TweakTown NewsRefine News by Category:
The U.S. Department of Health and Human Services (DHHS) and HITRUST recently conducted CyberRX, the first healthcare industry cyberattack simulation. Incident response coordination and collaboration are important, though many departments tend to keep security practices internal and not share successful techniques.
The standard national cybersecurity framework isn't effective to keep critical infrastructure protected, so healthcare providers and private sector security specialists must team up to be better prepared for threats.
"The initial exercise, although limited in number of participants, is a significant step in establishing an industry CyberRX exercise playbook and formal program; identifying areas where organizations should focus; identifying opportunities for greater collaboration and information sharing between organizations, HITRUST and government; and identifying what gaps exist and where industry needs additional support to (be) better prepared," said Kevin Charest, U.S. Department of Human Services Chief Information Security Officer.
The FBI sent a private memo to healthcare providers, warning them of increased threat of cyberattacks, especially with lackadaisical security methods that open patients up to further risk. Healthcare IT is continuing to evolve and does get better, but security loopholes and savvy criminals are still causing problems for medical IT specialists.
"The healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely," the FBI said in its memo.
As noted by security experts previously, health care data traded on the black market is more valuable than credit and debit card information. The personal information found in medical records includes information that makes it even easier to access bank accounts, commit fraud, or steal prescription drugs - a lucrative currency among criminals, too.
There was an upswing in distributed denial-of-service (DDoS) attacks during the fourth quarter of 2013, according to Akamai, in its "State of the Internet Report." Its customers reported 1,153 DDoS attacks in 2013, a 50 percent increase year-over-year - and a notable 23 percent increase from Q3 to Q4 last year.
Cybercriminals are able to launch DDoS attacks against major targets with little overhead, and overall ability to compromise servers makes DDoS a very notable attack method.
Enterprise and commerce continued to be the industries targeted most frequently by the reported DDoS attacks in the fourth quarter, at 159 and 82 attacks, respectively," Akamai said in a press release. "Together, they account for just under 70% of the reported attacks during the quarter, while slightly less than half of the total attacks were reported by customers in the Americas."
Prior to President Barack Obama's first trip to Japan, there was a bit of a mishap in Tokyo's Haneda International airport. A Skymark Airlines employee reportedly lost a printout with a list of passwords which was found after 30 minutes on an airport terminal floor.
It's unknown what type of access would be granted using the lost passwords, airport officials changed all passwords as a preventative security measure.
Although software and hardware security continues to evolve, companies need to do a better job training employees to keep information secure. There is a problem of 'password fatigue' among employees, though there has to be some sort of guidelines available - especially when co-workers are opening one another up to potential data theft.
The Boston Children's Hospital was recently targeted in a wave of cyberattacks trying to bring down its website, though cybercriminals were unsuccessful, and no patient data was taken in the attempted breach.
"Over the weekend and through today, Boston Children's Hospital's website has been the target of multiple attacks designed to bring down the site by overwhelming capacity," said Rob Graham, hospital spokesperson, in a statement.
Hospital officials have reported police authorities and an investigation is currently underway - no hacker or hacker groups have stepped forward to take credit for the attempted breach.
Cybercriminals are finding it rather easy to launch attacks against companies and universities, especially with attention focused more on Heartbleed. Almost 20 universities and a handful of healthcare providers have come under attack, which will continue to happen as IT managers scramble to try and secure databases.
"We have had very bad luck with several universities as far as reaching out about breaches," said Alex Holden, Hold Security CTO, in a statement to the media. "The problem is finding with in a very large, decentralized infrastructure the right person to talk to and impress on them that something is going on."
Instead of launching attacks against individual users, cybercriminals are largely finding it more lucrative to compromise large databases - personal information is valuable, and can be stolen for personal use, sold, or traded.
Iowa State University recently confirmed it suffered a data breach and the personal information of up to 30,000 current and former students is now at risk. Particularly, the Social Security Numbers of students enrolled at ISU between 1995 and 2012 were vulnerable, though it doesn't appear cyberattackers accessed the information.
Instead, those responsible for the attack decided to mine for bitcoins using the school's servers - with ISU believing five network attached storage drives manufactured by Synology are at fault.
"We don't believe our students' personal information was a target in this incident, but it was exposed," said Jonathan Wickert, Senior VP and Provost, in a press statement. "We have notified law enforcement, and we are contacting and encouraging those whose Social Security numbers were on the compromised servers to monitor their financial reports."
Medical professionals have become victims of identity theft, with Social Security Numbers and other personal information used to help process fraudulent tax returns, according to recent reports. The victims, less than 1,000 total so far, didn't know about the breach until they tried to file their returns and found that someone else already had beaten them to the punch.
Victims were found in the following states: Colorado, Connecticut, Vermont, Massachusetts, Iowa, North Carolina, South Dakota, Maine, Indiana, and New Hampshire. The Indiana State Medical Association (ISMA) sent a memo to healthcare professionals in the state to be aware of the tax scam.
"The DOR is viewing this as a large problem and officials are very concerned," said Julie Reed, ISMA general council, during a recent conversation. "While their investigation has not yet identified the source of the presumed breach, they are tracking all the cases, looking for patterns, and actively investigating and pursuing leads."
NEC Hong Kong is currently developing a new facial recognition technology that can be used by stores, hotels, and other retail establishments to quickly identify customers. Retailers have tried to use smartphones to help monitor customer activity, especially if guests log onto free, open Wi-Fi hotspots, though customers found ways to disable such features.
When most people think of facial recognition, it's in regards to security and possible privacy issues - but NEC and companies have a more unique reasoning behind why stores, hotels, and other establishments might want to adopt the technology:
"Everyone loves to feel special. That's why any organization that can greet a customer by name and start helping them the minute they walk in to a shop, bank or hotel will have a tremendous advantage over one that relies on ID cards or other impersonal procedures," said Elsa Wong, NEC Hong Kong Managing Director, in a press statement.
Internet users are now being warned of a recent 2014 FIFA World Cup scam that promises recipients of a cash prize and free tickets - including an offering for more than $5 million cash and a trip to the World Cup.
Despite the outlandish offer of money, poorly written email, and rather silly email subject line, it appears that some Internet users might be getting caught up in the scam.
The World Cup runs from June 12 to July 13, and cybersecurity experts warn of other possible scams that could capitalize on the popular sporting event. As noted by Malwarebytes, "major sporting events are traditionally a huge draw for scammers and there will no doubt be many more of these come from now until June."