2020 has been a wack year by any stretch of the imagination. If it can happen it probably will happen this year. This topic doesn’t surprise me though. I read this week that a joint cybersecurity advisory went out by the Cybersecurity and Infrastructure Agency (CISA), the Federal Bureau of Investigation (FBI) and the Health and Human Services (HHS). This advisory was sharing how a specific ransomware strain, the Ryun malware, was being used to gather and exfiltrate data from health care companies.
The main risks were listed here:
• Visibility issues into networked devices and their lack of strong security & patching
• Failure to segment networks into sensitive and less sensitive segments
• Incorrect protocols in network communication that would leave ports open that could impact security and be used to infiltrate a network
Because of COVID, my guess is there has been a huge influx in new healthcare data coming in that would usually have been left out of the system. Hackers and bad actors saw the financial opportunity as health records can be worth up to $1,000 and they want to capitalize on that opportunity to cash in big.
Most of these attacks originate from the knowledge that there is generally weak security on healthcare services because of the low priority they put on cybersecurity. There is also a slower adoption to newer systems due to the complicated programs healthcare professionals are required to use, and the expense to create new programs. While cloud based data systems are usually more secure, it does have a higher cost to migrate and maintain so many companies still prefer on-prem servers.
One country I wish we would be able to mimic more is Estonia, where the user has all the rights to their own data, as well being able to see who has accessed their information. While bad actors could potentially take over, as far as has been reported, no hackers have been able to breach their systems. I think the US could take this approach, but would have to have a massive overhaul of our data structure, access and control so monetary gains aren’t first and foremost on our data, but data privacy and user control is primary.
Commenti