Ransomware and other destructive cyberattacks on healthcare delivery organizations (HDOs) can cripple IT systems, prevent access to protected health information, and often see appointments cancelled and patients redirected to other healthcare facilities. The disruption caused and lack of access to patient data can impact patient safety, and while there have been no reported cases in the United States of patients dying as a direct result of a ransomware attack, it is only a matter of time before attacks directly cause fatalities. Recently, a study was conducted to explore the impact ransomware ..read more

The Department of Health and Human Services’ cybersecurity department, the Health Sector Cybersecurity Coordination Center (HC3), has issued a warning to organizations in the health and public health sector alerting them to an elevated risk of BlackMatter ransomware attacks. BlackMatter is a new ransomware-as-a-service (RaaS) operation that appeared in July 2021, shortly after the DarkSide ransomware gang closed down its operation following the high-profile ransomware attack on Colonial Pipeline. BlackMatter is regarded by many cybersecurity experts as the successor to DarkSide. The threat ac ..read more

In most organizations, the recommended practices for password creation involve setting a unique password for all accounts, making sure the password is as random as possible – combining upper- and lower-case letters, numbers and special characters – is at least 8 characters long, and does not contain dictionary words. The theory is that, by incorporating a range of character formats and avoiding dictionary words, passwords will be strong enough to resist brute force attacks by cybercriminals attempting to hack login credentials. Cybercriminals use lists of dictionary words and passwords compro ..read more

The average cost of a data breach has increased 10% year-over-year, according to the IBM Security 2021 Cost of a Data Breach Report. Data breach costs have reached record levels and are higher than at any other point in the past 17 years that IBM Security has been analyzing data breach costs. The average cost of a data breach has increased from $3.86 million last year to $4.24 million in 2021, with healthcare data breaches the most expensive, costing an average of $9.23 million to resolve. The average healthcare data breach cost has increased by more than $2 million year-over-year. The data f ..read more

Four new zero-day vulnerabilities in Microsoft Exchange Server versions 2013, 2016, and 2019 have been discovered by the U.S. National Security Agency (NSA). These versions of Microsoft Exchange Server must be patched as soon as possible to avoid the possibility of the vulnerabilities being targeted by cybercriminals. A directive has already been released by the Cybersecurity and Infrastructure Security Agency (CISA) for all federal bodies to patch all vulnerable on-premises Exchange Servers no later than 12.01 AM on Friday April 16, 2021 due to the high risk of the weaknesses being targeted ..read more

With the passing, in November 2020, of the California Privacy Rights Act, came a range of new obligations for businesses operating in the State. They must now move swift to make sure that every member of staff is conscious of their obligations in order to avoid large scale financial penalties being sanctioned against their company. In order to assist you in coming to terms with the new rules we have put together a short article detailing the main things that you need to be aware of moving forward. To read more about the introduction of the new data privacy legislation you can read the news st ..read more

In the third quarter of 2020, an alert was released for the healthcare and public health sector in the aftermath of a spike in ransomware activity being identified. The joint CISA, FBI, and HHS cybersecurity advisory group informed the healthcare sector that it was being focused on by hackers hoping to infiltrate their databases with ransomware. A number of ransomware collectives had increased attacks on the healthcare and public health sector, with the Ryuk and Conti operations the busiest of these. A new study from Check Point suggests that attacks continued to rise during November and Dece ..read more

In France the data protection regulator, Commission nationale de l’informatique et des libertés (CNIL), has penalised French retail giant Carrefour more than €3m ($3.7m) in relation to a number of breaches of the European Union’s General Data Protection Regulation. The total fine was split between the retails giant €2.25m and the banking subdivision, Carrefour Banque, that it operates (€800,000). The fine was made public on the web portal of CNIL.  The punishment could have been even worse, however while calculating the amount , CNIL considered the actions Carrefour took to address the G ..read more

The U.S. National Security Agency (NSA) has issued a cybersecurity advisory warning Russian state-sponsored hacking groups are targeting a vulnerability in VMWare virtual workspaces used to support remote working. The flaw, tracked as CVE-2020-4006, is present in certain versions of VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector products and is being exploited to gain access to enterprise networks and protected data on the affected systems. The flaw at hand is a vulnerable command-injection in the administrative configuration component – this c ..read more

At the beginning this month the electorate of California voted to pass the California Privacy Rights Act (CPRA), legislation created to further enhance the reach of the California Consumer Privacy Act that become enforceable earlier in 2020. The passing of the CPRA into law allocates a number of new rights to Californian citizens including: The right to correct personal information The right to prevent the use of sensitive personal information The right to opt out of personal information being shared to third parties When the proposed amendments were released earlier in the year California ..read more