This past week the HIMSS conference was held in Las Vegas. Healthcare Dive reports on a session on whether healthcare organizations should pay to settle a ransomware attack. It’s complicated because “With patient lives on the line, continuity of care is essential — and it might cost more to fight the attack by halting operations and bringing in pricey outside cybersecurity consultants.” In this regard, Fierce Healthcare informs us that “
A massive cyberattack May 1 cost Scripps Health $112.7 million through the end of June, with lost revenue bearing most of the cost.
The nonprofit San Diego-based hospital system reported the impact during its second-quarter earnings filed Tuesday.
Healthcare Dive adds
Currently, security experts are experiencing a strategic sea change in how they counter cyberattacks, shifting from a focus on shoring up defense — an increasingly outdated and ineffective plan, given the increasing volume and complexity of cyberattacks, coupled with the massive size of healthcare organization’s IT surfaces that need protection — to survivability. Panelists recommended companies assess their IT strengths and weaknesses to know how to prepare, even role-playing a breach to see how their contingency processes play out and workforce responds.
In that regards, here are some articles that caught the FEHBlog’s eye this week:
- ISACA offers a thought provoking article on this topic: “Today, organizations’ No. 1 prerogative is implementing consistent data security measures and ensuring that it does not cause undue complexity in IT operations and business application changes. Complexity hides attacks by insiders and increases the chance of human error: Thales Data Threat reports 2021 states that respondents consider malicious insiders as the top threat at 35 percent, with human error at 31 percent. This blog post explores the approach and technology that is useful to reduce complexity in data security measures across the organization.”
- SupplyChainBrain discusses “Why Virtual Private Networks Aren’t Enough to Ensure Cybersecurity.” In short, “We still find VPNs being heavily used, but zero-trust is starting to pick up steam. Some of the major firewall vendors and VPN vendors are beginning to introduce zero-trust-based access. Fewer and fewer folks are doing traditional credential-based access on VPN, but the Colonial Pipeline ransomware attack showed us that large infrastructure providers are still using a username and credentials instead of moving to multi-factor. Those that are doing multi-factor are definitely moving toward adding device trust on top of that to create additional security. The multi-factor authentication market is quite strong, but there’s room for improvement, even in traditional VPN architecture.”
- TechTalk looks at steps toward achieving data security in the cloud.
In closing, here’s a link to Bleeping Computer’s The Week in Ransomware. In short, “This week we saw an existing operation rise in attacks while existing ransomware operations turn to Windows vulnerabilities to elevate their privileges.” In this regard, Cyberscoop reports on
The so-called PrintNightmare vulnerability in Microsoft software is turning into a dream for ransomware gangs.
For the second time this week, security researchers have warned that extortionists exploited the critical flaw in an attempt to lock files and shake down victims. It shows how, more than a month after Microsoft disclosed the bug and urged users to update their software, a new round of exploitation is under way against vulnerable organizations.
A ransomware group dubbed Vice Society recently seized on the PrintNightmare bug to move through an unnamed victim’s network and attempt to steal sensitive data, Talos, Cisco’s threat intelligence unit, said Thursday. A day earlier, cybersecurity firm CrowdStrike said that hackers using another type of ransomware had tried to use PrintNightmare to infect victims in South Korea. Neither Talos nor CrowdStrike named the targeted organizations.
ZDNet adds that just this week
Microsoft released an update that changes the default behavior in the operating system and prevents some end users from installing print drivers.
The key change in this month’s Patch Tuesday update for the bug CVE-2021-34481, aka PrintNightmare, is that users will need admin rights to install print drivers.
Vulnerability scan anyone?