and unprepared companies. Fortunately, neither party is defenseless in this regard. Follow along to learn how we can work together and protect our privacy and security this holiday season, keeping spirits high to usher in 2020. Shoppers Beware 2019 is on pace to be the worst year yet for data breaches, and hackers are capitalizing on the treasure trove of information available from these events to execute phishing scams targeted at shoppers. In November, the number of e-commerce phishing URLs accessed or sent via email spiked . Already, instances of this malicious activity are up 233% since November 2018. Amidst the slew of holiday deals, it’s easy for cybercriminals to send phishing links or exploit shoppers with seemingly valid websites that deploy hallmarks of internet security, like HTTPS encryption. In 2018, the risk was so severe that the Cybersecurity and Infrastructure Security Agency issued a warning to consumers, urging them to “be cautious of unsolicited emails that contain malicious links or attachments with malware, advertisements infected with malware, and requests for donations from fraudulent charitable organizations, which could result in security breaches, identity theft, or financial loss. Collectively, these threats increase the impetus for consumers to be vigilant about evaluating their digital communications during the busy holiday shopping season. Moreover, they should protect their accounts using strong, unique passwords while enabling two-factor authentication whenever possible. It’s estimated that the vast majority of consumers, as many as 66%, use weak passwords to protect their accounts, and more than half use the same password across multiple logins. In other words, simple password management is a foundational practice for guarding against cybercrime and stopping the Grinch from finding his way to the presents underneath your Christmas tree.
Read MoreA data breach is disastrous for any company in any industry, but the healthcare sector is an especially high-stakes arena where data security is of utmost importance and under continual attack. Few types of data are as valuable as Personal Health Information (PHI) and other health-related data like prescription information, health insurance login information, or insurance data. There is a ready market for this information on the Dark Web where healthcare provider information is known to sell for as much as $500 per listing. While patient information goes for significantly less money, as little as $3.25, hackers can make up the difference by selling in bulk, which is part of the reason that today’s hackers are more ambitious than ever, and they are taking the fight to healthcare providers’ digital front doors. Indeed, no one has been spared from the scourge of data breaches afflicting the healthcare system. In October, we reported on a data breach at Tu Ora Compass Health, a national health service that implicated the personal data for more than a million New Zealanders. However, hundreds of smaller healthcare providers, lab service providers, and other healthcare SMBs managing copious amounts of patient data are also under attack. McAfee Labs identified the healthcare sector as one of the most frequently targeted sectors today, far outpacing finance, media, retail, technology, and many others. In total, more than 38 million healthcare records have been exposed this year alone, and this trend shows little sign of abating, which means that defense is the only option. Keep reading to gain a better understanding about the current state of data security in healthcare, which serves as a cautionary tale for companies in every sector striving to keep their data secure. The Current State of Data Security in the Healthcare Sector Never ones to miss an opportunity, cybercriminals have been upping their game in 2019, adapting their techniques to extract data from healthcare providers. A recent survey by Malwarebytes identified a 60% increase in trojan malware detections in the first nine months of 2019, compared to all of 2018. At the same time, ransomware attacks are inflicting costly damage on patient records. In the first quarter alone, hospitals saw a 195% increase in this attack strategy. These data breaches are more than just a costly inconvenience. In the health care sector, it can cost patient lives. Hard data is emerging that connects data breaches and patient outcomes. For instance, researchers found that, after a data breach, “as many as 36 additional deaths per 10,000 heart attacks occurred annually at the hundreds of hospitals examined in the new study.” In a very real way, data security is a life or death issue that relies on many moving pieces to ensure data security and patient well-being. For better or worse, not all data breaches occur in house. Third-party software vendors continue to be a top attack point; however, in many cases, it’s not the software that’s to blame. According to a report on the state of cybersecurity in the healthcare industry, staff negligence provides an open door for phishing and spear phishing attacks that ultimately compromise patient data. With a robust market for patient data and other healthcare-related information, hackers will continue to innovate their methodologies, making it increasingly difficult to identify their tactics. That doesn’t mean that your business is defenseless. How You Can Protect Yourself Despite a complicated cybersecurity environment, healthcare providers aren’t powerless to protect themselves against costly data breaches. Notably, malware attacks – both ransomware and otherwise – require employees to engage with the malicious material for it to be effective. Simply put, bad actors may be able to target healthcare providers with copious amounts of harmful material, but, without an adequate response, much of their efforts are fruitless. Similarly, phishing and spear phishing campaigns can’t compromise credentials unless users hand them over. It’s estimated that 80% of data breaches are attributable to employee negligence, as scams and other malicious emails routinely make their way to employee inboxes causing breach fatigue that puts patient data at risk. Therefore, healthcare providers who offer comprehensive employee awareness training improves their chances of successfully defending against these attacks. In an ever-evolving threat landscape, this training prepares all employees to become a defensive asset in the quest to protect patient data. At the same time, simple security upgrades like two-factor authentication and strong, unique passwords across all accounts can minimize risk exposure while placing barricades in the way of anyone trying to steal patient or company data. Conclusion In 2019 and beyond, providing the best patient care will require a revised take on the Hippocratic Oath. Simply put, first doing no harm will require intentional efforts to protect patient data. It’s a difficult task, but it’s not impossible. Rather than leave it up to chance, partner with ID Agent, which offers an array of products and services that support your data security initiatives: Designed to protect against human error, BullPhish IDTM simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. When paired with AuthAnvilTM, you can protect your employees’ password integrity by offering integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. With a robust market on the Dark Web, cybercriminals have millions of reasons to continue attacking healthcare IT, which means that defensive maneuvers need to begin right away.
Read MoreThey say nothing is certain except for death and taxes. In 2019, it’s time to add cyber tax scams to the list. The Internal Revenue Service (IRS) has released its annual “Dirty Dozen” list of tax scams – and it’s no surprise that nefarious online schemes top the list. Here are some of the most common (and clever) techniques that hackers are using to defraud Americans of their personal information and hard-earned income.
Read MoreThe Parliament’s computer network was recently targeted by a brute force attack. Weak password requirements allowed hackers to gain access to 90 of parliaments 650 member’s email accounts. Although IT staff or 3rd party cyber firms can implement strong cyber-security regulations, the members of the House of Commons, or employees at any company are typically the source of a breach. Without knowing it, Members of the Parliament created threats for themselves, that went undetected until it was too late. In order to minimize the damage or the attempt of blackmail, officials temporarily locked members out of their email accounts.
Read MoreHospital networks can unfortunately become a goldmine for attackers that use ransomware worms as their weapon. If deployed, lives may be endangered, hospitals usually must pay the ransom, or pay to get files retrieved and its reputation could be damaged. Because these attacks are increasing due to lucrative benefits, teaching and reminding hospital staff to use valuable cyber hygiene is imperative.
Read More