MGMA, WEDI urge CISA to align its reporting timelines and requirements with other federal partners, including the HHS Office for Civil Rights, to decrease the administrative burden. Stakeholders in healthcare are proposing changes to the Cybersecurity and Infrastructure Security Agency’s proposed rule on cyber incident reporting requirements under the Cyber Incident Reporting for Critical InfrastructureContinue reading “Stakeholders Suggest Changes to CISA’s Cybersecurity Reporting Rule.”
Category Archives: Ransomware
Ransomware is ravaging healthcare orgs—and making it harder for them to get insurance.
Cyber insurance rates plateaued in 2023, but remain unaffordable for many hospitals and are likely to rise again soon. The disastrous ransomware attacks on Change Healthcare and Ascension this year ran up staggering costs and put a spotlight on the healthcare sector’s vulnerability. But healthcare orgs are hardly new to eye-popping bills after a major hack. Analyzing attacks onContinue reading “Ransomware is ravaging healthcare orgs—and making it harder for them to get insurance.”
UnitedHealth paid ransom to bad actors, says patient data was compromised in Change Healthcare cyberattack.
UnitedHealth Group on Monday said it paid ransom to cyberthreat actors to try and protect patient data, following the February cyberattack on its subsidiary Change Healthcare. The company also confirmed that files containing personal information were compromised in the breach. “This attack was conducted by malicious threat actors, and we continue to work with the law enforcement and multipleContinue reading “UnitedHealth paid ransom to bad actors, says patient data was compromised in Change Healthcare cyberattack.”
HC3 warns healthcare help desks of ‘advanced’ social engineers.
After convincing the help desk to enroll a new device, a threat actor can pivot to a payment system. IT pros: If someone from finance calls and says their phone is busted and they need to start over with authentication, trust but verify. Actually, don’t trust; just verify. Healthcare help desks need to be especiallyContinue reading “HC3 warns healthcare help desks of ‘advanced’ social engineers.”
Cyber Threat: Why We Continue to Get It Wrong.
When are healthcare leaders really going to take cybersecurity seriously? Recently a good friend sent me an article that described analysis performed by an independent organization that performs cybersecurity research and the recommendation they made regarding the paying of ransoms. They make the supposition that stopping the payment of ransoms will end the ransomware threat onceContinue reading “Cyber Threat: Why We Continue to Get It Wrong.”
What to do when you think you got phished.
Security pros share what to do if you took the bait and got phished. So, you clicked a phishing link. Don’t worry—you’re one of many in internet history who have trusted an email that seemed to come from a coworker, have a legitimate URL, or offer a reasonable enough chance to visit Mars. According to cybersecurityContinue reading “What to do when you think you got phished.”
How the Change cyberattack is affecting the healthcare industry.
Experts estimate the attack is costing providers $100 million every day. The cyberattack on Change Healthcare may go down as “the most significant cyberattack on the US healthcare system in American history,” according to trade group American Hospital Association—and one expert says it could take the healthcare industry years to recover. Despite rumors that ChangeContinue reading “How the Change cyberattack is affecting the healthcare industry.”
Ransomware 101: The need-to-knows for healthcare execs.
The Change Healthcare cyberattack may be just the beginning. The cyberattack on Change Healthcare that debilitated health providers and pharmacies across the country last month sent a foreboding message: Your company may be the next big cyberattack victim. You may be thinking, “we’re so careful with our employees. We send out phishing test emails everyContinue reading “Ransomware 101: The need-to-knows for healthcare execs.”
SEC disclosure rules leave IT pros asking: What’s ‘material’?
Ransomware can be material or not material, says one legal pro. SEC disclosure rules now require publicly traded companies to disclose impactful—or more specifically, “material”—cybersecurity events, leaving many organizations running to both dictionaries and legal teams to learn the definition. Understanding the term will be an important aspect of pre-incident planning, according to legal experts and industryContinue reading “SEC disclosure rules leave IT pros asking: What’s ‘material’?”
Over 178,000 SonicWall firewalls for enterprises still vulnerable to DOS, RCE attacks.
“The impact is worse for devices like this, because of their positioning on the network,” Bishop Fox researcher Jon Williams says. Nearly 180,000 SonicWall firewalls remain vulnerable to an exploit first discovered in April 2022, despite the availability of a patch to manage the issue. Bishop Fox researchers wrote in a recent blog post thatContinue reading “Over 178,000 SonicWall firewalls for enterprises still vulnerable to DOS, RCE attacks.”
You must be logged in to post a comment.