Category: data breach

Last year, 1 in 3 people in the US were hit by healthcare data breaches in a record year for cyber-attacks on the sector, while this year has already seen one of the most serious attacks in history when Change Health was hit by ransomware gang ALPHV. The ongoing digitalization of health services data may bring convenience for providers and patients alike, but it’s clear that security infrastructure is not keeping up with the rapidly increasing risk level faced by hospitals and the vendors that support them.

Such breaches are disastrous for everyone involved. The immediate impact is a delay in medical treatment if health systems are shut down by an attack, while protected health information (PHI) leaking can result in patients becoming targets for further crimes if sensitive data is sold via online black markets. As for healthcare and healthtech companies, they can be hit with hefty fines for HIPAA violations and find themselves on the receiving end of class action lawsuits, not to mention the reputational damage that might ultimately be more costly in the long run.

It’s too late to put the brakes on digitalization, so what can the healthcare industry do to secure its data?

How healthcare became the number one target for cybercriminals

The healthcare sector is the ideal target for cybercriminals. For one, PHI is especially valuable on the black market due to its sensitivity and the intimate details it reveals about the patient. This data is stored and processed in vast quantities, and a single breach can see attackers take off with thousands or even millions of records. Then there is the massive potential for serious, life-threatening disruption, which means that ransomware attacks can demand a higher price to bring systems back online.

Not only is the incentive high for cybercriminals but there are numerous vulnerabilities they can exploit due to the complexity of today’s healthcare systems. Hospitals, clinics, pharmacies, payment processors, insurance providers, and professional and patient-owned medical devices have all been brought online, all transfer data between them, and all provide vectors for attack. One link in this data supply chain might have airtight security but, if the link next to it is weak, then it is still vulnerable.

As healthcare systems become more vulnerable to attacks, cybercriminals are becoming more sophisticated. For example, where typical attacks used to rely on an unwitting victim downloading executable code, we now see a rise in “fileless attacks” where trusted programs running in memory are corrupted to become malware instead, making them much harder to detect.

The barrier to entry for being a cybercriminal has also lowered thanks to the proliferation of ransomware-as-a-service (RaaS). In the same way software-as-a-service (SaaS) has simplified access to various technologies, RaaS allows people with little to no development knowledge to launch ransomware attacks with “leased” malware. Cybercrime has proven to be an innovative technology sector of its own.

Why emails are still the biggest vulnerability in healthcare cybersecurity

The first and most important step healthcare companies can take to protect themselves is fortifying their email security as it is the most common attack vector in cyber-attacks. Healthcare companies must also scrutinize the security of their entire email supply chain; the massive HCA Healthcare hack that exposed 11 million records — last year’s largest healthcare breach — originated at an external location used for automated email formatting.

Phishing — where seemingly legitimate emails are used to trigger an action in the receiver that creates a vulnerability — is the classic email-based attack, but more concerning is the rise in business email compromise (BEC) attacks. Whereas phishing emails can be detected by email security systems if the sender is flagged as suspicious, BEC attacks are launched from compromised or spoofed legitimate organizational emails, making them more convincing to security systems and users alike.

Basic email security relies on blocklists and greylists — constantly updated records of suspicious IP addresses, sender domains, and web domains — to filter out phishing and spam in real-time, but the rise in BEC attacks has rendered this approach obsolete. Blocklists can even be counterproductive, as a legitimate email address being used to launch an attack can result in an organization’s entire email system or even its wider network being blocked.

There are many steps healthcare companies can take to bolster their email security: mandatory multi-factor authentication (MFA) can prevent unauthorized logins; domain key identified email (DKIM) uses cryptography to ensure emails come from authorized servers; access to distribution lists should be restricted to limit the damage of a BEC attack; and removing open relays can prevent hackers from hijacking trusted mail servers.

But even with deploying multi-layered protection controls, email attacks can bypass security programs as they exploit human gullibility through carefully tuned social engineering. Staff training on how to identify and avoid phishing and BEC attacks can reduce risk but it cannot eliminate it; all it takes is one person in an organization to be compromised for cybercriminals to gain a foothold to launch attacks.

AI is the new arms race between email security and cybercriminals

The sheer scale of the healthcare sector — which accounts for almost 10% of employment in the United States and reaches almost the entire population — means that training-based phishing and BEC attack prevention is always going to be a Band-Aid on a bullet wound. Recent advances in AI technology — particularly machine learning (ML) and large language models (LLMs) — can finally provide effective and scalable mitigation against email attacks that exploit human error.

A large part of email security has always involved pattern recognition to detect and block anomalies, and AI takes this principle — usually applied to data signals like IP addresses and domains — and expands it to the body of emails. Apply an adaptive learning engine to an organization’s entire email system, and it can be trained to recognize normal communication, right down to language and syntax, allowing immediate alerts to any emails that don’t align with established patterns.

Of course, it’s not just email security systems that have access to AI, and now that the technology’s genie is out of the bottle, cybercriminals are deploying it as well. AI-generated phishing kits enable rapid, automated, multi-prompt engagements that can closely mimic normal communications, and can even be trained to become more effective over time, while AI-assisted coding makes it easier to develop ransomware tailored to exploit specific systems.

The best defense against AI will be more AI, which sets the scene for the next decade of cybersecurity innovation and where healthcare companies should be investing their resources. Staying ahead in this arms race will be vital to resisting the rising tide of email-based cyber-attacks, and email security systems without AI capabilities are already hurtling towards obsolescence against cybercriminals that are more sophisticated and more incentivised than ever before.

The post Digital diagnosis: Why are email security breaches escalating in healthcare? appeared first on Cybersecurity Insiders.

Law enforcement agencies worldwide have coordinated to take down one of the world’s largest hacker forums, scoring a victory against cybercrime. BreachForums, a notorious marketplace for stolen data, was seized by the authorities on Wednesday, according to a message on its website. Read more in my article on the Tripwire State of Security blog.
Remember when a US mother was accused of distributing explicit deepfake photos and videos to try to get her teenage daughter's cheerleading rivals kicked off the team? Well, there has been a surprising development. And learn how cybercriminals have been stealing boomers' one-time-passcodes via a secretive online service. All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Security agencies in the United States have issued a new warning about the Black Basta ransomware group, in the wake of a high-profile attack against the healthcare giant Ascension. The cyber attack last week forced the Ascension computer systems offline, and caused some hospital emergency departments to turn away ambulances "in order to ensure emergency cases are triaged immediately." Read more in my article on the Exponential-e blog.

Dell, a leading technology services provider, has publicly announced that it is actively investigating allegations raised by a threat actor known as Menelik, who purportedly attempted to sell information concerning its 49 million customers on a breach forum.

The individual operating under the alias “Menelik” claimed on April 28th, 2024, that the data being offered for sale includes customer names, physical addresses, and details of products sold between 2017 and 2024. Following preliminary investigations, the renowned computer manufacturer acknowledged the breach by issuing email notifications to affected customers, conceding that hackers had accessed information related to their breaches.

However, Dell has clarified that no financial data, email addresses, or phone numbers were compromised in the attack. This detail is crucial, as such information could potentially exacerbate the situation by facilitating the spread of malware or enabling ransomware attacks.

It’s important to recognize that hackers may resort to creating fraudulent email addresses and URLs, mimicking legitimate company details, in attempts to deceive targeted victims into divulging credentials or installing malicious software or initiating changes to account passwords.

Therefore, it is imperative never to engage in such activities and to exercise caution when verifying the authenticity of information provided in emails. If any suspicion arises, it is advisable to refrain from clicking on any links and instead close the tab and clear browsing cache to ensure added security.

In the realm of cyber attacks, there is no foolproof solution to combat such threats, and there is no assurance that cybercriminals solely target companies lacking basic security measures. These malevolent actors continually seek to exploit vulnerabilities and misconfigurations to infiltrate networks, with no regard for the size of the business or its revenue.

In light of these ongoing risks, it is essential for organizations to remain vigilant, regularly update their security protocols, and invest in robust cybersecurity measures to mitigate potential threats effectively.

The post Dell admits data breach of over 49 million customers via Cyber Attack appeared first on Cybersecurity Insiders.

Boeing has confirmed that it received a demand for a massive $200 million after a ransomware attack by the notorious LockBit hacking group in October 2023. The company confirmed its link to the indictment of Dmitry Yuryevich Khoroshev, who was identified this week by the US Department of Justice as the true identity of LockBitSupp, the kingpin of the LockBit gang. Read more in my article on the Hot for Security blog.
A medical lab that specialises in cancer screenings has admitted to an alarming data breach that left sensitive patient information exposed for years - and accessible by unauthorised parties. California-based Guardant Health is notifying affected individuals that information related to samples collected in late 2019 and 2020 was "inadvertently" left exposed online to the general public after an employee mistakenly uploaded it. Read more in my article on the Hot for Security blog.