Two recent ransomware attacks against healthcare systems indicate that cybercriminals have not forgotten about the medical industry. As a high value target, gangs have repeatedly targeted hospitals, healthcare companies and national infrastructure. And this month, the Texas-based Oakbend Medical Centre shut down its entire IT system after an attack. A gang claimed responsibility, saying it had stolen over a million sensitive, personal data records. It then threatened to leak the data, along with staff information. Similarly, a Pennsylvania healthcare provider suffered a ransomware attack in the days following, announcing that 75,000 patient records were lost. It is not yet clear how much ransom the attackers are trying to extort.
Cybersecurity is now an important topic for executives. In fact, according to a new study by Rackspace Technology, cybersecurity is the biggest concern for corporate heads. The survey of business leaders showed a growing concern about cybersecurity – 59 per cent of respondents listed it as one of their three biggest business worries, ahead of IT talent shortages (49 per cent) and inflation (47 per cent). In the past, security teams and senior leadership were often at odds. Now, 75 per cent of those surveyed feel that cybersecurity teams are better positioned at the board level than they were five years ago. Just over half consider business leaders to be a supporter of cybersecurity teams. While it's good to know that leadership is serious about cyber security, many security challenges still lie ahead.
Conventionally, one of the most important things you can do to protect yourself from hackers is use multi-factor authentication (MFA). It’s an added step in traditional cybersecurity – helping to mitigate the damage from lost, phished, stolen or weak passwords. But recently there's been a surge in malicious software aimed at defeating MFA. For hackers who want to get around multifactor authentication, one option is to use an adversary-in-the-middle (AiTM) attack. This combines a phishing attack with a proxy server, allowing attackers to steal a user's password and authentication session cookie. A recent Microsoft report showed that over 10,000 organisations have already been a target.
NATO is assessing the impact of a data breach of classified military documents which are being sold by an unidentified hacker group. The data includes blueprints of weapons used by NATO allies in the Ukraine war. MBDA Missile Systems, a European missile manufacturer, admitted that its data was among the cache of stolen documents posted online – but claimed none of the classified files belonged to the firm. Cyber criminals have been selling 80GB of the stolen data for 15 Bitcoins and claim they have sold it to at least one buyer so far.
The cost of a data breach has far-reaching impacts, according to new research by IBM. In its ‘Cost of a Data Breach’ report for 2022, IBM revealed that the latest costs for data breaches in organisations averages at $4.35 million. In the last two years alone, costs have increased by nearly 13%. The report also showed that these costs are being passed on to consumers – specifically contributing to a rising cost of goods and services. Six in 10 organisations have increased their prices in response to data breaches.
In the wake of the growing number of ransomware attacks, many companies are shutting down their systems as a precaution after a cyberattack before it is too late - this often leads to more disruption. A recent example includes the Bromford Housing Association, which shut down all their technology - including appointment systems and communications channels with their suppliers and customers – to only take emergency calls. Chief Information Officer Dan Goodall said: “We know how much of a pain this must be and we are so sorry for missed appointments and how limited our service is. Returning to normal can only happen when we know our systems are safe.”
