Following the frequent and varied ransomware attacks on health care entities over the past few years, the Office for Civil Rights (OCR) published guidance last summer to the health care industry reminding it that a ransomware attack could be a reportable breach under the HIPAA Breach Notification Rule. Despite the fact that many health care … Continue Reading
Social networking app Wishbone, which is used primarily by teenage girls to vote on various teenage type quizzes, like favorite entertainers or fashion, has been hacked. The intruders have reportedly gained access to users’ (again, primarily female minors) names, unique email addresses and mobile telephone numbers. Not just a few, either. The data compromised included … Continue Reading
The fall-out from WannaCry continues, particularly in the healthcare sector. There are new reports that WannaCry affected at least two hospital systems in the U.S. and encrypted medical devices (power injector systems) in the hospitals. There are additional anecdotal reports that other medical devices were affected by WannaCry. According to medical device company spokesmen, if … Continue Reading
In response to the WannaCry ransomware attack that infiltrated the computer systems of health care systems and other entities worldwide on or around May 12, 2017 (previously discussed here), HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) issued a series of updates to provide consumers and potentially affected organizations with information on … Continue Reading
We have read multiple reports on WannaCry and if you are reading this and don’t know what WannaCry is, Google it for the background story. The clear message is this is not the last major attack we will see, and future attacks will only get more sophisticated. It is being estimated that the cost associated … Continue Reading
Over the past week, many clients and individuals have asked me why some companies and health care facilities were devastated by the WannaCry ransomware, and why others made it through the weekend without a blink of an eye. Simplistically, it is because those who pay attention to security patches that they receive from technology vendors … Continue Reading
We have previously reported on the vicious ransomware Locky and how it victimized companies throughout 2016 [View previous posts here, here, and here]. Although Locky quieted down in late 2016, according to researchers at Cisco Talos, Locky is perking up again in 2017 in a major way. Only this time, instead of using phishing email … Continue Reading
We follow the Verizon Data Breach Investigation Report each year. It just hit the news stand and as always, is full of insights. The report collected data from 65 organizations in 84 countries, including 42,068 cybersecurity incidents and 1,935 data breaches. The major themes of the report are: No one thinks it’s going to be … Continue Reading
ABCD Pediatrics, located in San Antonio, Texas has notified the Office for Civil Rights that a ransomware cyber intrusion has resulted in access to its servers, including the protected health information (PHI) of its patients. The ransomware used by the attackers was Dharma. The practice found through forensic analysis that access had been gained to … Continue Reading
Last week, IBM published its X-Force Threat Intelligence Index (Index), which summarizes the state of leaked records and vulnerabilities to data in 2016. It is depressing, but informative. The Index notes that the number of compromised records “grew a historic 566 percent in 2016 from 600 million to more than 4 billion.” Billion with a … Continue Reading
For decades, it has been assumed that MacBook and iPhone devices are hack proof and virus free. Their advertisements and claims for being indestructible were never questioned. Yet, nothing is truly immune to intrusion. Consumers pay a high premium for the slick and glossy Apple devices. Their superior brand has continued to sell and grow … Continue Reading
My newest hero in the fight against ransomware is Little Red Door Cancer Services of East Central Indiana (Little Red Door). I am sending a donation to it to celebrate its courage in the last few weeks. Little Red Door is a small not-for-profit agency in Indiana devoted to help cancer victims during their treatment, … Continue Reading
On December 30, 2016, the Los Angeles Community College computer network was kidnapped by cyber criminals requesting a ransom for its return. The ransomware encrypted the college’s entire network system, including email and voice mail systems. Rather than attempt to restore all of the data days before classes were to resume, on January 4, 2017, … Continue Reading
A recent IBM study shows that ransomware increased 6,000 percent in 2016 over 2015. According to the report, ransomware was present in almost 40 percent of all spam email messages. Ransomware is big business, since according to IBM Research, over 70 percent of business victims of ransomware pay the ransom for the key to get … Continue Reading
The No More Ransom Project, a coalition of security companies and law enforcement, which was launched through a partnership with the European Cybercrime Centre, the National High Tech Crime Unit of the Netherlands police, Kaspersky Lab and Intel Security has added 30 new members and 32 new decryption tools to combat ransomware variants. The Project … Continue Reading
Every day I get a call from a client asking for help involving ransomware. Friends have called in a panic when that dreadful message comes up on the screen informing you that you are the victim of ransomware with instructions on how to pay the ransom with bitcoin. It is no longer a surprise to … Continue Reading
Cybersecurity hit the news hard in 2016. The number of high profile, and troubling, cyber incidents increased significantly. The Democratic National Committee and one of Clinton’s top advisor’s being hacked, with leaked emails by Russia, according to intelligence reports, may have influenced the U.S. election. Theft of document from the Mossack Fonseca law firm in … Continue Reading
Although every year we lament about the significance of data breaches in the past year, 2016 was by far the worst. Data breaches were rampant, victimizing every industry and numbing consumers in the process. It was so bad that consumers began to throw up their hands and say “My personal information is out there anyway. … Continue Reading
2016 has been a banner year for ransomware cybercriminals. We have seen a dramatic rise in the use of ransomware, and businesses continue to become victims to ransomware, primarily through phishing and spear phishing schemes. The cybercriminals are getting so brazen, that when they attack a business with ransomware, they actually provide instructions on how … Continue Reading
We have repeatedly reiterated numerous warnings to the healthcare industry about malware and ransomware [see related posts here and here]. Our predictions have unfortunately become true, as November was the worst month ever for healthcare data breaches, according to self-reports to the Office for Civil Rights (OCR). In the month of November 57 incidents of … Continue Reading
A recent report from Imperva, Inc. has identified a Phishing as a Service (PhaaS) being offered on a Russian website. The United States Computer Emergency Readiness Team defines phishing as “an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear … Continue Reading
A new IBM/Ponemon Study released late last week, 2016 Cyber Resilient Organization, reveals that only 32 percent of IT and security professionals believe that their organization has a “high” level of cyber resilience. The study interviewed 2,400 IT and security personnel across the world. The study shows that 66 percent of those professionals believe that … Continue Reading
The New York Times reported last week that “hundreds of fake retail and product apps have popped up in Apple’s App Store in recent weeks”—just in time to deceive holiday shoppers. The Apps use well-known brand logos to deceive consumers. According to some, there has been a dramatic increase in fake apps this year over … Continue Reading
On November 10, 2016, the Federal Trade Commission (FTC) released tips and advice for businesses and consumers on ransomware. For businesses, the FTC released Ransomware – A closer look and a companion video, Defend against Ransomware. The FTC’s recommendations for businesses include: Have a tested business continuity plan in place to reduce disruption in the … Continue Reading
