Tag: healthcare

Cybersecurity Snapshot: CSA Outlines Data Security Challenges and Best Practices, While ISACA Offers Tips To Retain IT Pros

Mar 7, 2025 8:53 PM

Tags: advisory, ai, awareness, banking, best-practice, business, cloud, compliance, corporate, crime, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, exploit, extortion, finance, fraud, governance, government, group, healthcare, infrastructure, iot, jobs, mail, malicious, microsoft, mitigation, monitoring, network, nis-2, privacy, qr, ransom, ransomware, regulation, resilience, risk, risk-assessment, risk-management, scam, service, strategy, technology, threat, tool, vmware, vulnerability, vulnerability-management, zero-day

Check out best practices for shoring up data security and reducing cyber risk. Plus, get tips on how to improve job satisfaction among tech staff. Meanwhile, find out why Congress wants federal contractors to adopt vulnerability disclosure programs. And get the latest on cyber scams; zero-day vulnerabilities; and critical infrastructure security. Dive into six things…
Reshaping Healthcare – and Healthcare Cyber – With AI

Mar 7, 2025 7:53 PM

Tags: ai, ciso, cyber, cybersecurity, healthcare, intelligence

The use of artificial intelligence is not only reshaping healthcare delivery in the sector but also healthcare cybersecurity within organizations, said Anahi Santiago, CISO of ChristianaCare, the largest healthcare delivery organization in the state of Delaware. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/reshaping-healthcare-healthcare-cyber-ai-i-5465
Medusa Ransomware Claims 40+ Victims in 2025, Confirmed Healthcare Attacks

Mar 7, 2025 10:54 AM

Tags: attack, data, healthcare, leak, ransom, ransomware

Symantec found that Medusa has listed almost 400 victims on its data leaks site since early 2023, demanding ransom payments as high as $15m First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/medusa-claims-victims-2025/
What is risk management? Quantifying and mitigating uncertainty

Mar 7, 2025 7:53 AM

Tags: breach, business, cio, ciso, compliance, control, cyber, cyberattack, data, finance, flaw, framework, governance, healthcare, infosec, infrastructure, insurance, international, jobs, mitigation, monitoring, nist, risk, risk-analysis, risk-assessment, risk-management, software, strategy, technology, tool, vulnerability

How do organizations structure risk management operations?: Risk management has in some organizations traditionally been multicentric, with different departments or individuals within the org implementing risk management techniques in their work: Risk management is a component of good project management, for instance. IT leaders in particular must be able to integrate risk management philosophies and…
11 ruinöse Ransomware-Bedrohungen

Mar 7, 2025 6:53 AM

Tags: ai, apt, cloud, cyberattack, cybercrime, encryption, exploit, extortion, fortinet, healthcare, kritis, leak, linux, lockbit, malware, moveIT, phishing, ransomware, service, social-engineering, supply-chain, usa, vmware, vpn, vulnerability, windows, zero-day

Für Unternehmen ist Ransomware weiterhin eine existenzielle Bedrohung, für Kriminelle ein immer einträglicheres (Service)geschäft.Ransomware bleibt branchenübergreifend auf dem Vormarsch und entwickelt sich beständig weiter vereinzelten behördlichen Erfolgen zum Trotz. Das ist unter anderem auch folgenden Trends zuzuschreiben:Ransomware-as-a-Service (RaaS)-Angebote senken die Zugangsbarrieren.Neue Erpressungstaktiken versprechen noch mehr kriminelle Gewinne.Künstliche Intelligenz (KI) wird bei Cyberkriminellen immer beliebter.Davon abgesehen,…
Managing Legacy Medical Device and App Cyber Risks

Mar 6, 2025 11:53 PM

Tags: cyber, healthcare, mitigation, risk

Legacy apps and medical devices continue to pose persistent and considerable risk to healthcare IT environments, and many organizations are still unaware of their prevalence in their settings, said Keith Fricke, partner and principal consultant at tw-Security, who discusses mitigation steps to take. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/managing-legacy-medical-device-app-cyber-risks-i-5464
Healthcare Targeted By More Advanced Cyberattacks In The Past Year

Mar 6, 2025 9:54 PM

Tags: cyberattack, healthcare

First seen on scworld.com Jump to article: www.scworld.com/brief/healthcare-targeted-by-more-advanced-cyberattacks-in-the-past-year
Healthcare organizations facing more sophisticated attacks

Mar 6, 2025 9:54 PM

Tags: attack, healthcare

First seen on scworld.com Jump to article: www.scworld.com/news/healthcare-organizations-facing-more-sophisticated-attacks
Up to $75M needed to fix up rural hospital cybersecurity as ransomware gangs keep scratching at the door

Mar 6, 2025 6:53 PM

Tags: attack, cybersecurity, healthcare, ransomware

Attacks strike, facilities go bust, patients die. But it’s preventable First seen on theregister.com Jump to article: www.theregister.com/2025/03/06/rural_hospitals_cybersecurity/
Ransomware goes postal: US healthcare firms receive fake extortion letters

Mar 5, 2025 7:34 PM

Tags: access, attack, awareness, breach, ciso, communications, cybersecurity, dark-web, data, data-breach, defense, email, extortion, fraud, group, healthcare, law, mail, network, ransom, ransomware, scam, threat, unauthorized

Phantom extortion: Ransomware impersonation is nothing new. In 2019, organizations across the US reportedly received emails deploying the same fake breach modus operandi as the recent letter writers ‘pay up now because we have your data’. In truth, such campaigns are probably commonplace but are dismissed as obvious ruses and rarely reported on.However, by 2023…
Rural hospitals in US need to invest at least $70 million in cybersecurity, Microsoft finds

Mar 5, 2025 7:34 PM

Tags: authentication, cybersecurity, email, healthcare, microsoft, network

A survey of hundreds of rural facilities found nearly two-thirds struggle to implement basic email security, multifactor authentication and network segmentation. First seen on therecord.media Jump to article: therecord.media/rural-hospitals-need-millions-cyber
NHS investigating how API flaw exposed patient data

Mar 5, 2025 6:34 PM

Tags: api, data, data-breach, flaw, healthcare, programming, vulnerability

NHS patient data was left vulnerable by a flaw in an application programming interface used at online healthcare provider Medefer First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366620174/NHS-investigating-how-API-flaw-exposed-patient-data
Why Supply Chain Attacks Are The Biggest Threat To Businesses?

Mar 5, 2025 12:34 PM

Tags: attack, defense, healthcare, india, software, supply-chain, threat, usa

In 2024, approximately 183,000 customers worldwide were affected by supply chain attacks. In terms of frequency, the software supply chain experienced one attack every 48 hours. Surprisingly, India is among the most targeted countries, along with the USA, UK, Australia, Japan, and Germany. Manufacturing, healthcare, defense, and aerospace are among the most targeted sectors. Among……
The dirty dozen: 12 worst ransomware groups active today

Mar 5, 2025 10:34 AM

Tags: access, ai, alphv, apt, attack, backup, breach, cloud, cyber, cybercrime, dark-web, data, detection, email, encryption, endpoint, exploit, extortion, finance, government, group, healthcare, infrastructure, intelligence, korea, law, leak, linux, lockbit, malicious, malware, moveIT, network, north-korea, organized, phishing, ransom, ransomware, russia, service, social-engineering, software, strategy, threat, tool, usa, vmware, vulnerability, windows, zero-day

Black Basta: History: Black Basta appeared on the ransomware scene in early 2022 and is believed to be a spin-off from Conti, a group notorious for attacking major organizations.How it works: Black Basta usually deploys malware through exploitation of known vulnerabilities and social engineering campaigns. “Employees in the target environment are email bombed and then…
Conquering Cyber Risks Involving Web Browsers in Healthcare

Mar 5, 2025 12:34 AM

Tags: ciso, cyber, healthcare, Internet, risk

As clinicians move to a model of working anywhere, on many types of devices and under a variety of different internet environments, web browser security is a heightened concern, said John Frushour, vice president and CISO at New York Presbyterian Hospital and CyberEdBoard member. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/conquering-cyber-risks-involving-web-browsers-in-healthcare-i-5460
Mapping Health Sector Chokepoints Before the Next Big Attack

Mar 5, 2025 12:34 AM

Tags: attack, cyber, cybersecurity, healthcare, incident

The Healthcare Sector Coordinating Council is kicking off a health sector mapping initiative aimed at helping the ecosystem avoid massive disruptions in the event of major cyber incidents, said Greg Garcia, executive director of cybersecurity at the Healthcare Sector Coordinating Council. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/mapping-health-sector-chokepoints-before-next-big-attack-i-5452
Top Data Breaches of February 2025

Mar 3, 2025 2:34 PM

Tags: breach, cloud, data, data-breach, finance, government, healthcare, service

February 2025 saw a series of high-impact data breaches affecting industries ranging from healthcare and finance to cloud services and government agencies. These incidents exposed sensitive data, disrupted operations, and… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/top-data-breaches-of-february-2025/
UK Cybersecurity Weekly Update 2 March 2025

Mar 3, 2025 1:34 PM

Tags: access, ai, apple, attack, backup, breach, china, cyber, cyberattack, cybercrime, cybersecurity, data, election, encryption, google, governance, government, group, healthcare, infrastructure, intelligence, monitoring, office, privacy, ransomware, regulation, russia, service, threat, unauthorized, update, vulnerability

UK Government’s Encryption Demands Lead to Apple’s Data Protection Withdrawal The UK government has mandated that Apple provide access to encrypted iCloud backups under the Investigatory Powers Act of 2016. In response, Apple has withdrawn its “Advanced Data Protection” feature for UK users, citing concerns over user privacy and security. This move has sparked a…
Certain About Your Data Privacy Measures?

Mar 1, 2025 5:34 PM

Tags: cybersecurity, data, finance, healthcare, privacy, service, soc, threat

Are You Confident in Your Data Privacy Measures? Professionals in financial services in healthcare, travel, DevOps, and SOC teams that managing securitization processes in the cloud; do you feel confident about your data privacy measures? Where marked by increasing cybersecurity threats, the assurance of robust data privacy is no longer a luxury but a necessity….…
Leaked Chat Logs Reveal Black Basta’s Dark Night of the Soul

Feb 28, 2025 8:34 PM

Tags: attack, data-breach, group, healthcare, ransomware

After Disrupting Ascension Health, Black Basta Forecast Reprisals From FBI, Moscow We are pentesters, not murderers, ransomware group Black Basta claimed in its negotiations with victim Ascension Healthcare in May 2024, after its attack led to widespread disruptions and patient safety alerts. Leaked chat logs reveal the group feared resulting reprisals from the FBI and…
Groups Call for Trump to Rescind Proposed HIPAA Rule Update

Feb 27, 2025 11:34 PM

Tags: cyber, group, healthcare, HIPAA, update

Health Industry Associations Complain That Proposed Cyber Mandates Are ‘Staggering’. Seven major healthcare industry groups are urging the Trump administration to rescind a proposed update to the HIPAA security rule issued at the end of the Biden administration. The costs and regulatory burden to comply would be staggering to the healthcare sector, they said. First…
5 things to know about ransomware threats in 2025

Feb 27, 2025 7:59 AM

Tags: access, attack, authentication, awareness, backup, breach, ciso, cloud, control, credentials, cyber, dark-web, data, data-breach, defense, detection, encryption, exploit, extortion, finance, fraud, group, healthcare, identity, incident response, infrastructure, Internet, iot, law, leak, mfa, monitoring, network, password, ransom, ransomware, risk, scam, service, software, sophos, supply-chain, technology, threat, tool, update, vpn, vulnerability, zero-day

2. Mid-size organizations are highly vulnerable: Industry data shows mid-size organizations remain highly vulnerable to ransomware attacks. “CISOs need to be aware that ransomware is no longer just targeting large companies, but now even mid-sized organizations are at risk. This awareness is crucial,” says Christiaan Beek, senior director, threat analytics, at Rapid7.Companies with annual revenue…
MSSPs, Physical Tools, and a Multi-Layered Approach: Protecting Hospitals

Feb 25, 2025 9:24 PM

Tags: healthcare, mssp, tool

First seen on scworld.com Jump to article: www.scworld.com/perspective/mssps-physical-tools-and-a-multi-layered-approach-protecting-hospitals
China-based Silver Fox spoofs healthcare app to deliver malware

Feb 25, 2025 6:23 PM

Tags: backdoor, china, government, healthcare, malware, threat

Silver Fox, a China-based threat actor that may or may not be backed by the Chinese government, has been delivering the ValleyRAT backdoor to unsuspecting users by disguising … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/25/china-based-silver-fox-spoofs-healthcare-apps-dicom-viewer-to-deliver-valleyrat-malware/
Chinese-Backed Silver Fox Plants Backdoors in Healthcare Networks

Feb 25, 2025 3:23 PM

Tags: backdoor, china, group, hacking, healthcare, malware, network, software

Forescout observed the recently identified Chinese hacking group using medical imaging software applications to deliver malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-silver-fox-backdoors/
Strategic? Functional? Tactical? Which type of CISO are you?

Feb 24, 2025 8:23 AM

Tags: breach, business, ceo, cisco, ciso, cloud, compliance, cybersecurity, finance, governance, group, guide, healthcare, infrastructure, jobs, risk, service, skills, startup, strategy, technology, training

Transformational, as in program-builders or turnaround agents.Operational, often early-career CISOs who are closer to the technology and work at small-to-midsize companies where they still perform some technical duties.Compliance, that is, risk experts typically found in highly regulated industries.Steady-state CISOs, who, in opposition to the transformational type, keep everything on an even keel.Customer-facing CISOs, usually found…
New Guidelines: Cybersecurity Resilience in the Healthcare Industry

Feb 22, 2025 5:24 AM

Tags: compliance, control, cybersecurity, healthcare, privacy, resilience, service, threat

Lou Morentin, VP of Compliance & Privacy There are a number of significant changes coming to Healthcare Cybersecurity requirements. While not all are finalized, they point the way towards Health and Human Services tightening the controls and requirements. Healthcare Cybersecurity: A Shift Towards Resilience The healthcare industry is facing an evolving threat landscape, with cyberattacks……
Change Healthcare’s Mega Attack: 1 Year Later

Feb 21, 2025 11:23 PM

Tags: attack, breach, data, data-breach, hacker, healthcare, ransomware, service

Ransomware Attack Taught Lessons on Health Sector Resiliency, Vendor Redundancy. It’s been one year since hackers attacked IT services provider Change Healthcare, quickly shutting down critical processes for thousands healthcare entities, triggering a data breach affecting 190 million people. So what top lessons are emerging from that massive disruption and data compromise? First seen on…
European Healthcare Orgs Targeted With NailaoLocker Ransomware

Feb 21, 2025 10:24 PM

Tags: healthcare, ransomware

First seen on scworld.com Jump to article: www.scworld.com/brief/european-healthcare-orgs-targeted-with-nailaolocker-ransomware
CL0P Ransomware Launches Large-Scale Attacks on Telecom and Healthcare Sectors

Feb 21, 2025 11:38 AM

Tags: attack, cyber, data, exploit, extortion, group, healthcare, ransomware, tactics, vulnerability, zero-day

The notorious CL0P ransomware group has intensified its operations in early 2025, targeting critical sectors such as telecommunications and healthcare. Known for its sophisticated tactics, the group has exploited zero-day vulnerabilities to infiltrate systems, steal sensitive data, and extort victims. This resurgence follows a relatively quieter 2024, during which CL0P listed only 27 victims compared…