Healthcare Information Security Interviews

Ransomware Attack Has Varying Impacts Across CommonSpirit Facilities

by Jill McKeon

CommonSpirit Health is still in the process of responding to and recovering from a cyberattack that began in early October and impacted multiple facilities within the health system. The confirmed ransomware attack resulted in appointment...

White House Sets Sights on New Healthcare Cybersecurity Standards

by Jill McKeon

New healthcare cybersecurity standards and guidance from the White House are on the horizon, Anne Neuberger, deputy national security advisor for cyber and emerging technology in the Biden Administration, said at a recent Washington Post...

Importance of API Security in Healthcare Grows as Cyberattacks Increase

by Jill McKeon

API security is essential to healthcare cybersecurity as threat actors increasingly turn to APIs as an easy network entry point. In 2019, Gartner predicted that API attacks would become the most common attack vector by 2022. New research...

As Adoption of Edge Computing in Healthcare Grows, So Do Security Needs

by Jill McKeon

Edge computing adoption in healthcare is growing at fast rates as 5G takes hold, AT&T’s latest Cybersecurity Insights Report found. Nearly three-quarters of healthcare industry respondents said they were planning to or have...

Threat Actors Shift Tactics, Targets As Ransomware Evolves

by Jill McKeon

Threat actors are leveraging Ransomware-as-a-Service (RaaS) models, double extortion, and software vulnerability exploits over traditional data encryption, a new report by Abnormal Security discovered. As threat actors broaden their scope...

Understanding the Risks, Complexity of Healthcare Cybersecurity

by Lisa Gentes-Hunt

From the fields of Fenway Park to the halls of the emergency department at Beth Israel Deaconess Medical Center in Boston to the classrooms of the University of Florence in Italy, Dr. Sean Kelly is on...

Sky Lakes Medical: A First-Hand Look at Fall Ransomware Attack, Recovery

by Jessica Davis

The FBI began investigating a wave of targeted ransomware attacks against at least a dozen US hospitals, health systems, and healthcare providers in October 2020. Sky Lakes Medical Center in Oregon was among the victims driven into EHR...Instead, the incident was discovered by the after-hours support team, after they received a phone call that the IT systems and computers were running slowly. Other systems were completely offline. “It was at that point that we first...

What Happens After a Ransomware Attack in the Health IT Environment?

by Jessica Davis

When the FBi warned of the active ransomware attack wave against providers in the Fall of 2020, it heightened reporting and highlighted the need for proactive security measures to protect the healthcare environment. But as healthcare has...Further, as other security leaders have pressed this year: zero trust is the ideal security model for healthcare providers. It’s the idea that users may only be given access to systems and functions required to do their jobs. Far too...“Once you have this information, you must work to contain the breach ASAP by quarantining the infected devices and systems,” said Geffen. “To do this, security teams must identify the entry point (i.e. phishing) and...It’s that uncertainty that lengthens the timeframe of the system outage and further challenges healthcare entities in bringing their systems back online. “Did you eliminate the threat completely from the devices and your...

Could The SASE Model Move the Needle on Healthcare Cybersecurity?

by Jessica Davis

The multiple, massive cybersecurity incidents across the globe have demonstrated the ease in which threat actors can take control over critical infrastructure entities and their valuable data. For healthcare cybersecurity, where patient...Smaller healthcare providers can also leverage SASE to consolidate tools able to connect to clinics and branch offices, as well as remote users. Chokshi noted the tool also applies a unified security policy across users, locations, and...

The Telehealth Security Impact: Now and Beyond the COVID-19 Pandemic

by Jessica Davis

The COVID-19 response resulted in a virtual care boom that’s expected to last well beyond the pandemic. As telehealth continues to support the shift in healthcare, ensuring a minimal security impact will be crucial in light of...But Garzone predicts there will be additional stringency for how telehealth is used. For example, Zoom disclosed a number of privacy and security risks within its platform during the pandemic -- and amid the huge spike in its use. Though it...The Role of Encryption and Authentication For Herold, encryption is a critical, necessary telehealth tool, not only for transmission pathways that deliver those services, but also for the care of remote patients and to protect patient data...Herold added that all caregivers should recommend to patients that any PHI downloaded to their devices be encrypted, including computers, storage devices, and any cloud services. Authentication is equally important, and as routinely...

Critical Infrastructure Attacks: Threat Landscape Forces Security to Evolve

by Jessica Davis

Over the last year, there’s been a decided shift in the threat landscape in terms of impact and frequency. From crippling outages at Colonial Pipeline and Scripps Health, to the rise in double and triple extortion, security standbys...Garzone stressed that this will allow entities to gauge the actual risk and perform required due diligence with these necessary partners, as well as assess the security posture of all vendor relationships. Business Impact Analysis...Healthcare providers should always be thinking one step ahead and identifying new security methods to add to traditional skills. For example, AI in collaboration with “keenly managed machine learning” can be a wholly effective...

Report: Healthcare IoT, Devices Most Impacted by TCP/IP Vulnerabilities

by Jessica Davis

At least 75 percent of healthcare entities are impacted by a host of TCP/IP vulnerabilities, uncovered by Forescout Research Labs within the last year. NUMBER:JACK, NAME:WRECK, and AMNESIA:33 are found in millions of healthcare IoT and...

Ransomware Hits Scripps Health, Disrupting Critical Care, Online Portal

by Jessica Davis

Scripps Health in San Diego was hit by a ransomware attack over the weekend, forcing the health system into EHR downtime. Some critical care patients were diverted and the online patient portal has been taken offline, according to...

DNS Flaws in Millions of IoT Devices Pose Remote Attack, Exfiltration Risk

by Jessica Davis

A group of nine DNS vulnerabilities in four popular TCP/IP stacks used in more than 100 million enterprise, consumer, and industrial IoT devices pose a critical risk of hacking or remote code execution attacks, according to a new report...

Healthcare’s Data Extortion Problem, and How to Prepare for Ransomware

by Jessica Davis

Data extortion was once seen as a rare, or potential threat, rather than a pressing issue, while ransomware and subsequent downtime were greater concerns for healthcare cybersecurity. But attackers have since shifted tactics,...Providers need to preemptively prepare the answers to these questions before an attack or extortion attempt occurs. Roberts stressed that the most important principle in terms of response is to tell the truth, “as simple as that...However, the rise and success of extortion has highlighted the importance of addressing basic cyber hygiene across the enterprise, including understanding the range and number of endpoints operating in the network, auditing how different...

COVID-19, Info Blocking Provisions: Time for HIPAA Compliance Checkup

by Jessica Davis

The information blocking provisions of the 21st Century Cures Act officially went into effect this week, putting into focus the Department of Health and Human Services’ regulatory and compliance effort around HIPAA-required data...If HHS' HIPAA Right of Access Initiative is any indication of what providers can expect for info blocking compliance, the need to review compliance concerns is now. In recent years, enforcement actions for failing to comply with...

Verkada Security Camera Hack Allows Access, Leak of Hospital Live Feeds

by Jessica Davis

A report from Bloomberg shows hackers were able to gain access to the live feeds from at least 150,000 security cameras, including those belonging to several hospitals, health clinics, Tesla, and Cloudflare The attackers provided the news...

Health CISO Shares Security Strategies for Ransomware, Enterprise Risks

by Jessica Davis

The threat landscape in the past year has demonstrated just how low cybercriminals will stoop to make a quick payout. The healthcare sector, already burdened with the COVID-19 pandemic response, faced heightened cybersecurity threats...

How Automation Improved Identity, Access Management at Molina Health

by Jessica Davis

One of the key challenges facing healthcare organizations is a lack of control over access management. With a vast number of vendors and endpoints, visibility into identity governance and an effective onboarding/offboarding processes is a...

Netwalker Ransomware Site, Emotet Botnet Taken Down in Global Effort

by Jessica Davis

Two of the most prolific cyber threats have been disrupted by global Federal efforts this week. The notorious Emotet botnet was taken down through a global collaboration, while the FBI and the Department of Justice seized the Netwalker...