now browsing by tag


Top #Three #Health Care #Cybersecurity #Threats for 2018

Source: National Cyber Security – Produced By Gregory Evans

The medical field has undergone massive digitization in recent years with the emergence of interconnected medical devices and the broader exchange of health care information. In less than a decade, nearly all hospitals and physician offices have adopted electronic health record (EHR) systems.[i] But the adoption and investment related to cybersecurity has been slow. According to the Health Care Industry Cybersecurity Task Force, “a majority of the health care sector made financial investments in cybersecurity only in the last five years.”[ii] This expansion of digitizing critical information without an investment in cybersecurity has, in large part, led to the current environment where health care providers are easy targets for attackers. In a 2017 report, the American Medical Association found that 8 out of 10 physicians had experienced a cyberattack in practice.[iii]

In fact, 2017 introduced some of the largest and most widespread cybersecurity attacks in recent memory. The health care industry was shown to be particularly vulnerable to these threats. In 2018, health care providers should be on the watch for the following threats and should take efforts to protect against them.

Ransomware will Continue to Plague Providers
Ransomware is malware that exploits vulnerabilities in a system to encrypt or remove access from the information contained on the system. The infected system displays a message informing users that their data will not be released unless they pay the demanded ransom. Industries where access to information is critical to providing services—such as health care–are particularly targeted by such attacks.

Health care providers will remember 2017 as the year of large ransomware attacks, starting with the WannaCry ransomware attack, which spread to over 150 countries and infected more than 400,000 machines in just two days.[iv] The United Kingdom’s National Health Service was hit hardest by this attack, causing it to cancel nearly 7,000 appointments – including operations – as a direct result of the attack.[v] Hospitals here in the U.S. were also affected by this attack, including medical devices such as Bayer’s MedRad device that assists in MRI scans.[vi] WannaCry was followed by another global ransomware attack in June 2017 known as NotPetya. Several hospital systems and other health care entities were impacted by this attack, including Merck, one the U.S.’s largest pharmaceutical manufacturers.[vii] Health care providers can expect to see more of the same in 2018, as neither their vulnerabilities nor their mitigation efforts have drastically changed.

Targeting of Connected Medical Devices
The potential vulnerabilities in medical devices have long been on the radar. Successful hacks dating back to 2011 have affected a variety of medical devices, ranging from insulin pumps to pacemakers.[viii] Medical devices connected to a broader computer network have been used as easy access points for attackers to gain unauthorized entry to the network. In 2013, the Department for Homeland Security (DHS) issued a warning that 300 medical devices tested for cybersecurity vulnerabilities all failed to meet minimum standards.[ix] This warning spurred the Food and Drug Administration (FDA) to issue recalls due to cybersecurity vulnerabilities and, in 2016, to issue cybersecurity guidance for medical devices.[x] This year, Congress took notice, and the Medical Device Cybersecurity Act of 2017 was introduced.[xi] Although the bill failed to pass, by all indications regulatory and legislative actions seeking to address this concern will continue in 2018.

In the meantime, medical devices remain extremely vulnerable. Unlike other devices that receive multiple and frequently automatic updates that may protect against certain security holes, medical device manufacturers remain slow to update their products, and the process for implementing updates may be less user friendly. Further, the fact that hospitals and similar health care entities “typically have 300-400% more medical equipment than IT devices”[xii] provides more possible targets for hackers seeking access to a provider’s networks.

Falsification of Electronic Medical Records
As an increasing number of providers deploy certain protections (backups, frequent updates, etc.) against ransomware and refuse to pay the demanded ransoms, cybercriminals undoubtedly will turn to other methods that could increase the potential harm to providers and lead to higher ransom payments. One change we may see in 2018 is the possibility that hackers, instead of making data within a medical record unavailable or encrypted, will simply change the stored data so that it is inaccurate.[xiii] If providers have no way of knowing what information in the medical record is accurate, substantial liability may arise from issuing a contraindicated prescription, amputating the incorrect leg, or being falsely alerted that a patient has flatlined. The possibility that these attacks could even more directly threaten life or safety of patients presents an opportunity for attackers to exploit and profit from ransom demands at a greater degree.

These three potential areas of cybersecurity concern, along with many others (such as mobile device and vendor security), will continue to trouble providers in 2018. As we head into the new year, health care entities should take steps to protect their information systems, the medical information they create, and the patients they serve.

The post Top #Three #Health Care #Cybersecurity #Threats for 2018 appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity #101 for #Manufacturers: Why Should You #Care?

Source: National Cyber Security – Produced By Gregory Evans

Anyone living through today’s news cycle who does not recognize cybersecurity as an issue is simply not paying attention. But, until recently, most manufacturing companies have considered it someone else’s issue. Most reported cyber incidents have been aimed at acquiring large caches of consumer data (think breaches at Target affecting 70 million consumers, and Verizon affecting 40 million consumers.) Hackers were historically intent on identity theft, and the acquisition of consumers’ personally identifiable information (PII) is a first step toward that goal. Most manufacturers do not deal directly with consumers or collect their data, so many put cybersecurity on the back burner. However, a recent study found that the manufacturing sector is now the second most frequently hacked industry, after healthcare. (2016 Cyber Security Intelligence Index, IBM X-Force Research.)

Recent cyber breaches have gone far beyond collecting consumer PII. Cyber criminals (and some foreign countries) are after trade secret technology and IP — yours, your vendors’, and your customers’.  Losses from these breaches can include direct payments in the form of “ransom” for shutting down your computerized systems and holding your data hostage (ransomware); business email compromises (BECs), where inside information about upcoming transactions or wire transfers are mistakenly directed to a cybercriminal by your own employees under the misapprehension they are acting on the instructions of a senior executive (phishing); or loss of employee PII or a whole host of other information you may not realize is accessible to a sophisticated cybercriminal.

All Modern Manufacturing Systems are Susceptible to Exploitation. Think about your company’s reliance on computerized industrial control systems (ICS) and supervisory control and data acquisition (SCDA) systems, employees’ use of multiple data storage devices (servers, laptops, smartphones, social media), your vendors’ and customers’ everyday access to your systems to streamline communications or production, cloud computing, vindictive or disgruntled employees with access to sensitive information, or innocent employees opening an email link or attachment without verifying the source. Any and all of these may provide points of entry for a determined hacker or data phisher. Target’s massive data breach in late 2015, for instance, was engineered through access unwittingly provided by a company HVAC vendor that did not have a secure system, despite Target’s own otherwise sophisticated and thorough security and breach prevention program.

Ransomware/BEC attacks have not distinguished manufacturing companies from other targets. A hacker may gain access to a company’s computerized systems by means of an insider/employee opening an official-seeming link or attachment in an innocent-seeming email, and implant a virus into the system that holds critical data hostage or shuts down critical functions. Even payment of the demanded “ransom” to unfreeze the system may not guarantee a return of data or normal functionality.

Data and System Breaches are Expensive. Costs can include business disruption, product discounts, forensic and investigative activities, loss of customers, litigation and regulatory, and reporting costs. According to the 2017 Cost of Data Breach Study recently released by the Ponemon Institute, the total organizational cost per data breach incident for the U.S. was $7.35 million last year, the highest of the 13 countries studied. The study did not address loss of competitive advantage when trade secret technology and IP are stolen, which could be substantially more costly; the U.S. Federal Bureau of Investigation (FBI) estimated that $400 billion of intellectual property leaves the U.S. every year as a result of cyberattacks targeted at manufacturing companies.

BECs increased 2,370% between January 1, 2015 and December 31, 2016, with victims reporting losses of $346 million. The FBI estimated in a May 2017 alert that such crimes have caused losses of $1.6 billion in the U.S. since 2013 and $5.3 billion globally. For instance, in 2015 paint manufacturer Sherwin-Williams reportedly sent $6.5 million to overseas bank accounts of Russian criminals due to BECs.

How Can You Fight Back? There are a number of protections available to manufacturing companies, many of which are relatively inexpensive.

  • Train your employees. People are the weakest link in cybersecurity, since hackers can access your systems through a single point of contact. If employees are alert to potential email threats, confine their work to your secure network, and limit postings on social media, many potential attacks can be blocked.
  • Use two-step authentication to mitigate threats from BECs. Companies that require confirmation of funds transfer requests by secure telephone or a secondary sign-off by company personnel can virtually eliminate unauthorized transfers.
  • Segment your network on a “need to access” basis. This practice limits accidental transfer of critical data and prevents a hacker from using one point of entry to move a virus or malware through your entire system.
  • Encrypt critical data and back up your systems regularly.
  • Audit your vendors’ and contractors’ cybersecurity systems. Contractual provisions can create cybersecurity duties for your business partners and give you the right to examine their systems for weaknesses that might otherwise compromise your network.
  • Use penetration testing or public domain audits regularly to ensure that your sensitive information is not accessible online.
  • Apply software patches and update your systems on a timely basis. Operators of ICS/SCADA tend not to update or apply software patches because these require system downtime or gaps in service, but most of the systems hacked in recent ransomware attacks were running out-of-date software, and the attacks could have been foiled if the victims had simply applied manufacturer-supplied patches regularly.
  • Check the NIST Guide to Industrial Control Systems (ICS) Security for additional cybersecurity guidance.
  • Have a response plan in place in case of a breach.
  • Look into cyber insurance to mitigate the cost of a cyber incident. The current insurance market is competitive and well-priced, so you should be able to negotiate for the appropriate protection.

 While it is impossible to create impenetrable systems, be aware that hackers tend to go after low lying fruit. The more protections you implement, the less likely you are to experience a debilitating cyber-attack.

The post Cybersecurity #101 for #Manufacturers: Why Should You #Care? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How the Affordable Care Act Impacted Cyber Security for HealthCare Providers

Source: National Cyber Security – Produced By Gregory Evans

The Affordable Care Act, also known as “Obamacare” came into play in March of 2010. The three primary goals of the Affordable Care Act were: Make affordable health insurance more readily available: the law actually provides consumers with premium tax credits that lower to costs of insurance within household where…

The post How the Affordable Care Act Impacted Cyber Security for HealthCare Providers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Police: Day Care Center Owner Sexually Assaults Two 5-Year-Old Children

To Purchase This Product/Services, Go To The Store Link Above Or Go To PHILADELPHIA (CBS) — The owner of a day care center in Philadelphia has been arrested and charged with raping at least two children left in his care. Police say 53-year-old Duncan Round of Medford Lakes, New…

The post Police: Day Care Center Owner Sexually Assaults Two 5-Year-Old Children appeared first on

View full post on

Community Care hacked

Source: National Cyber Security – Produced By Gregory Evans

Community Care of St. Catharines and Thorold is still reeling from a cyberattack that shut its computers down for more than a week. The local food bank’s CEO, Betty-Lou Souter, said Community Care’s systems are back up and running, but the ransomware attack has reinforced the need for cyber-vigilance. “It…

The post Community Care hacked appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Phone scammers target VA health care program

Source: National Cyber Security – Produced By Gregory Evans

Phone scammers target VA health care program

The Department of Veterans Affairs is warning military veterans about a phone scam targeting people who call the Veterans Choice Program hotline. The correct number for the program is (866) 606-8198. But if someone makes the simple mistake of dialing 1-800, the scammers go to work. A misleading recording tells the caller they are eligible for a retail rebate of …

The post Phone scammers target VA health care program appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Parents of day care kids may never know extent of abuse

Parents at a Bear day care where a teacher was caught on video inappropriately touching three students may never find out if their children also were victims.

Anthony Rodriguez, a teacher there, was arrested in 2015. Parents whose children were not identified as victims in videotapes that alerted authorities to Rodriguez never learned of the abuse until they read about the 21-year-old’s guilty plea and sentencing in The News Journal this week. That lag, they say, robbed them of the chance to determine if anything happened to their children.

“I just want to make sure I do what I need to do as a parent, but now they took that away from me,” said Nicole Rittenhouse, a mother who withdrew her 6-year-old son from Kidz Ink II’s after-school program this week.

Read More

The post Parents of day care kids may never know extent of abuse appeared first on Parent Security Online.

View full post on Parent Security Online

6 Reasons Why Parents Should Care About Kids and Online Privacy

View full post on Common Sense Blog – Parenting, media, and everything in between – No name

#pso #htcs #b4inc

Read More

The post 6 Reasons Why Parents Should Care About Kids and Online Privacy appeared first on Parent Security Online.

View full post on Parent Security Online

Senators work to improve Foster care

Children in Nebraska’s foster care system are some of the most vulnerable in the State. They can’t always live like other kids and that can lead to some risky behavior.

When kids feel different. They might reach out for some type of connection. Sometimes that puts children in the path of dangers like sex trafficking. Nebraska’s working to fix that in the big picture.

Kayla Bailey was a foster child.

“I fought every day in school. Just to be treated like everybody else,” she said.

Read More

The post Senators work to improve Foster care appeared first on Parent Security Online.

View full post on Parent Security Online

Identity theft on the rise – take greater care

Source: National Cyber Security – Produced By Gregory Evans

OUR love of online shopping and social media is making Australians unwitting pawns in the global fraud marketplace. That’s just one of the findings of recent research by credit analysts Veda in time for National Identity Fraud Awareness Week, which runs from 11-17 October. Veda’s study dished up some disturbing statistics. In particular, fraudulent credit applications involving identity theft have soared 59% in the past two years in Australia alone. If you’re not familiar with the term, identity theft involves pretending to be someone else in order to access their bank accounts, use their credit card details to make purchases or take out loans in the victim’s name. Crims can assume your identity in a variety of ways, from simple means like stealing mail or rummaging through garbage for bank statements. Or with more sophisticated measures such as skimming debit cards at ATMs or hacking computers and even mobile phones. According to Veda, one in four Australians – that’s almost four million of us (and it includes me), have been victims of identity theft. Yet people often only become aware their identity has been stolen when they check bank statements and discover unfamiliar or unauthorised transactions. Despite the financial fallout […]

For more information go to, http://www., or

The post Identity theft on the rise – take greater care appeared first on National Cyber Security.

View full post on National Cyber Security