Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Friday, August 30, 2019

It Looks Like The Threat To Health Information Is Rising By The Year. Be Careful Out There!

This appeared last week:

Warning: Cybercriminals pose threat to Australian, world’s healthcare systems  

Australian and the world’s healthcare systems face a range of security threats due to malicious activity as cybercriminals attempt to access sensitive information stored in the systems.
The warnings on the vulnerability of healthcare systems to criminal activity come from global security firm FireEye in a report just released.
According to FireEye the healthcare vertical in Australia, and worldwide, faces a range of threat actors and malicious activity as, in some cases, criminals seek to monetise personally identifiable information (PII) and protected health information (PHI).
On security incidents occurring in healthcare sectors FireEye reports that between Oct. 1, 2018 and March 31, 2019, its Threat Intelligence systems observed multiple healthcare-associated databases for sale on underground forums, many for under $2000.
“Actors buying and selling PII and PHI from healthcare institutions and providers in underground marketplaces is very common, and will almost certainly remain so due to this data’s utility in a wide variety of malicious activity ranging from identity theft and financial fraud to crafting of bespoke phishing lures,” FireEye’s report notes.

FireEye also says that, in some cases, nation states carry out intrusions to steal valuable research and mass records for intelligence gathering purposes - and disruptive threats like ransomware have the potential to “wreak havoc among hospital networks and impact the most critical biomedical devices and systems”.
To move beyond compliance with current regulations and address the ever-changing threat landscape, FireEye says organisations in the healthcare sector should utilise threat intelligence to understand these threats continue to evolve - and minimise risks appropriately.
Based on FireEye’s observances of threat activity across the healthcare vertical, the security firm says the threats facing healthcare organisations can be grouped into the following:
Theft of Data
  • Financially motivated threat activity represents a high-frequency, high-impact threat to healthcare organisations.
  • Cybercrime actors may conduct focused intrusions into specific targets that house or have access to valuable patient records and data, or carry out opportunistic targeting of poorly secured organisations and networks.
  • In comparison to cyber crime activity, cyber espionage campaigns pose a lower frequency but still noteworthy impact risk to healthcare organisations, particularly those in some subsets of the industry. Much of what FireEye has observed from such threat actors—particularly those with a nexus to China—appears to driven by an interest in acquiring medical research and collecting large data sets of information, potentially for the purposes of fostering intelligence operations.
  • In our 2018 M-Trends report, FireEye observed that healthcare was the third-highest industry to be retargeted following an incident.
Disruptive and Destructive Threats
  • Disruptive threats driven by extortionist cyber criminals and nation state actors continue to present a threat to continuity of operations for healthcare providers and others in this space.
  • Both targeted activity such as ransomware delivered post-compromise, and less frequent but widespread nation-state-originated threats like WannaCry can pose threats to poorly secured infrastructure.
  • Similar to operational technology networks within critical infrastructure, security organisations within healthcare providers face difficulties in maintaining visibility of threats targeting these systems.
FireEye stresses that, looking forward, the increasing number of biomedical devices used for critical functions within hospitals and healthcare providers presents a growing security challenge.
Much more is found here:
I found this a very interesting summary of the threat environment and it sure makes it clear there is a lot to keep people both alert and alarmed about. The repeat attack rate was interesting I thought…
More than that we have this where the Chinese threat is rather highlighted in the same report.

Chinese stealing health and medical research data: report

The global healthcare sector, including Australia, faces increasing cyber threats and malicious activity from Chinese groups, a new report warns, with medical research a key target.
FireEye, a global intelligence-led security company with a Sydney base, has released a report outlining three of the most commonly used threats against healthcare organisations: data theft, cyber espionage and disruptive and destructive threats.
One key finding of the report is that Chinese groups feature prominently in these attacks.
 “Since 2015, we have observed China-based threat actors conducting intrusions into healthcare organisations to steal patient personal information, likely to identify, track, and potentially exploit targeted individuals of interest to the Chinese government,” Charles Carmakal, vice president and CTO strategic services at FireEye, said.

“We have also observed the theft of cancer and anti-ageing medical research by Chinese nationals that are employees, contractors, or visiting researchers of targeted medical research institutions.
“We expect the Chinese government will continue to steal medical research data from organisations across the globe to improve the healthcare of Chinese citizens.”
Mr Carmakal said healthcare organisations in Australia faced a variety of threats from state-sponsored and organised criminal threat actors.
He added that disruptive attacks, most notably ransomware operations, would increasingly become a bigger problem for Australian organisations. Mr Carmakal said that ransomware operators often conducted multiple intrusions a week and were often paid six-figure ransoms per victim.
“Over the past year, we’ve observed a financially-motivated threat actor advertising stolen data from Australian healthcare organisations,” he said.
“The actor advertised 128,000 records that included personal information and payment card data for $US1500 and 11,700 records of employee information for $US500.
“We expect to see an uptick in disruptive ransomware incidents in Australia, as financially motivated threat actors opportunistically target organisations across the globe.”
Mr Carmakal added that while China-based threat actors would continue to steal data from Australian healthcare organisations, the intrusions would likely be targeted and specific as opposed to the broad theft of data observed in prior years.
“In general, China-based threat actors are focused on espionage as opposed to destructive attacks,” he said.
More here:
There is lots more information here:
All is well worth a browse.
David.

No comments: