There have been plenty — too many — breaches involving federal agencies over the years. Way back in 2006, a breach at the U.S. Department of Veterans Affairs affected 26.5 million people. In 2009, it was the National Archives and Records Administration that was hit and that breach affected 76 million. In one of the worst and most damaging breaches of all time, the U.S. Office of Personnel Management (OPM) affected 21.5 million federal employees and contractors, and breached the information included in security clearances, such as background investigation data and associated person data. Most recently, the U.S. Customs Agency fell victim to an attack and photos and other personal information collected by U.S. Customers and Border Patrol was leaked.
One might think financial institutions, such as banks, would have formidable levels of application security. Unfortunately, if one thought that, one would be wrong. According to an analysis by application security vendor ImmuniWeb, a startling 97 out of 100 of the world’s largest banks are vulnerable to web and mobile attacks.
Commercial law firm Reynolds Porter Chamberlain LLP says that the average fine levied by the Information Commissioner’s Office rose 14% in the year since the introduction of GDPR, increasing from £125,000 in 2017/18 to £143,000 in 2018/19.
Risk management firm LexisNexis Risk Solutions, in conjunction with Information Security Media Group (ISMG), recently announced the results of an online survey they conducted to identify current trends in healthcare cybersecurity. The survey is based on responses from more than 100 participants working within including hospitals, physician group practices and payers. The survey was conducted over the spring of 2019.
Phishing attacks strike again. Last week, Nemadji Research Corp., which does patient eligibility and billing services work for the Los Angeles County Department of Health Services, discovered that they’d been breached by a phishing attack. The attack enabled the criminals to gain access to the medical records of nearly 15,000 patients.
No one wants to go to the doctor’s office. Well, I guess some people do. I’m certainly not one of them. But imagine going to the doctor and then watching in horror as the medical equipment or computers the teams of doctors are working on aren’t working. That, suddenly, the come under attack just as you are “going under the knife.”
The market for AI in cybersecurity is expected to soar. According to the market research firm Markets and Markets, sales and support of AI software and services will reach $38 billion by 2026 — up from nearly $9 billion this year.
As we established in the previous post, when it comes to threat intelligence, most enterprises are neither where they want or need to be. They’re not getting value out of their efforts and they often are not focused on what they need to attain actionable threat intelligence.
Threat intelligence enables enterprises to better understand, detect and respond to threats. To mount a successful defense, enterprises need to know their enemies and anticipate their next move. So far, the defenders have been losing.
While the 400 year old John Donne poem, No Man is an Island, is about the interconnectedness of the individual to humanity, it could just as easily had been written about the nature of cybersecurity and modern technology.
As we covered in part one, there’s tremendous investment underway in healthcare IT and the industry is innovating every step along the way of patient care and records management, or it soon will be. And the result is that as hospitals grow more efficient and deliver care more effectively, it will help better contain healthcare cost increases. But it must be done securely.
