Cybersecurity Management Lessons from Healthcare Security Breaches

2024 looks like it will only increase the number of affected individuals considering the scale of ransomware attacks from the first half of the year in the USA, Canada, and Australia.
Unusual activity detected on May 8, 2024, caused Ascension healthcare to shut down affected systems, notify authorities, and engage cybersecurity professionals.
The attack caused major disruptions throughout the non-profit healthcare provider that operates 140 hospitals and 40 senior care facilities in 19 states plus the District of Columbia.
CNN reported the Black Basta ransomware gang performed the attack, although the company hasn't officially confirmed the information.
IT should never be the top expense for a healthcare organization.
The United Healthcare Group acquisition of Change Healthcare in 2022 started paying the wrong type of dividends this February when stolen credentials led to over $870 million in damages.
Ransomware attackers used stolen credentials to access a Change Healthcare Citrix portal setup without any multi-factor authentication protection.
Within nine days, the attackers navigated laterally through the network and executed a ransomware attack that shut down Change Healthcare's processing and payment service that facilitates orders and payments for pharmacies, hospitals, and clinics nationwide.
Although the impact on Change Healthcare and UHG will be quantified for the US Security Exchange Commission, the impact on the US healthcare industry is more difficult to measure.
Hudson Rock, a cybercrime intelligence tool vendor with free services, posted that they detected Citrix credentials stolen from Change Healthcare using infostealers a day after the initial attack.
Predictably, the US Congress soon called upon Andrew Witty, the top paid healthcare CEO with a compensation of more than $23 million, to testify about healthcare breaches.
Witty's testimony admits that the healthcare provider can't identify the exfiltrated data or affected patients.
These attacks don't offer many details to learn specific technical lessons, but they highlight that attackers pursue all sizes of organizations anywhere in the world.
Given all the noise about ransomware, it can be easy to forget that there are other attacks and causes of breaches.
Note that only two of these breaches stem from external attacks.
Protect identity: Credentials will be stolen so implement MFA to make attacks harder to execute, implement active directory security to catch attempted credentials abuse.
Healthcare, like most organizations, struggles to grow IT budgets.
As MediSecure experienced, trusted partners can become the source of attack.
To avoid joining these high profile healthcare organizations in public shame and financial pain, apply the five key lessons to improve your organization's security today.
Security will never be completely foolproof, but it certainly can decrease the blast radius of a successful attack and keep you out of the news.


This Cyber News was published on www.esecurityplanet.com. Publication date: Thu, 30 May 2024 19:13:06 +0000


Cyber News related to Cybersecurity Management Lessons from Healthcare Security Breaches

Cybersecurity in the Healthcare Industry: Protecting Patient Data - In the rapidly advancing era of technology, the healthcare industry faces a critical challenge: protecting patient data from cyber threats. This article will emphasize the significance of cybersecurity in the healthcare industry and explore the ...
4 months ago Securityzap.com
Best Cloud Security Providers for Healthcare Services - Cloud Security Providers for Healthcare offer specialized services to protect data and applications hosted in cloud environments. When picking a cloud security providers for healthcare, it's important to think about things like how well they follow ...
4 months ago Cybersecuritynews.com
The Imperative for Robust Security Design in the Health Industry - COMMENTARY. In an era dominated by digital innovation and technological advancements, healthcare companies find themselves at the intersection of immense opportunity and equally unprecedented risk. The digitalization of patient records, electronic ...
4 months ago Darkreading.com
Why healthcare data is often the target of ransomware attacks - Healthcare data in recent years has been a very lucrative target for cyberattacks, particularly ransomware, with attackers holding healthcare information, and potentially patient lives, for ransom. Cybercriminals are increasingly focusing on ...
2 weeks ago Techtarget.com
Cybersecurity Management Lessons from Healthcare Security Breaches - 2024 looks like it will only increase the number of affected individuals considering the scale of ransomware attacks from the first half of the year in the USA, Canada, and Australia. Unusual activity detected on May 8, 2024, caused Ascension ...
2 weeks ago Esecurityplanet.com
Best Network Security Providers for Healthcare - The exponential growth of Electronic Health records, telemedicine, and interconnected medical devices creates a complex healthcare ecosystem demanding robust network security. Network security providers specializing in healthcare offer a ...
4 weeks ago Cybersecuritynews.com
Changing How Healthcare Works: Big News in Communication - In a pivotal transformation within the healthcare industry, a prominent shift is currently unfolding. Direct Secure Messaging has emerged as a game-changer, modernising the way vital information is shared among healthcare providers, pharmacies, and ...
3 months ago Cysecurity.news
Unveiling the true cost of healthcare cybersecurity incidents - As healthcare organizations increasingly rely on interconnected systems, electronic health records, and telemedicine, the industry becomes a prime target for malicious actors seeking to exploit vulnerabilities. The consequences of a cybersecurity ...
5 months ago Helpnetsecurity.com
Critical insights into Australia's supply chain risk landscape - Australian organizations find themselves navigating a minefield of supply chain risks, with a surge in incidents stemming from multi-party breaches. These breaches are often caused by vulnerabilities in cloud or software providers and are emerging as ...
2 months ago Tripwire.com
Sophisticated Cyber Threats Require a New Approach to Digital Security in Healthcare. - In the era of modernization, healthcare organizations are pushing for digitalization in their EMR's. The world of cybersecurity is changing at a breakneck pace: cyber threats are becoming more sophisticated and frequent, and the White House, Senate, ...
5 months ago Cyberdefensemagazine.com
Essential Features of Cybersecurity Management Software for MSPs - Protect your clients' businesses from cyber threats with Cybersecurity Management Software. A vital tool that aids MSPs in enhancing their cybersecurity practices is Cybersecurity Management Software. In this article, we will delve into the features ...
2 weeks ago Hackread.com
Ransomware's appetite for US healthcare sees known attacks double in a year - Following the February 21 attack on Change Healthcare, scores of people in the US have been living with the brutal, real-world effects of ransomware. It has also created skyrocketing pharmacy bills, pushed some healthcare providers to the edge of ...
2 months ago Malwarebytes.com
IoT Adoption in Healthcare: Security Opportunities and Benefits - The Internet of Things (IoT) is the technology that has increasingly become popular in various industries and has been gaining traction in the healthcare sector. With the rise of healthtech, the proliferation of connected medical devices, and the ...
1 year ago Csoonline.com
Fortinet Contributes to World Economic Forum's Strategic Cybersecurity Talent Framework - Shining a light on the cybersecurity workforce challenge, the World Economic Forum recently published its Strategic Cybersecurity Talent Framework, which is intended to serve as a reference for public and private decision-makers concerned by the ...
4 weeks ago Feeds.fortinet.com
HHS to investigate UnitedHealth and ransomware attack on Change Healthcare - The U.S. Department of Health and Human Services is launching an investigation into the ransomware attack on Change Healthcare following weeks of disruption to healthcare and billing operations at hospitals, clinics and pharmacies across the country. ...
3 months ago Therecord.media
Pharmacy Delays Across US Blamed on Nation-State Hackers - Change Healthcare, a technology services provider for pharmacies, experienced a cyberattack from a suspected nation-state threat actor that has created widespread delays for patients who need prescription refills across the US. Change Healthcare is a ...
3 months ago Darkreading.com
DDoS attack revealed as cause of online service outage at public healthcare institutions - A distributed denial-of-service attack has been identified as the cause of an online service outage that affected several public healthcare institutions in Singapore. The attacks are continuing, according to national healthtech agency Synapxe, which ...
6 months ago Zdnet.com
How Healthcare Organizations can use ASPM to Fill CSPM Coverage Gaps and Save Money - In recent years, healthcare organizations have increasingly moved their healthcare information systems applications and infrastructure to the cloud to take advantage of its scalability, flexibility and cost-effectiveness. To mitigate these risks, ...
5 months ago Securityboulevard.com
Atlas Healthcare Confirms Data Breach Affecting Residents' Social Security Numbers - On October 14, 2023, Atlas Healthcare provided notice of a recent data breach after learning that an unauthorized actor was able to access the company's computer system. In this notice, Atlas explains that the incident resulted in an unauthorized ...
6 months ago Jdsupra.com
Norton Healthcare discloses data breach after May ransomware attack - Kentucky health system Norton Healthcare has confirmed that a ransomware attack in May exposed personal information belonging to patients, employees, and dependents. Norton Healthcare serves adult and pediatric patients in more than 40 clinics and ...
6 months ago Bleepingcomputer.com
The Importance of Cybersecurity Education in Schools - Cybersecurity education equips students with the knowledge and skills needed to protect themselves and others from cyber threats. Cybersecurity education can teach students about the impact of cyberbullying, how to prevent it, and how to respond ...
5 months ago Securityzap.com
A prescription for insights: Cisco Full-Stack Observability supercharges healthcare - The National Institutes of Health indicates that AI applications will cut annual US healthcare costs by $150 billion - about $460 per person the US - in 2026. Digital transformation among healthcare organizations, and the chronic lack of resources to ...
3 months ago Feedpress.me
Student Cybersecurity Clubs: Fostering Online Safety - Student cybersecurity clubs are playing a crucial role in promoting online safety among students. Student cybersecurity clubs play a vital role in this regard, as they provide a platform for students to learn about the latest threats, share best ...
5 months ago Securityzap.com
Growing threats outpace cybersecurity workforce - The cybersecurity skills shortage threatens the well-being and even survival of numerous businesses as cybersecurity threats grow more numerous, sophisticated, and dangerous to the point that cybersecurity groups have vowed not to pay ransom demands. ...
4 months ago Legal.thomsonreuters.com
Beyond Mere Compliance - Too often we continue to see executives whose approach to cybersecurity - compliance rather than protection - is strikingly similar to that of the ill-advised business owner whose minimal fire protection is designed only to meet the building code. ...
5 months ago Cyberdefensemagazine.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)