Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Healthcare Cyberattacks. Show all posts

Proposed US Bill Mandates MFA and Cybersecurity Standards for Healthcare

 

A bipartisan group of US senators has introduced new legislation aimed at strengthening cybersecurity in American hospitals and healthcare organizations. The Health Care Cybersecurity and Resiliency Act of 2024 seeks to mandate the adoption of multi-factor authentication (MFA) and establish minimum cybersecurity standards to protect sensitive health information and ensure system resilience against cyberattacks. 

The proposed law, unveiled by Senators Bill Cassidy (R-Louisiana), Mark Warner (D-Virginia), John Cornyn (R-Texas), and Maggie Hassan (D-New Hampshire), aims to improve coordination between the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA). Under this legislation, HHS would have a year to develop a comprehensive cybersecurity incident response plan and update the breach reporting portal with additional transparency requirements. 

Currently, healthcare entities classified as “covered entities” under HIPAA are obligated to report breaches to HHS. The new legislation expands these requirements, compelling organizations to disclose the number of individuals affected by a breach, corrective actions taken, and recognized security practices considered during investigations. The HHS secretary would have discretion to add further information to the portal as needed. In addition to enforcing MFA and encrypting protected health information, the bill outlines broader cybersecurity mandates. Covered entities and their business associates would need to adopt minimum standards defined by HHS, conduct regular audits, and perform penetration testing to validate their security measures. 

Senator Cassidy, a medical doctor and ranking member of the Senate Health, Education, Labor, and Pensions (HELP) Committee, underscored the urgency of this legislation. “Cyberattacks on our healthcare sector not only put patients’ sensitive health data at risk but can delay life-saving care,” Cassidy emphasized. The devastating impact of cyberattacks on healthcare was exemplified earlier this year when a ransomware gang targeted Change Healthcare, compromising sensitive health data from approximately 100 million individuals. 

The attack disrupted healthcare services nationwide and cost the UnitedHealth-owned company over $2 billion in remediation efforts, taking nine months to restore its operations. This high-profile incident spurred additional legislative action. Senators Warner and Ron Wyden (D-Oregon) proposed another bill earlier this year to establish mandatory minimum cybersecurity standards for healthcare providers and related organizations. 

 If enacted, the Health Care Cybersecurity and Resiliency Act would mark a significant step in fortifying the healthcare sector’s defenses against cyber threats, ensuring the security of patient data and the continuity of critical healthcare services.

Preparing Healthcare for Ransomware Attacks: A 12-Step Approach by Dr. Eric Liederman


Dr. Eric Liederman, CEO of CyberSolutionsMD, emphasizes that healthcare organizations must be prepared for ransomware attacks with a structured approach, describing it as akin to a “12-step program.” He highlights that relying solely on protective measures is insufficient since all protections have the potential to fail. Instead, planning and creating a sense of urgency is key to successfully handling a cyberattack. 

According to Liederman, organizations should anticipate losing access to critical systems and have a strategic recovery plan in place. One of the most important components of such a plan is designating roles and responsibilities for the organization’s response. During an attack, the Chief Information Security Officer (CISO) essentially takes on the role of CEO, dictating the course of action for the entire organization. Liederman says the CISO must tell people which systems are still usable and what must be shut down. 

The CEO, in this situation, plays a supporting role, asking what’s possible and what needs to be done to protect operations. A significant misconception Liederman has observed is the assumption that analog systems like phones and fax machines will continue functioning during a ransomware attack. Often, these systems rely on the same infrastructure as other compromised technology. For example, phone systems that seem analog still resolve to an IP address, which means they could be rendered useless along with other internet-based systems. 

Even fax machines, commonly thought of as a fail-safe, may only function as copiers in these scenarios. Liederman strongly advises healthcare institutions to conduct thorough drills that simulate these kinds of disruptions, enabling clinical and IT staff to practice workarounds for potentially critical outages. This level of preparation ensures that teams can still deliver care and operate essential systems even when technological resources are down for days or weeks. 

In terms of system recovery, Liederman encourages organizations to plan for bringing devices back online securely. While the need to restore services quickly is essential to maintaining operations, the process must be carefully managed to avoid reinfection by the ransomware or other vulnerabilities. Given his extensive experience, which includes almost two decades at Kaiser Permanente, Liederman advocates for resilient healthcare IT infrastructures that focus on readiness. This proactive approach allows healthcare organizations to mitigate the potential impacts of cyberattacks, ensuring that patient care can continue even in worst-case scenarios.

US Drug Distributor Cencora Reveals Major Cyberattack, Sensitive Medical Data Breached

 

A recent cyberattack on healthcare services has been disclosed by US drug distributor Cencora, revealing a significant breach compromising highly sensitive medical data.

According to Reuters, the company notified affected individuals, stating that personal and highly sensitive medical information was stolen during the cyberattack earlier this year. The incident dates back to February when Cencora initially reported a cybersecurity incident, raising concerns about data theft from its information systems.

While the company assured there is no evidence of the compromised information being publicly disclosed or misused for fraudulent purposes, it has taken proactive measures to address the situation. Cencora is working diligently to ensure affected individuals have access to resources to safeguard their information. This includes notifying those involved in the breach and providing support to protect their data.

In addition to Cencora, other healthcare entities have also been targeted by cyberattacks this month. Ascension Health, a nonprofit health system based in St. Louis, recently disclosed a cyberattack that disrupted its clinical operations. The organization quickly engaged cybersecurity experts to investigate the incident and mitigate its impact on patient care delivery.

Similarly, MedStar Health, a health network provider, confirmed a major data breach involving unauthorized access to patient data. Reports indicate that the MedStar Health breach potentially exposed information from 183,709 patients, including names, insurance details, and addresses. Despite a forensic examination finding no misuse, patients were advised to monitor their statements for any irregularities.

Last week, Prudential Financial also suffered a cyberattack, discovering that hackers compromised its systems one day earlier. The investigation into the data theft incident is currently ongoing. Additionally, the Los Angeles County Department of Mental Health reported a data breach, exposing sensitive patient information due to an employee falling victim to a phishing email. The compromised data includes names, dates of birth, addresses, phone numbers, Social Security numbers, and medical record numbers. To address the breach, the department enlisted a forensic firm to conduct a thorough assessment. Efforts are underway to notify affected individuals, with a focus on reaching all impacted clients despite challenges posed by incomplete addresses.

During a Senate hearing, UnitedHealth's CEO Andrew Witty confirmed the payment of a $22 million ransom to the hacker group BlackCat. The ransom was paid following a hacking incident in February targeting the subsidiary Change Healthcare. CBS News reports that providers face daily losses estimated at $100 million due to ongoing disruptions, according to First Health Advisory, a digital health risk assurance firm.

Combatting Counterfeit Drugs Online: BrandShield's Success in Dismantling Illicit Websites

 

In the rapidly evolving landscape of online pharmaceuticals, the proliferation of counterfeit drugs poses a significant threat to consumer safety. Cybersecurity firm BrandShield has emerged as a stalwart defender in this battle, successfully dismantling over 250 websites selling counterfeit weight-loss and diabetes medications. Led by CEO Yoav Keren, BrandShield's efforts represent a concerted endeavor to combat the scourge of counterfeit pharmaceuticals and protect consumers from the dangers of fraudulent medications. 

The counterfeit drugs targeted by BrandShield predominantly belong to the GLP-1 class, including popular medications like Novo Nordisk's Ozempic and Wegovy, as well as Eli Lilly's Mounjaro and Zepbound. Originally developed to manage type 2 diabetes, these medications have garnered attention for their additional benefits in weight loss, with patients experiencing significant reductions in body weight. Unfortunately, the efficacy and popularity of these drugs have also made them lucrative targets for counterfeiters seeking to exploit the growing demand. 

According to Reuters, the majority of the illicit websites shut down by BrandShield were purveyors of counterfeit GLP-1 drugs, indicating the scale of the problem. Alarmingly, studies suggest that an estimated 95% of all online pharmacies operate unlawfully, highlighting the pervasive nature of the issue. 

Moreover, reported cases of harm linked to fake GLP-1 drugs have emerged in at least nine countries, underscoring the urgent need for action. BrandShield's recent crackdown on counterfeit drug websites represents a significant victory in the ongoing battle against online pharmaceutical fraud. The company's efforts have resulted in the closure of 90% of the identified pharmacy websites selling counterfeit GLP-1 medications. This operation accounts for just over 15% of the total counterfeit drug websites reported by BrandShield last year, emphasizing the scale of the challenge. 

Collaborating closely with the Pharmaceutical Security Institute (PSI), BrandShield employs rigorous evidence collection and intelligence gathering to identify and target illicit websites. By providing actionable intelligence to service providers hosting these websites, BrandShield facilitates their removal from the internet, effectively disrupting the operations of counterfeiters. Furthermore, the company coordinates with law enforcement agencies to investigate and prosecute criminal networks involved in the production and distribution of counterfeit drugs. 

In addition to targeting counterfeit drug websites, BrandShield's efforts extend to social media platforms, where it has removed nearly 4,000 fake drug listings. Notably, a significant portion of these listings—almost 60%—was found on Facebook, highlighting the need for vigilance across all online platforms. BrandShield's global reach ensures that illegal drug listings are eradicated from marketplaces in countries around the world, including India, Indonesia, China, and Brazil. 

Contrary to concerns raised earlier, the EMA found no evidence linking these medications to an increased risk of suicidal thoughts or self-injury. This reaffirmation of safety aligns with previous findings by the US Food and Drug Administration (FDA), providing reassurance to patients and healthcare providers alike. 

Overall, BrandShield's relentless efforts to combat counterfeit drugs online serve as a beacon of hope in the fight against pharmaceutical fraud. By dismantling illicit websites, removing fake drug listings, and collaborating with industry partners and law enforcement agencies, BrandShield is making significant strides towards safeguarding consumers and upholding the integrity of the pharmaceutical industry.

Prescription Insecurity: The Russian Connection to Healthcare Cyber Attacks

 


Pharmacies and hospitals nationwide are experiencing disruptions as a result of ransomware attacks, which leaves patients with difficulties filling prescriptions or obtaining medical care. UnitedHealth Group, a healthcare provider in the United States, announced on Thursday that it had been hacked by a ransomware gang known as Black Cat, otherwise known as AlphV. 

There was a breach of security at Optum last week, causing its digital healthcare payment platform, known as Change Healthcare, to be taken offline as a result of a "cybersecurity issue." Optum, which provides healthcare benefits across the United States, announced last week that it was impacted by a "cybersecurity issue." 

There are a variety of legal issues that have resulted in hospitals, pharmacies and other healthcare providers being unable to access the popular payment platform or purposefully disabling connections to its network so as not to allow hackers to gain access to the sensitive data. In a statement on Monday, UnitedHealth estimates that more than 90% of the 70,000 pharmacies in the U.S. have had to change how they processed electronic claims in response to the outage, as more than 90% of them are going to change how they process claims in the future. 

A UnitedHealth executive on a conference call with cybersecurity officers was quoted as saying that, according to a UnitedHealth executive who spoke on a conference call with cybersecurity officers, the outage could last "weeks," despite UnitedHealth reiterating that there are workarounds to ensure customers get access to medications. 

According to a recording obtained by STAT News, the outage could last up to a week. In a report released by UnitedHealth, it was determined that BlackCat, or AlphV, is responsible for the breach, a conclusion which was supported by the group itself claiming credit on its dark web leak site, as well as the hiring of multiple outside firms, including top cybersecurity companies Mandiant and Palo Alto Networks. 

After a few days, the post had been removed from the website. It is, however, interesting that the ransomware gang may also be responsible for the attack. A few months ago, the FBI broke into the group's internal servers to steal information regarding decryption tools for its victims as well as to seize control of several of its websites. 

In celebration of the disruption, which involved multiple foreign governments, the U.S. government celebrated its success. According to Deputy Attorney General Lisa Monaco, the Justice Department has disrupted the Black Cat ransomware group for the second time by hacking the hackers. As a result of Black Cat's apparent ability to regroup and breach one of the nation's largest healthcare organizations, it is evident that reducing these groups for long periods is quite difficult. 

When a cybercriminal suffers a setback, the criminals will frequently reassemble, especially if their operators reside in countries where their law enforcement agencies are lax about prosecuting their crimes as a result of their laziness.