There's a wee data breach with unhealthy implications in Scotland, privacy has gone off the rails in the UK, and a cheater blames Apple for his expensive divorce.
All this and much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Lianne Potter of the "Compromising Positions" podcast.
Plus don't miss our featured interview with Abhishek Agrawal, CEO of Material Security.
Category: health
A medical lab that specialises in cancer screenings has admitted to an alarming data breach that left sensitive patient information exposed for years - and accessible by unauthorised parties.
California-based Guardant Health is notifying affected individuals that information related to samples collected in late 2019 and 2020 was "inadvertently" left exposed online to the general public after an employee mistakenly uploaded it.
Read more in my article on the Hot for Security blog.
Data breaches in the healthcare sector in the United States have become increasingly common, with one in four individuals falling victim to cyberattacks this year, according to a survey. Atlas VPN, an internet security firm, published these alarming statistics in a recent report, revealing that approximately 45 million patients’ data was compromised in the third quarter of 2023 alone, compared to 37 million affected last year.
The US Department of Health and Human Services has also been alerted to this concerning trend, with the study indicating that nearly 43 out of 50 states have been targeted by hackers. California and New York hold the unenviable first and second positions, followed by Texas, Massachusetts, and Pennsylvania.
Remarkably, Vermont remains the sole state untouched by healthcare data breaches, an anomaly in the current landscape of cyber threats.
For those curious about why hackers are increasingly targeting health data, here’s a brief overview: healthcare information holds substantial value on the dark web, making it a prime target for cybercriminals. According to a 2021 survey conducted by IBM, a set of 1,000 patient records, encompassing medical history, contact information, and phone numbers, can fetch as much as $120. Bulk data sets can command up to $5,000. Moreover, data enriched with details such as dates of birth and Social Security numbers are in particularly high demand.
In 2023, a staggering 480 breaches were reported in the first three quarters, an increase from the 373 recorded in the previous year. The breach at HCA Healthcare, which saw data from 11 million patients compromised, topped the list of incidents. It was followed by the breach at Managed Care of North America, where the data of approximately 8.9 million dental patients was stolen earlier in the year.
So, how can healthcare information be safeguarded from falling into the wrong hands?
Conducting Threat Assessments: Employ advanced security controls and conduct regular threat assessments to mitigate the risk of data breaches.
Staff Awareness: Educate your staff about the evolving cyber threats to prevent human configuration errors.
Encryption: Implement robust encryption for data in transit and at rest to thwart hackers from accessing or siphoning sensitive information.
Data Backup: Regularly back up data to the cloud and one or two offsite servers to prevent downtime in case of an incident.
BYOD Vigilance: Exercise caution with Bring Your Own Device (BYOD) policies to mitigate the risks associated with connected devices.
Strong Passwords and Multi-Factor Authentication: Utilize strong passwords, preferably 15 characters long with a mix of uppercase and lowercase letters and special characters. Enabling multi-factor authentication provides an additional layer of protection against cyber threats for devices and applications.
The post A quarter of American populace have had their health data compromised appeared first on Cybersecurity Insiders.
Stress, wellbeing and mental health has become an area of discussion in many industries, particularly on how best to address its impact on the workforce. There used to be a stigma attached to those with mental health problems, often leading to them being discriminated against. Thankfully, change is happening and awareness of this important issue is increasing.
However, in cybersecurity, it seems as though the industry is a step or two behind, instead of being ahead of the curve in how it is handling this problem.
Looking at the stats alone, research has shown that from 1000 security professionals, 51% had been prescribed medication for their mental health. In addition to that, almost a third of CISOs have considered quitting their organisation sighting ‘burnout’ as a significant factor for wanting out.
It is a clear and present issue.
With the sector already suffering from a global skills shortage, ensuring those working or seeking employment in cybersecurity are looked after is imperative for its survival. Without these individuals, no one would be safe in the digital world we live in.
Well, how have we got to this stage and how can we, as an industry, address mental health before more damage is done? At the IT Security Analyst & CISO Forum 2022, questions were posed to both leading CISOs and analysts on how big of a problem stress and burnout was, whether is it was negatively impacting the workforce’s productivity to deliver its objectives and, what can be done to solve it.
The consensus from the room was that the industry is suffering badly from stress, fatigue and burnout, which is filtering from the senior security positions down through the chain of command to the general workforce.
One CISO believed stress came with the territory of the positions and responsibilities they handled daily. Of course, stress is found in every profession but when reality involves existing on coffee and a lack of sleep, this is a recipe for disaster.
This has become the norm for many unfortunately, but they wanted this to be reversed as it was not conducive to their overall mental health. There was a perception that CISOs and security professionals have this “macho” or “heroic” exterior, yet there is underlying damage being done to their wellbeing due to their profession.
Fortunately, as senior security leaders, they all understood change was necessary. They did believe this was more management than a sole information security issue which needed to be fixed.
Each provided ways in which a change in working culture could be achieved. For instance, beginning with words of encouragement such as saying thank you, congratulating a team member on an achievement or recognising good work. These small gestures matter and can go a long way toward changing a person’s attitude, reducing anxiety levels and even de-stressing them.
Furthermore, communication is key and advocating regular check-ins with colleagues can build a strong support base for everyone which in turn will benefit the team and overall productivity.
Of course, there will be stressful moments which everyone will come across, but they don’t need to occur every day.
The world has gone through some dramatic shifts during and since the pandemic, with many people experiencing strains and difficulties on their mental and physical health. What we want to avoid is our peers being drawn towards unhealthy coping mechanisms that will impact their psychological and physical health.
Here are a few recommendations to try and avoid such a situation happening:
- Use words of encouragement
- Set clear achievable goals and celebrate the successes
- Have healthy amounts of sleep and exercise
- Have dedicated well-being programs that focus on mental health and neurodiversity
- Have a culture that normalises and advocates for mental health
- Seek out applications that can help improve wellbeing and productivity I.e. The Zensory
Regardless of our profession, industry or role, we all have a duty to help support an individual in need. Thankfully, there are many resources available online to point you in the right direction. Just know, you are not alone and there will always be someone willing to listen and help.
The post Is there a problem with stress and burnout in cybersecurity? appeared first on IT Security Guru.
How could your inkjet printer finally help you make some money, why is it so hard to share our health data even if we want to, and what result do you want to see from the Elon Musk vs Twitter bunfight? All this and much more is discussed in the latest edition of the award-winning … Continue reading "Smashing Security podcast #289: Printer peeves, health data hangups, and Twitter tussles – with Rory Cellan-Jones"