It has been another crazy ransomware week as reflected in Bleeping Computer’s weekly update headlined “Healthcare Under Attack.”
The Wall Street Journal in an article about why the Colonial Pipeline paid ransom quotes “Ciaran Martin, the former head of the National Cyber Security Center, the British government’s cybersecurity agency.”
“There are three problems contributing to the ransomware crisis,” Mr. Martin said. “One is Russia sheltering organized crime. A second is weak cybersecurity in too many places. But the third, and most corrosive, problem is that the business model works spectacularly for the criminals.”
In that regard, Cyberscoop and the American Hospital Association report on the Conti ransomware gang which last week struck Ireland’s health system. Here is a link to the FBI’s May 20 alert on the Conti gang.
STAT and Becker’s Health IT brings us up to date on the May 1 ransomware attack on Scripps Healthcare in San Diego which was eclipsed publicly by the ransomware attack against Colonial Pipeline. The articles illustrate how these attacks have a lot of ramifications that can’t be cleaned up overnight.
ISACA and Security Boulevard provide insights into securing protected health information and other types of confidential data.
And let’s not lose sight of the SolarWinds cyberattack. SecurityWeek reports that
The hackers who carried out the massive SolarWinds intrusion were in the software company’s system as early as January 2019, months earlier than previously known, the company’s top official said Wednesday [May 20]. SolarWinds had previously traced the origins of the hack to the fall of 2019 but now believes that hackers were doing “very early recon activities” as far back as the prior January, according to Sudhakar Ramakrishna, the company’s president and CEO.
Also Wednesday, Ramakrishna apologized for the way the company blamed an intern earlier this year during congressional testimony for poor password security protocols. That public statement, he said, was “not appropriate.” “I have long held a belief system and an attitude that you never flog failure. You want your employees, including interns, to make mistakes and learn from those mistakes and together we become better,” he added. “Obviously you don’t want to make the same mistake over and over again. You want to improve.”