Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘#cyberattack’

cyber-attack

(Russian) Cyber Security Should Now Be Firmly On The Radar For Everyone Running A Business

May 19, 2016

It is no longer a question of if a business will be attacked, but when – and how.
There are still many old style fraudsters who forge cheques, submit false invoices for fictional services or seek a “dear friend” who will help them repatriate several million pounds but these are just a reminder of bygone days when a fraud looked like, well, a fraud.
In recent times a fraud is more likely to look like a genuine email from the managing director asking a member of the accounts team to make a payment to what looks like a supplier.
Closer inspection may reveal that the proposed destination of the cash is not quite what it seems.
Perhaps the language is more polite than one would expect from the MD, maybe the email address of the sender isn’t exactly right – although it looks right at first glance.
Any communication regarding the movement of cash should now be subjected to an additional level of scrutiny. Many businesses have already updated their procedures.
Some will not send cash in response to an email request. Many will make a call to the parties involved to check that everything is genuine and that a payment request originates from who it purports to be from.
There has also been a massive escalation of malicious attacks, usually harmless looking emails that invite the recipient to click on what looks like a harmless link.
Clicking the link unleashes a virus that will attack the recipient’s systems, potentially causing major harm to the business.
There are now many hundreds of thousands of cases of computer misuse, hacking and malicious virus attacks reported each year.
Whilst these threats might be conveyed digitally, many need to fool a human being at some point to be effective. Every organisation should therefore run regular training for employees on how to spot fraudulent or malicious activity.
Insurers will increasingly expect this kind of training as a condition of cover. In the current climate, it is arguably negligent to not train staff properly in this regard.
The IoD conducted a survey of business leaders in December 2015 which showed that just under half provided training in cyber security for their staff.
Given the potential for commercial and reputational damage that can result from the cascading effect of a cyber attack, this is an alarmingly low figure. It shows a high degree of misplaced complacency.
Cyber security is a business “hygiene” issue. Suppliers, customers and staff are entitled to expect that a business has the necessary measures and procedures in place.
There is also a rapidly growing market for defined cyber threat insurance.
This used to be carried by a minority of companies but is now something that needs to be in place for the vast majority of businesses, especially bearing in mind that only around one per cent of respondents in the IoD survey thought their business wholly unreliant on the inter- net.
Alongside greater awareness of the threat, the other primary defensive tool in the armoury is software, with good firewalls and analytics that can pick up the bulk of fraudulent or malicious activity
There is no simple solution to the malice and dishonesty that exist in the digital world.
The price of staying ahead of these threats is eternal vigilance, insurance and up-to-date software.

By Jonathan Oxley

www.yorkshirepost.co.uk

Tags: , , , ,

proxyl

The Percentage Of Health Care Data Breaches Due To Criminal Acts Has Risen From 20 to 50 Percent Since 2010

May 16, 2016

The percentage of health care data breaches due to criminals has risen from 20 to 50 percent since 2010, but health care organizations are failing on defense, according to a new study.
On average, the percentage of health care organizations hit by a data breach has stayed steady, in the high 80s and low 90s, according to Larry Ponemon, chairman and founder at Ponemon Institute, which conducted the study, but the number of breaches due to accidentally lost devices has dropped.
Most recently, ransomware and denial-of-service attacks have become top security concerns. These kinds of attacks have the potential to shut down the operations of a health care organization, putting lives at risk.
Ransomware typically encrypts all data, making patient records inaccessible to doctors and nurses.
Denial-of-service attacks shut down the tools and systems used to access those records.
“A lot of these tools now are Internet-facing or are actually in the cloud,” Ponemon explained.
“I think we’re actually in a situation where the bad guys are winning at this point,” said Rick Kam, president and co-founder at ID Experts, which sponsored the report.
One reason is finger pointing, he said. Health care providers point to third-party business associates, such as drug companies and claims processors, while the business associates point the finger back at the health care providers.
“Neither the business associates nor the health care entities are doing their job,” he said. “There’s a small increase in security budgets, but that incremental spending is not keeping up with the threat.”
Another contributing factor, he added, is that the majority of the health care organizations are regional and local hospitals, which are not flush with cash.
Health care organizations understand that they are targets.
More than two-thirds, or 69 percent, said that they are at greater risk than other industries for a data breach.
And there has been some improvements.
Sixty-three percent of respondents said they have policies and procedures that are in place to effectively prevent or quickly detect unauthorized patient data access, up from 58 percent in 2015.
And 57 percent said they have the expert personnel to be able to identify and resolve data breaches, up from 53 percent in 2015.
In addition, 71 percent have an incident response plan process in place, with involvement from information technology, information security and compliance, a slight increase from 69 percent in last year’s study.
However, slightly more than half of health care organizations, 52 percent, said that security budgets have stayed the same since last year, and 10 percent said their budgets decreased.

By Maria Korolov

www.csoonline.com

Tags: , , , , , ,

info-hacks-2

Health care records frequently targeted by anonymous hackers

May 5, 2016

For 10 days in February one hospital’s records hung in limbo. At Hollywood Presbyterian Medical Center in California, a ransomware attack kept health care records in control of anonymous hackers, until hospital officials paid $17,000 to take back their system.
Data ransom attacks are today’s technological version of kidnapping. It’s anonymous, more cost-effective and more appealing to criminal enterprises than taking physical hostages. And it’s the reason health care institutions today are taking steps to ensure security.
As part of an ongoing conversation, health care professionals and government agencies will meet on May 1-11 in Washington D.C. to discuss health data as part of the Health Datapalooza event presented by Health Data Consortium.
At Creighton University, law professor Edward Morse is researching the technological and legal limitations for paying data ransom.
“If you can deny access to patient care records, you shut down hospital operations,” Morse said. “With HIPAA, a patient’s electronic records are protected under law. But, a patient’s medical information is only as strong as an institution’s weakest link.
It can be as simple as a disgruntled employee; someone who is willing to give up a password to a potential hacker, so hospitals are working to increase security and limit the number of employees who can access sensitive data.
Adam Kuenning, attorney with Erickson | Sederstrom and a Creighton law professor, teaches HIPAA privacy and security.
“Patient care comes first for any medical professional,” Kuenning said. “The importance of keeping the information secure, may sometimes be lost while the medical professional is focused on the patient’s care.”
Any HIPAA breach of more than 500 patients must be reported to the media, and the Department of Health and Human Services keeps a record of these cases online. Since 2009, more than 1500 cases have been recorded. For cases affecting less than 500 patients, only a letter sent to affected persons is required.
To ensure HIPAA compliance, HHS is conducting audits healthcare companies, but often carelessness is the root cause of a breach. A frequent problem are laptops and thumb drives with private medical information left in an employee’s car.
“Data that’s not encrypted is being stolen somehow,” Kuenning said. “People are breaking into your office, stealing your computer, your servers when you didn’t encrypt your records that evening.”
In the California hospital case, an outside hacker stole records by taking over the computer system. In these cases, it’s common that patient information isn’t actually stolen; rather, hackers freeze the system, making the records inaccessible to medical personnel who need the information to properly care for the patients.
Last June, President Barack Obama stated while the U.S. government won’t pay ransom for hostages, American families have never “been prosecuted for paying a ransom.” In most health care cases, private ransom payments often go unnoticed. Few cases like Hollywood Presbyterian Hospital are publicized. According to Morse, thousands of attacks are attempted, but it’s unknown how many are successful.
“With this crime, it’s embarrassing to institutions, that their systems aren’t secure,” Morse said.
Payouts to criminal enterprises are relatively inexpensive. The black market values each patient’s record at $50 or $60, Morse found. According to a Ponemon Institute Survey, hackers only earn about $28,000 annually, but Morse notes that this wage could equate to a lot more with hackers coming from developing countries.
Without patient’s records, the hospital reaches a standstill, creating the need to comply and pay ransom.
“If you can pay, you would do it in a New York minute,” Morse said.
As the health care industry becomes more invested in technological innovations, institutions must keep privacy in mind, as a data breach can “ultimately, sully the reputation of an institution,” Morse said.

Source: Creighton University

Tags: , , , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
main-snowden
Edward Snowden’s Autobiography Makes a Plea for the Fourth Amendment, the Right to Privacy, and Encryption
September 24, 2019

America's most famous whistleblower calls for restricting the power of government. Article by SCO...

Read more
ph
Chinese deepfake app Zao sparks privacy row after going viral
September 3, 2019

Critics say face-swap app could spread misinformation on a massive scale A Chinese app that lets ...

Read more
1463600977631262
Google tightens grip on some Android data over privacy fears, report says
August 19, 2019

The search giant ends a program that provided network coverage data to wireless carriers. BY CARR...

Read more
4000
Wikipedia co-founder slams Mark Zuckerberg, Twitter and the ‘appalling’ internet
July 8, 2019

Elizabeth Schulze Wikpedia Co-Founder Larry Sanger said in an interview social media companies ...

Read more
venmo_pub_priv
Why America Needs a Thoughtful Federal Privacy Law
June 26, 2019

More than a dozen privacy bills have been introduced in this Congress. Here’s what it needs to do....

Read more