A quarter of American populace have had their health data compromised

Data breaches in the healthcare sector in the United States have become increasingly common, with one in four individuals falling victim to cyberattacks this year, according to a survey. Atlas VPN, an internet security firm, published these alarming statistics in a recent report, revealing that approximately 45 million patients’ data was compromised in the third quarter of 2023 alone, compared to 37 million affected last year.

The US Department of Health and Human Services has also been alerted to this concerning trend, with the study indicating that nearly 43 out of 50 states have been targeted by hackers. California and New York hold the unenviable first and second positions, followed by Texas, Massachusetts, and Pennsylvania.

Remarkably, Vermont remains the sole state untouched by healthcare data breaches, an anomaly in the current landscape of cyber threats.

For those curious about why hackers are increasingly targeting health data, here’s a brief overview: healthcare information holds substantial value on the dark web, making it a prime target for cybercriminals. According to a 2021 survey conducted by IBM, a set of 1,000 patient records, encompassing medical history, contact information, and phone numbers, can fetch as much as $120. Bulk data sets can command up to $5,000. Moreover, data enriched with details such as dates of birth and Social Security numbers are in particularly high demand.

In 2023, a staggering 480 breaches were reported in the first three quarters, an increase from the 373 recorded in the previous year. The breach at HCA Healthcare, which saw data from 11 million patients compromised, topped the list of incidents. It was followed by the breach at Managed Care of North America, where the data of approximately 8.9 million dental patients was stolen earlier in the year.

So, how can healthcare information be safeguarded from falling into the wrong hands?

Conducting Threat Assessments: Employ advanced security controls and conduct regular threat assessments to mitigate the risk of data breaches.

Staff Awareness: Educate your staff about the evolving cyber threats to prevent human configuration errors.

Encryption: Implement robust encryption for data in transit and at rest to thwart hackers from accessing or siphoning sensitive information.

Data Backup: Regularly back up data to the cloud and one or two offsite servers to prevent downtime in case of an incident.

BYOD Vigilance: Exercise caution with Bring Your Own Device (BYOD) policies to mitigate the risks associated with connected devices.

Strong Passwords and Multi-Factor Authentication: Utilize strong passwords, preferably 15 characters long with a mix of uppercase and lowercase letters and special characters. Enabling multi-factor authentication provides an additional layer of protection against cyber threats for devices and applications.

The post A quarter of American populace have had their health data compromised appeared first on Cybersecurity Insiders.

October 20, 2023 at 08:54PM

Read More

The Unyielding Importance of Cybersecurity in Times of Recession

In times of economic recession, as budgets tighten and organizations face financial constraints, it can be tempting to cut corners in various aspects of business operations. However, one area that should never experience budget reductions is cybersecurity. In fact, maintaining robust cybersecurity measures during an economic downturn is not just important; it’s crucial. This article delves into the unyielding importance of cybersecurity in times of recession.

1. The Escalation of Cyber Threats

Recessions often breed desperation, and cyber-criminals are no exception to this rule. When individuals and organizations face financial hardships, some resort to illicit means to make ends meet. Cyber-criminals view economic crises as opportunities to exploit vulnerabilities for financial gain. This includes launching cyberattacks against weakened targets, such as companies struggling to maintain their security infrastructure. In a recession, the number and sophistication of cyber threats tend to increase, making strong cybersecurity a necessity.

2. Remote Work Challenges

With the advent of the COVID-19 pandemic, remote work became the norm for many organizations. However, the recession has further solidified this trend. Remote work brings its unique cybersecurity challenges, as employees access company networks and data from various locations, often using personal devices. Maintaining security in this decentralized work environment is paramount. Neglecting cybersecurity measures can expose an organization to a multitude of risks.

3. Protection of Sensitive Data

Recessions often force businesses to streamline their operations, sometimes leading to down-sizing and restructuring. During these transitions, there’s a higher risk of data breaches. Employees leaving the company or having access to sensitive data without proper safeguards can inadvertently or intentionally compromise information. Adequate cybersecurity practices are vital for ensuring data protection during these times of transition.

4. Regulatory Compliance and Legal Consequences

Data privacy regulations have become more stringent in recent years. Failing to uphold cyber-security standards and protect sensitive customer data can lead to severe legal consequences. A data breach during a recession can result in not only the financial costs of remediation but also costly fines and legal battles.

5. Long-Term Reputational Damage

A cybersecurity breach can inflict long-lasting damage to an organization’s reputation. As companies navigate the rocky waters of a recession, preserving trust among customers and partners is vital. A data breach can erode this trust, potentially resulting in long-term financial repercussions.

6. Cyber Resilience and Preparedness

In the face of economic uncertainties, organizations must focus on being resilient. Cybersecurity plays a pivotal role in building resilience. Being well-prepared to handle cyber threats ensures that an organization can adapt and recover swiftly from any security incidents, minimizing disruption and potential losses.

Conclusion

The economic challenges brought about by a recession should never be an excuse to compromise on cybersecurity. In fact, it’s precisely during these difficult times that organizations should redouble their efforts to protect their digital assets, customer data, and reputation. The cost of a cybersecurity breach can far exceed the expenses of maintaining robust security measures. Ultimately, investing in cybersecurity during a recession is not just an expense; it’s an insurance policy against potentially devastating cyber threats that could jeopardize an organization’s survival in already trying times.

The post The Unyielding Importance of Cybersecurity in Times of Recession appeared first on Cybersecurity Insiders.

October 20, 2023 at 10:52AM

Read More

Netflix password sharing crackdown yields excellent results

For all those who were accustomed to sharing their Netflix passwords with friends and family, here’s an important update on how the company has taken action against this practice. Netflix released an official statement last Wednesday, indicating that its efforts to curb password sharing have been highly successful, resulting in the addition of approximately 8.8 million new users to its platform.

In other words, the company’s strategy to discourage password sharing has proven to be a significant boost to its revenue this year. Last year, Netflix took a proactive stance against password sharing and informed its user base about its intention to crack down on this practice, as it was significantly impacting its monthly and yearly revenue collections.

Now, the popular video streaming service is reaping the rewards of this approach, having welcomed more than 8 million new customers, representing a substantial 30% increase in its user database. This surge in subscribers can be seen as a summer bonus for the company.

Password sharing has long been a source of concern, as it can lead to various issues. Misuse of account credentials can result in account blocks and user account cancellations. Furthermore, in the wrong hands, these credentials can be used for scams, potentially draining the account holder’s e-wallets or bank accounts.

In a time when companies often struggle to generate revenue, such challenges can have a noticeable impact on the quality of services and content offered to users. Delays in service provision, subpar customer care experiences, and payment delays for content creators are some of the common consequences.

This summer, however, things are expected to be different from a revenue perspective. Netflix has implemented a price increase for its basic subscription in the United States, raising it from $2 to $11.99. Likewise, in the UK, subscription costs will see a £2 increase, bringing the overall cost to £18. This move is likely to contribute to the company’s revenue growth in the coming months.

The post Netflix password sharing crackdown yields excellent results appeared first on Cybersecurity Insiders.

October 20, 2023 at 10:49AM

Read More

Maritime Companies Increasingly Paying Ransoms Amidst Ransomware Surge

In the double extortion strategy, cybercriminals first exfiltrate sensitive data from the victim’s servers and then encrypt the data, making it inaccessible. They then demand a ransom for both the decryption key and the assurance that they will not release the stolen data publicly. This places immense pressure on the targeted companies, leaving them with little choice but to meet the hackers’ demands. Unfortunately, there is no guarantee that the data will be returned or deleted once the ransom is paid.

One striking revelation from the CyberOwl study is the connection between the rise in ransomware attacks and Russia. Researchers and analysts involved in the survey have suggested that the surge in activity and the resulting revenue may be linked to Russia’s invasion of Ukraine. It’s hypothesized that the funds generated through ransom payments to cybercriminals could indirectly support the war efforts, inadvertently contributing to the conflict.

In alignment with these findings, a separate study by U.S.-based ransomware specialist Coveware found that 34% of ransomware victims paid various criminal groups in the second quarter of 2023. This indicates that the willingness to pay ransoms is a global issue affecting a broad spectrum of industries.

To mitigate the risks associated with file-encrypting malware and ransomware, companies in the maritime sector, as well as across other industries, should adopt a proactive approach.

Here are some essential measures to consider:

1.) Regular Data Backups: Maintain a consistent backup strategy, ensuring data can be restored in the event of a ransomware attack.

2.) Automated Threat Monitoring: Implement automated systems for detecting and responding to security threats in real time.

3.) Retention Policies: Establish data retention and deletion policies to minimize the amount of valuable data accessible to cybercriminals.

4.) Incident Response Teams: Develop and train incident response teams to swiftly address security incidents and minimize potential damage.

As the ransomware threat continues to evolve and grow, it is imperative that companies remain vigilant and prepared to safeguard their data, financial assets, and reputation from these insidious cyber threats. Paying ransoms may offer a short-term solution, but it perpetuates the cycle of criminal activity, making it crucial for organizations to invest in robust cybersecurity practices and risk mitigation strategies.

The post Maritime Companies Increasingly Paying Ransoms Amidst Ransomware Surge appeared first on Cybersecurity Insiders.

October 19, 2023 at 08:33PM

Read More

Interesting cyber attack headlines trending on Google for this day

“Ukraine Cyber Alliance Takes Down Trigona Ransomware Gang, Wipes Their Data Clean”

In recent times, we’ve witnessed numerous headlines about ransomware groups wreaking havoc on corporate networks. However, this time, the ‘Ukraine Cyber Alliance,’ a group of activists, managed to infiltrate the Trigona Ransomware gang’s database and completely obliterate their operations. Notably, they absconded with sensitive information, including source code, decryption keys, and some cryptocurrency earnings acquired by the gang during the month of September this year.

A technical analysis released to the media indicates that the gang exploited a known vulnerability, CVE-2023-22515, to breach the Confluence database and gain access to this critical information. As our analysis team continues to investigate, we will provide updates as soon as further details are confirmed.

“Data Deletion Hack Targets Facebook Users”

For the first time in the history of hacking, a hacker or hacking group successfully took control of a Facebook account belonging to a photographer. They systematically deleted images and customer orders that had been stored on the account for the past seven years. The account holder, Doug Bazley from Queensland, expressed deep disappointment at the data wipe and reported the incident to Meta’s subsidiary, which subsequently launched an inquiry into the matter.

The hack appears to have occurred after Doug clicked on a phishing link that arrived in his inbox, cleverly disguised as a Meta company communication. The perpetrator(s) assumed control of the web page, altering the profile photo, changing the account holder’s name, and systematically erasing all the data that had been stored for years. Doug also voiced his dissatisfaction with the security measures Facebook imposes on user accounts. As the issue remains under investigation, it may take some time for all the facts to be revealed. Notably, deleted data often remains stored in the archival database of the social media giant for a certain period.

“Criminal Gang RansomedVC Compromises District of Columbia Board of Elections”

The District of Columbia Board of Elections (DCBOE) fell victim to a criminal gang known as RansomedVC, infamous for data extortion and their hefty demands for decryption keys. The attack followed an unconventional path, with the criminals initially targeting the hosting provider DataNet before gaining control of the online platform housing Washington DC Election Authority data.

To substantiate their claims, the gang leaked approximately 60,000 lines of voter information belonging to Washington DC voters and listed the data for sale on the dark web. The exposed information includes Social Security Numbers, driver’s license details, dates of birth, phone numbers, and email addresses. Law enforcement agencies such as the FBI and DHS have taken note of the data breach and are actively investigating these claims.

It is noteworthy that this same criminal gang, RansomedVC, was previously involved in the server hack of Sony and was confirmed to have stolen over 260GB of files in that incident.

The post Interesting cyber attack headlines trending on Google for this day appeared first on Cybersecurity Insiders.

October 19, 2023 at 11:12AM

Read More

Cyber attack on payment systems could cost $3.5 trillion loss to the world

Have you ever contemplated the potential ramifications of a highly sophisticated cyberattack targeting global payment systems? Lloyds of London, a prominent provider of insurance services, has undertaken an analysis that suggests the world could face staggering losses of up to $3.5 trillion in the event of a global payment system outage resulting from a cyberattack.

In a collaborative effort with the Cambridge Centre for Risk Studies, Lloyd’s has further projected that the United States could bear the brunt of this financial blow, with an estimated loss of $1 trillion over a five-year period due to such disruptions. Additionally, China is anticipated to face a loss of $450 billion, while Japan may experience losses amounting to $260 billion over the same time frame in the event of a severe system breach.

So, how can these risks be mitigated effectively?

The most prudent approach to addressing this concern involves proactive network protection and fostering international cooperation by sharing critical information on cyberattacks and threats via a unified platform. Simultaneously, it is essential to maintain a vigilant stance towards nations posing a significant threat to online service providers and national infrastructure.

Acknowledging the gravity of the situation, the Cybersecurity and Infrastructure Security Agency (CISA) of the United States has taken a significant step by unveiling a joint guide for securing software. This initiative stems from collaborative efforts involving 17 U.S. and international partners who have pooled their expertise and guidance to enhance cybersecurity measures.

In line with these developments, Jen Easterly, the Chief of Cybersecurity in the United States, has issued a call to action for companies to address vulnerabilities in their technology. These vulnerabilities, if left unattended, could provide fertile ground for cyber-criminals to perpetrate scams and launch malicious attacks.

Addressing an audience at the Singapore International Cyber Week, Ms. Easterly expressed her aspirations for technology that prioritizes safety and security, benefiting both individuals and businesses. Achieving this goal hinges on minimizing vulnerabilities and ensuring timely fixes, thereby leaving cyber-criminals and adversaries with no room for exploitation.

The post Cyber attack on payment systems could cost $3.5 trillion loss to the world appeared first on Cybersecurity Insiders.

October 18, 2023 at 08:35PM

Read More

How Turning Off Bluetooth Can Safeguard Your Mobile from Cyber Attacks

In today’s interconnected world, our smartphones have become central to our lives. We rely on them for communication, navigation, entertainment, and even personal security. However, the convenience they offer comes with a price – the constant threat of cyberattacks. One often overlooked, yet significant, vulnerability in our smartphones is Bluetooth. By understanding the risks and taking simple precautions, you can enhance the security of your mobile device.

The Bluetooth Vulnerability

Bluetooth technology allows for wireless communication between devices over short distances. While this feature is incredibly handy for connecting wireless headphones, speakers, and other peripherals, it can also be exploited by malicious actors.

Bluejacking: This is a relatively harmless but intrusive form of cyberattack where someone sends unsolicited messages or files to your device. While not typically harmful, it can be annoying and may lead to your device’s battery drain.

Bluesnarfing: More serious than bluejacking, bluesnarfing is when cybercriminals access your mobile’s data, including contacts, emails, and messages, without your consent. This breach of privacy can have far-reaching consequences.

Blueborne Attack: This is one of the most critical Bluetooth vulnerabilities. It allows hackers to take control of your device completely. They can access data, install malware, and potentially turn your device into a part of a botnet.

How Turning Off Bluetooth Enhances Security

Disabling Bluetooth on your mobile device, when not in use, can significantly reduce the risk of these cyberattacks. Here’s how:

Preventing Unauthorized Access: Turning off Bluetooth eliminates the possibility of unauthorized connections. When your Bluetooth is off, it’s far more challenging for cyber-criminals to establish a connection with your device.

Avoiding Pairing Requests: Without Bluetooth enabled, you won’t receive any pairing requests from unknown devices. This ensures that you only connect with devices and peripherals that you trust.

Mitigating the Risk of Blueborne Attacks: Blueborne attacks are known to exploit vulnerabilities in Bluetooth connections. Disabling Bluetooth when you’re not actively using it eliminates this risk entirely.

Preserving Battery Life: Keeping Bluetooth on, even when not in use, can consume unnecessary battery life. By turning it off, you’ll extend your mobile’s battery life.

Best Practices for Bluetooth Security

While turning off Bluetooth is a straightforward and effective security measure, you can still enjoy the convenience of Bluetooth connectivity while keeping your device safe:

Use Bluetooth Wisely: Enable Bluetooth only when you need it, and turn it off when you’re finished.

Keep Your Device Updated: Ensure your mobile device’s operating system and apps are up-to-date. Manufacturers frequently release security patches that address known vulnerabilities.

Password Protection: Always secure your device with a strong, unique password or PIN. This provides an extra layer of protection if Bluetooth is inadvertently turned on or accessed by an attacker.

Be Cautious with Pairing: Only pair your device with trusted devices. Avoid connecting with unknown or unverified devices.

In conclusion, Bluetooth, while incredibly useful, can also be a gateway for cyberattacks on your mobile device. Turning off Bluetooth when you’re not actively using it is a simple and effective way to enhance your mobile device’s security. By following best practices and staying informed about potential risks, you can enjoy the convenience of Bluetooth without compromising your privacy and data security.

The post How Turning Off Bluetooth Can Safeguard Your Mobile from Cyber Attacks appeared first on Cybersecurity Insiders.

October 18, 2023 at 11:19AM

Read More