CySecurity News - Latest Information Security and Hacking Incidents: Healthcare

CyberCrime Cyberhackers Cybersecurity CyberThreat Healthcare Privacy Synthetic Data

Reimagining Healthcare with Synthetic Data

It has been espoused in the generative AI phenomenon that the technology's key uses would include providing personalized shopping experiences for customers and creating content. Nonetheless, generative AI can also be seen to be having a very real impact on fields such as healthcare, for example. There is a tectonic shift in healthcare and life sciences, as technology is being implemented and data-driven systems are being integrated.

A must-follow trend in this revolution is the burgeoning use of synthetic data, a breakthrough advancement poised to reshape how medical research is conducted, AI is developed, and patient privacy will be protected in the coming years. Data available in synthetic format is comparable to data available in real-world format (such as real fibers such as hemp). In the course of human evolution, humans have created synthetic products to achieve our goals and to develop new products that improve our lives in many different ways.

It's widely known that synthetic fiber is used in clothing, rope, industrial equipment, automobiles, and many other places. It is because of the ability to create synthetic fiber that a wide range of products can be created that are needed in modern life. Healthcare is another area where synthetic data can have an impact similar to that of traditional data. Synthetic data is created based on real-world data using a data synthesizer.

These synthesizers may leverage different methods to create synthetic data that have the same statistical and correlative properties as the original data; however, they are completely independent from the real-world data (1, 2). Notably, synthetic data do not contain any personal identifying information which ensures personal privacy and full compliance with privacy regulations such as the EU’s General Data Protection Regulation (GDPR).

The use of high-fidelity synthetic data for data augmentation is an area of growing interest in data science, generating virtual patient cohorts, such as digital twins, to estimate counterfactuals in silico trials, allowing for better prediction of treatment outcomes and personalised medicine. Synthetic data allows clinicians to use prompts to generate a conversation between a patient with depression and a therapist where they are discussing the onset of symptoms.

Healthcare providers can also use partially synthetic data, which takes a real-life transcript and has AI adjust it to remove personally identifiable information or private health information, while still telling a cohesive story. This data can then be used to train AI models to develop transcripts, training materials and so on. Regardless of whether the data is fully or partially synthetic, the data can (and often is) adjusted as needed with additional prompts until it reaches the desired result. Healthcare is subjected to a variety of privacy rules through HIPAA.

Eliminating these privacy concerns is a primary reason Read feels synthetic data is valuable in training models. With synthetic data, healthcare providers don’t need to use real people’s data to train models. Instead, they can generate a conversation that is representative of a specific therapeutic intervention without involving anyone’s protected health information. As Read explains, “Synthetic data also makes it easy to calibrate what we’re looking for — like to generate different examples of how a healthcare provider could say something explicitly or implicitly. This makes it easier to provide different examples and tighten up the information we provide to AI models to learn from, ensuring that we can teach it the right data for providing training or feedback to real-world clinicians.”

Synthetic data also democratizes the ability of different healthcare organizations to train and fine-tune their own machine learning models. Whereas previously, an organization might need to provide hundreds (or even thousands) of hours of transcribed sessions between patients and clinicians as well as other data points, synthetic data erases this barrier to entry. Synthetic data allows for models to learn and build out responses at a much faster rate — which also makes it easier for new players in healthcare to enter the field.

As Read’s insights reveal, the use of AI and synthetic data isn’t going to replace clinicians’ value or decision-making authority. But with the help of synthetic data, AI can help push clinicians in the right direction to ensure that there is greater standardization and adherence to best practices. As more providers begin to utilize synthetic data to ensure they are following best practices in all patient interactions and to get feedback on their sessions, they can elevate the quality of care for all. A similar impact could also be felt in the healthcare sector by the use of synthetic data similar to how traditional data would.

With the help of a data synthesizer, it is possible to create synthetic data based on real-world data. It has been shown that these synthesizers can leverage different methods to produce synthetic data which are capable of being compared to the original data, even if those properties cannot be extracted from the original data, but they are completely independent of real-world data (1, 2). A distinctive feature of synthetic data is the absence of any personal identifying information, which ensures that the data is completely private to the individual and complies with all needed privacy regulations, such as the General Data Protection Regulation (GDPR) of the European Union.

As a result of increasing interest in data science, the use of high-fidelity synthetic data for data augmentation is becoming increasingly popular. To better predict treatment outcomes and tailor medical treatments for individual patients, digital twins, and virtual cohorts are used to estimate counterfactuals in silico trials, allowing better predictions of treatment outcomes. As a result of synthetic data, clinicians can generate a conversation between patients with depression and therapists to demonstrate how their symptoms began, and these prompts can be used to guide the conversation.

Providers of healthcare can also use partially synthetic data, which is a combination of a real-life transcript and AI processing that removes any personally identifiable information or private health information, while still telling a coherent story. By using this data, it can then be developed into the types of transcripts, materials for training, etc, that are needed for creating transcripts. Whether the data being used is synthetic data or not, it can (and often is) manipulated or adjusted, as necessary, with additional prompts, until it reaches the result that is desired regardless of whether the data is synthetic or not.

HIPAA is a sort of Federal law that imposes a variety of privacy rules on the healthcare industry. The fact that Synthetic Data is useful in training models is because it can eliminate these privacy concerns, according to Read. To train models based upon synthetic data, healthcare providers do not need to rely on real person-to-person information. This would allow them to generate a conversation in which they would represent a specific therapeutic intervention, without involving any protected health information of anybody involved in such a conversation.

Moreover, Read explains, "Synthetic data also allows us to calibrate our search in a much easier way - like for example, generating examples of how a healthcare provider would be able to send an implicit or explicit message to an individual." Moreover, synthetic data democratizes the possibility of various healthcare organizations to train and refine their own artificial intelligence models by enabling them to use synthetic data.

An organization might have previously been required to provide hundreds (or even thousands) of hours of transcribed sessions between patients and clinicians, along with other information points about these sessions, in order to offer this service, but with synthetic data, businesses are no longer required to do so. Using synthetic data, it is possible for models to learn and develop responses at much faster rates as well, making it easier for new players in healthcare to enter the field to learn and build on existing responses.

In light of Read's insights, it's important to emphasize that AI and synthetic data are not going to replace clinicians' capabilities or their decision-making authority as Read identifies. By using synthetic data, however, AI has the potential to help clinicians in the right direction to ensure that better standards of care are observed and that best practices are followed. As healthcare providers increasingly adopt synthetic data, they gain a valuable tool for adhering to best practices in patient interactions and enhancing the overall quality of care.

By leveraging synthetic data, practitioners can simulate various clinical scenarios, ensuring their approaches align with industry standards and ethical guidelines. This technology also enables providers to receive constructive feedback on their patient sessions, helping to identify areas for improvement and fostering continuous professional development. The integration of synthetic data into healthcare workflows not only supports more consistent and informed decision-making but also elevates the standard of care delivered to patients across diverse settings. By embracing synthetic data, providers can drive innovation, improve outcomes, and contribute to a more efficient and patient-centered healthcare ecosystem.

New Trinity Ransomware Strain Targets U.S. Healthcare, Federal Officials Warn



 

Victim

Cyber Security Cybersecurity Data Breach Encryption Extortion Healthcare HHS Ransomware Ransomware attack Trinity Victim

New Trinity Ransomware Strain Targets U.S. Healthcare, Federal Officials Warn

A new ransomware strain, known as Trinity, has reportedly compromised at least one healthcare organization in the U.S., according to a recent report from federal authorities.

The U.S. Department of Health and Human Services (HHS) issued a warning on Friday, alerting hospitals about the serious threat posed by the ransomware group. They highlighted that Trinity’s methods make it a "notable risk" to both the U.S. healthcare and public health sectors.

HHS's Health Sector Cybersecurity Coordination Center confirmed that one U.S. healthcare entity has recently fallen victim to the Trinity ransomware, which was first detected around May 2024.

To date, seven victims of Trinity ransomware have been identified, including two healthcare providers—one in the U.K. and another in the U.S. The latter, a gastroenterology services provider, lost 330 GB of data. While the facility remains unnamed, it has been listed on Trinity’s data leak site and is currently facing technical disruptions, including limited phone access.

Additionally, researchers have found another case involving a dental group based in New Jersey.

HHS noted similarities between Trinity and two other ransomware groups—2023Lock and Venus—hinting at potential collaboration between these cybercriminals.

Trinity ransomware mirrors other known operations by exploiting common vulnerabilities to extract data and extort victims.

After installation, the ransomware gathers system information, such as available processors and drives, to escalate its attack. Operators then scan for weaknesses to spread the ransomware within the network.

The files encrypted by the attack are marked with the “trinitylock” extension, and victims receive a ransom note demanding payment within 24 hours, with threats of data exposure if they fail to comply.

At present, there is no available decryption tool for Trinity, leaving victims with few options, according to the HHS advisory.

The attackers operate two websites: one to assist those who pay the ransom with decryption, and another that displays stolen data to extort victims further.

Federal officials have discovered code similarities between the Trinity and Venus ransomware strains, noting identical encryption methods and naming schemes, which suggest a close link between them. Trinity also shares features with 2023Lock, including identical ransom notes and code, implying it could be an updated variant.

Cybersecurity researchers have also pointed out that Trinity may be a rebranded version of both Venus and 2023Lock. According to Allan Liska of Recorded Future, Trinity is "not a highly advanced strain of ransomware," and the attackers do not appear particularly sophisticated.

HHS emphasized that the potential collaboration between these threat actors could enhance the complexity and impact of future ransomware attacks.

Previous HHS warnings have covered other ransomware groups such as Royal, Cuba, Venus, Lorenz, and Hive.

Despite heightened law enforcement efforts, ransomware attacks persist, with operations continuing to generate significant revenue—approximately $450 million in the first half of 2024 alone.

The healthcare sector has been particularly affected by these attacks, causing severe disruptions. Just last week, a Texas hospital, the only level 1 trauma center in a 400-mile radius, had to reduce services and turn away ambulances due to a ransomware incident.

As of Friday, the hospital reported restored phone services, with only a limited number of ambulances being redirected to other facilities.

Complexity: Research Offers Solution for Healthcare Security Amid Rising Cyberattacks



 

Technology

Data Privacy data security Healthcare Hospitals IT Technology

Complexity: Research Offers Solution for Healthcare Security Amid Rising Cyberattacks

In May, Ascension, a healthcare provider with a network of 140 hospitals across the U.S., suffered a major cyber-attack that disrupted its clinical operations for almost a month. Experts traced the problem to a malicious ransomware that had exploited an employee's computer.

Healthcare: Juicy Target for Criminals

Threat actors see healthcare systems as lucrative targets for cybercrime because they hold crucial financial, health, and personal data. A 2023 survey research in health and IT professionals revealed that 88% of organizations had suffered around 40% of attacks in the past year.

Complexity: Flaw in IT System

One major flaw is the rise of complexity in IT systems, says Hüseyin Tanriverdi, associate professor of information, risk, and operations management at Texas McCombs. He believes it's due to years of mergers and acquisitions that have made large-scale multi-hospital systems.

After mergers, healthcare providers don’t standardize their tech and security operations, which results in causing major complexity in the health systems- different IT systems, different care processes, and different command structures.

But his new research shows complexity can also offer solutions to these issues. “A good kind of complexity,” Tanriverdi believes can support communication across different systems, governance structures, and care processes, and combat against cyber incidents.

Understanding the Complex vs. Complicated

The research team found two similar-sounding IT terms that link to the problem. In “complicatedness,” an abundance of elements interconnect in a system for sharing info in structured ways. Whereas “complexity” happens when many elements interconnect to share information in unstructured ways- integrating systems following a merger and acquisition.

Tanrivedi believes complicated structures are better because they are structured, despite being difficult, one can control them. Such is not the case with complex systems as they are unstructured networks. He believes healthcare systems got more vulnerable as they got more complex, 29% were more likely to get hit than average.

Solution for Better Healthcare Security

Complex systems offer hackers more data transfer points to attack, and a higher risk for human errors, making it a bigger problem.

The solution lies in following a centralized approach for handling the data. “With fewer access points and simplified and hardened cybersecurity controls, unauthorized parties are less likely to gain unauthorized access to patient data,” says Tanrivedi. “Technology reduces cybersecurity risks if it is organized and governed well.”

Why Non-Human Identities Are the New Cybersecurity Nightmare



 

Sensitive data

API Cyber Security Finance Healthcare NHIs Sensitive data

Why Non-Human Identities Are the New Cybersecurity Nightmare

In April, business intelligence company Sisense fell victim to a critical security breach that exposed all vulnerability in managing non-human identities (NHIs). The hackers accessed the company's GitLab repository that contained hardcoded SSH keys, API credentials, and access tokens. Indeed, this really opened the book on why NHIs are a must and how indispensable they have become in modern digital ecosystems.

Unlike human users, NHIs such as service accounts, cloud instances, APIs, and IoT manage data flow and automate processes. Therefore, in the majority of enterprise networks, with NHIs now far outscaling human users, their security is crucial to prevent cyberattacks and ensure business continuity.

The Threat of Non-Human Identities

With thousands or even millions of NHIs in use within an organisation, no wonder cybercrooks are turning their attention to these. Typically, digital identities are less comprehensively understood and protected, so that easily becomes an easy target for them. In fact, data breaches involving NHIs have already become more widespread, especially as companies increase their usage of cloud infrastructures and automation.

Healthcare and finance are basically soft targets because these industries have strict regulations on compliance. Getting found in violation of standards such as the Health Insurance Portability and Accountability Act (HIPAA) or the Payment Card Industry Data Security Standard (PCI DSS) could come in the form of a fine, reputational damage, and a loss of customer trust.

Why Secure NHIs?

With the complexity of digital ecosystems constantly growing, the security of NHIs becomes all the more important. Companies are drifting toward a "zero-trust" security model, where no user--neither human nor non-human-is trusted by default. Every access request needs to be verified. And especially, this concept has been very effective in decentralised networks that come with large numbers of NHIs.

Locking down NHIs lets the organisations control sensitive data, reduce unauthorised access, and comply with regulation. In the case of Sisense, when management of NHIs is poor, they very soon become a gateway for the cybercriminals.

Best Practices in Managing NHI

To ensure the security of non-human identity, these best practices have to be adopted by an organisation:

1. Continuous Discovery and Inventory

Automated processes should be in place so that there is always a live inventory of all the NHI across the network. This inventory captures proper details of the owner, permissions, usage patterns, and related risks associated with that NHI. Control and monitoring over these digital identities is enhanced through this live catalog.

2. Risk-Based Approach

Not all NHIs are the same, however. Some have access to highly sensitive information, while others simply get to perform routine tasks. Companies should have a risk-scoring system that analyses what the NHI has access to, what it accesses in terms of sensitivity, and the effect if broken into.

3. Incident Response Action Plan

A percentage of security will then be allocated based on those with the highest scores. Organisations should have a structured incident response plan aligned with NHIs. They should also have pre-defined playbooks on the breach related to non-human identities. These playbooks should outline the phases involved in the incident containment, mitigation, and resolution process, as well as the communication protocols with all stakeholders.

4. NHI Education Program

A good education program limits security risks associated with NHI. Developers should be trained on coding secure practices, including the dangers of hardcoded credentials, and operations teams on proper rotation and monitoring NHIs. Regular training ensures that all employees are aware of best practices.

5. Automated Lifecycle Management

The NHIs will also get instantiated, updated, and retired automatically. Thus, security policies will be enforced for all the identity lifecycle stages. This will eradicate human errors in the form of unused or misconfigured NHIs with possible exploits by attackers.

6. Non-Human Identity Detection and Response (NHIDR)

The NHIDR tools set baseline behaviour patterns for NHIs and detect the anomaly that could indicate a breach. Organisations can monitor the activities of NHIs with these tools and respond quickly to suspicious behaviour, thereby preventing more breaches.

7. Change Approval Workflow

In most cases, change approval workflow should be embedded before changes to NHIs like the change of permissions or transfers between systems are affected. The security and IT teams must assess and approve the process so that there are no unnecessary risks developed.

8. Exposure Monitoring and Rapid Response

Organisations must expose NHIs, which means they must identify and resolve the vulnerabilities quickly. Automated monitoring solutions can find exposed credentials or compromised APIs, set off alerts, and initiate incident response procedures before a potentially malicious actor could act.

The Business Case for NHI Management

Investments in the proper management of NHI can produce large, long-term benefits. Companies can prevent data breaches that cost on average $4.45 million per incident and keep money at the bottom line. Simplified NHI process also helps save precious IT resources, thereby redirecting security teams' efforts toward strategic initiatives.

For industries that require high levels of compliance, such as health and finance, much of the NHI management investment often pays for itself through better regulatory compliance. Organisations can innovate more safely, knowing their digital identities are safe, through a good NHI management system.

As businesses start relying more and more on automation and the cloud, it will be based on the solid and well-rounded management of NHI. A good approach toward NHI management would largely prevent security breaches and ensure industry compliance. Such a posture will not only save the data but help the organisation position itself as a long-term winner in the fast-changing digital world.

Preparing Healthcare for Ransomware Attacks: A 12-Step Approach by Dr. Eric Liederman



 

Ransomwares

CISO Cyber Security cybersecurity solutions Healthcare Healthcare Cyberattacks IT Infrastructure Ransomware attack Ransomwares

Preparing Healthcare for Ransomware Attacks: A 12-Step Approach by Dr. Eric Liederman

Dr. Eric Liederman, CEO of CyberSolutionsMD, emphasizes that healthcare organizations must be prepared for ransomware attacks with a structured approach, describing it as akin to a “12-step program.” He highlights that relying solely on protective measures is insufficient since all protections have the potential to fail. Instead, planning and creating a sense of urgency is key to successfully handling a cyberattack.

According to Liederman, organizations should anticipate losing access to critical systems and have a strategic recovery plan in place. One of the most important components of such a plan is designating roles and responsibilities for the organization’s response. During an attack, the Chief Information Security Officer (CISO) essentially takes on the role of CEO, dictating the course of action for the entire organization. Liederman says the CISO must tell people which systems are still usable and what must be shut down.

The CEO, in this situation, plays a supporting role, asking what’s possible and what needs to be done to protect operations. A significant misconception Liederman has observed is the assumption that analog systems like phones and fax machines will continue functioning during a ransomware attack. Often, these systems rely on the same infrastructure as other compromised technology. For example, phone systems that seem analog still resolve to an IP address, which means they could be rendered useless along with other internet-based systems.

Even fax machines, commonly thought of as a fail-safe, may only function as copiers in these scenarios. Liederman strongly advises healthcare institutions to conduct thorough drills that simulate these kinds of disruptions, enabling clinical and IT staff to practice workarounds for potentially critical outages. This level of preparation ensures that teams can still deliver care and operate essential systems even when technological resources are down for days or weeks.

In terms of system recovery, Liederman encourages organizations to plan for bringing devices back online securely. While the need to restore services quickly is essential to maintaining operations, the process must be carefully managed to avoid reinfection by the ransomware or other vulnerabilities. Given his extensive experience, which includes almost two decades at Kaiser Permanente, Liederman advocates for resilient healthcare IT infrastructures that focus on readiness. This proactive approach allows healthcare organizations to mitigate the potential impacts of cyberattacks, ensuring that patient care can continue even in worst-case scenarios.

Florida Healthcare Data Leak Exposes Thousands of Doctors and Hospitals



 

SSNs

Cybernews Data Breach Healthcare Healthcare Breach MFA Personal Data SSNs

Florida Healthcare Data Leak Exposes Thousands of Doctors and Hospitals

A data breach at Florida-based recruitment firm MNA Healthcare has left sensitive information of over 14,000 healthcare workers and 10,000 hospitals exposed. Discovered on June 20, 2024, by the Cybernews research team, the breach was caused by a misconfiguration that left a database backup publicly accessible online. The database contained sensitive data, including full names, addresses, phone numbers, work experience, encrypted Social Security Numbers (SSNs), and hashed passwords.

The encryption used for the SSNs was found to be vulnerable due to an exposed environment file containing the Laravel App Key, which is used for encrypting SSNs. While encrypted, researchers indicated that decrypting the SSNs is possible, putting affected healthcare workers at risk of identity theft and fraud. The exposed data is particularly concerning because healthcare professionals are often targeted by cybercriminals, as their high salaries make them attractive for financial fraud.

MNA Healthcare is a staffing firm that operates in nine U.S. states, matching healthcare professionals with various organizations. Among the leaked information were communications between medical staff and MNA representatives, job assignments, and license copies. This breach puts not only doctors and healthcare workers at risk of identity theft, but also opens up opportunities for credential stuffing and phishing attacks.

The exposed data also increases the possibility of criminals using stolen SSNs to engage in fraudulent activities such as filing false tax returns, opening credit accounts, and misusing the information to obtain loans or benefits. As the leaked database included names of hospitals and medical institutions, these entities could also face reputational damage and potential legal ramifications.

To prevent future breaches like the one at MNA Healthcare, companies must implement more robust cybersecurity measures. One essential step is ensuring that databases containing sensitive information, such as SSNs and other personal data, are encrypted using stronger, more up-to-date encryption methods. Regular security audits should be conducted to detect any misconfigurations or vulnerabilities in their systems before malicious actors can exploit them.

Another crucial step is implementing stricter access controls and monitoring systems. Limiting access to sensitive data to only necessary personnel and tracking any unusual access attempts or data transfers can help detect a breach early. Additionally, using multi-factor authentication (MFA) for employees accessing critical systems adds an extra layer of security, making it harder for unauthorized individuals to infiltrate the system. Finally, companies should also educate their employees about cybersecurity risks and how to recognize phishing scams to minimize the risk of human error leading to data breaches.

Following the discovery of the breach, MNA Healthcare secured the exposed configuration, but concerns remain about the company’s overall infrastructure security. Security expert Aras Nazarovas pointed out that the backup and encryption issues raise questions about how the company stores sensitive information.

The healthcare sector remains a popular target for cyberattacks, and this breach highlights the need for stronger cybersecurity practices in protecting personal information. Affected individuals are advised to monitor their financial accounts and consider identity theft protection to mitigate potential risks.

Australia’s Proposed Mandatory Guardrails for AI: A Step Towards Responsible Innovation



 

Technology

AI AI regulation Artificial Intelligence Finance Healthcare Technology

Australia’s Proposed Mandatory Guardrails for AI: A Step Towards Responsible Innovation

Australia has proposed a set of 10 mandatory guardrails aimed at ensuring the safe and responsible use of AI, particularly in high-risk settings. This initiative is a significant step towards balancing innovation with ethical considerations and public safety.

The Need for AI Regulation

AI technologies have the potential to revolutionise various sectors, from healthcare and finance to transportation and education. However, with great power comes great responsibility. The misuse or unintended consequences of AI can lead to significant ethical, legal, and social challenges. Issues such as bias in AI algorithms, data privacy concerns, and the potential for job displacement are just a few of the risks associated with unchecked AI development.

Australia’s proposed guardrails are designed to address these concerns by establishing a clear regulatory framework that promotes transparency, accountability, and ethical AI practices. These guardrails are not just about mitigating risks but also about fostering public trust and providing businesses with the regulatory certainty they need to innovate responsibly.

The Ten Mandatory Guardrails

Accountability Processes: Organizations must establish clear accountability mechanisms to ensure that AI systems are used responsibly. This includes defining roles and responsibilities for AI governance and oversight.

Risk Management: Implementing comprehensive risk management strategies is crucial. This involves identifying, assessing, and mitigating potential risks associated with AI applications.

Data Protection: Ensuring the privacy and security of data used in AI systems is paramount. Organizations must adopt robust data protection measures to prevent unauthorized access and misuse.

Human Oversight: AI systems should not operate in isolation. Human oversight is essential to monitor AI decisions and intervene when necessary to prevent harm.

Transparency: Transparency in AI operations is vital for building public trust. Organizations should provide clear and understandable information about how AI systems work and the decisions they make.

Bias Mitigation: Addressing and mitigating bias in AI algorithms is critical to ensure fairness and prevent discrimination. This involves regular audits and updates to AI models to eliminate biases.

Ethical Standards: Adhering to ethical standards in AI development and deployment is non-negotiable. Organizations must ensure that their AI practices align with societal values and ethical principles.

Public Engagement: Engaging with the public and stakeholders is essential for understanding societal concerns and expectations regarding AI. This helps in shaping AI policies that are inclusive and reflective of public interests.

Regulatory Compliance: Organizations must comply with existing laws and regulations related to AI. This includes adhering to industry-specific standards and guidelines.

Continuous Monitoring: AI systems should be continuously monitored and evaluated to ensure they operate as intended and do not pose unforeseen risks.

Cyberattacks Skyrocket in India, Are We Ready for the Digital Danger Ahead?



 

Software

AI Cloud Computing Cyber Attacks Digital threats Financial Sector Healthcare India RBI Software

Cyberattacks Skyrocket in India, Are We Ready for the Digital Danger Ahead?

India is experiencing a rise in cyberattacks, particularly targeting its key sectors such as finance, government, manufacturing, and healthcare. This increase has prompted the Reserve Bank of India (RBI) to urge banks and financial institutions to strengthen their cybersecurity measures.

As India continues to digitise its infrastructure, it has become more vulnerable to cyberattacks. Earlier this year, hackers stole and leaked 7.5 million records from boAt, a leading Indian company that makes wireless audio and wearable devices. This is just one example of how cybercriminals are targeting Indian businesses and institutions.

The RBI has expressed concern about the growing risks in the financial sector due to rapid digitization. In 2023 alone, India’s national cybersecurity team, CERT-In, handled about 16 million cyber incidents, a massive increase from just 53,000 incidents in 2017. Most banks and non-banking financial companies (NBFCs) now see cybersecurity as a major challenge as they move towards digital technology. The RBI’s report highlights that the speed at which information and rumours can spread digitally could threaten financial stability. Cybercriminals are increasingly focusing on financial institutions rather than individual customers.

The public sector, including government agencies, has also seen a dramatic rise in cyberattacks. Many organisations report that these attacks have increased by at least 50%. Earlier this year, a hacking group targeted government agencies and energy companies using a type of malware known as HackBrowserData. Additionally, countries like Pakistan and China have been intensifying their cyberattacks on Indian organisations, with operations like the recent Cosmic Leopard campaign.

According to a report by Cloudflare, 83% of organisations in India experienced at least one cybersecurity incident in the last year, placing India among the top countries in Asia facing such threats. Globally, India is the fifth most breached nation, bringing attention to the bigger picture which screams for stronger cybersecurity measures.

Indian companies are most worried about threats related to cloud computing, connected devices, and software vulnerabilities. The adoption of new technologies like artificial intelligence (AI) and cloud computing, combined with the shift to remote work, has accelerated digital transformation, but it also increases the need for stronger security measures.

Manu Dwivedi, a cybersecurity expert from PwC India, points out that AI-powered phishing and sophisticated social engineering techniques have made ransomware a top concern for organisations. As more companies use cloud services and open-source software, the risk of cyberattacks grows. Dwivedi also stresses the importance of protecting against insider threats, which requires a mix of strategy, culture, training, and governance.

AI is playing a growing role in both defending against and enabling cyberattacks. While AI has the potential to improve security, it also introduces new risks. Cybercriminals are beginning to use AI to create more advanced malware that can avoid detection. Dwivedi warns that as AI continues to evolve, it may become harder to track how these tools are being misused by attackers.

Partha Gopalakrishnan, founder of PG Advisors, emphasises the need for India to update its cybersecurity laws. The current law, the Information Technology Act of 2000, is outdated and does not fully address today’s digital threats. Gopalakrishnan also stressed upon the growing demand for AI skills in India, suggesting that businesses should focus on training in both AI and cybersecurity to close the skills gap. He warns that as AI becomes more accessible, it could empower a wider range of people to carry out sophisticated cyberattacks.

India’s digital growth presents great opportunities, but it also comes with strenuous challenges. It’s crucial for Indian businesses and government agencies to develop comprehensive cybersecurity strategies and stay vigilant.

Stop Using AI for Medical Diagnosis: Experts



 

Technology

AI Chatbot Healthcare Medical Technology

Stop Using AI for Medical Diagnosis: Experts

AI (artificial intelligence) has become an important tool in many spheres of life such as education, jobs, and the field of medical research as well. However, there have been concerns about AI providing medical advice to individual queries of patients accessing on their own. The issue has become a hot topic. Today, it is easier to sit at your desk, and with a few taps, access everything on your phone or your computer, one such case can be a medical diagnosis via an online search for your health. However, experts alert users to avoid such medical diagnoses via AI. Here is why.

Using AI for Medical Queries

AI tools like ChatGPT from Open AI or CoPilot from Microsoft work using language models trained on a huge spectrum of internet prompts. You can ask questions, and the chatbot responds based on learned patterns. The AI tech can generate numerous responses which can be helpful, but it is not accurate.

The incorporation of AI into healthcare raises substantial regulatory and ethical concerns. There are significant gaps in the regulation of AI applications, which raises questions regarding liability and accountability when AI systems deliver inaccurate or harmful advice.

No Personalized Care

One of the main drawbacks of AI in medicine is the need for more individualized care. AI systems use large databases to discover patterns, but healthcare is very individualized. AI lacks the ability to comprehend the finer nuances of a patient's history or condition, frequently required for accurate diagnosis and successful treatment planning.

Bias and Data Quality

The efficacy of AI is strongly contingent on the quality of the data used to train it. AI's results can be misleading if the data is skewed or inaccurate. For example, if an AI model is largely trained on data from a single ethnic group, its performance may suffer when applied to people from other backgrounds. This can result in misdiagnoses or improper medical recommendations.

Misuse

The ease of access to AI for medical advice may result in misuse or misinterpretation of the info it delivers. Quick, AI-generated responses may be interpreted out of context or applied inappropriately by persons without medical experience. Such events have the potential to delay necessary medical intervention or lead to ineffective self-treatment.

Privacy Concerns

Using AI in healthcare usually requires entering sensitive personal information. This creates serious privacy and data security concerns, as breaches could allow unauthorized access to or misuse of user data.

North Korean Hackers Expand Targets to Healthcare and Energy Sectors



 

North Korean

Andariel cyber attack Hacking Healthcare Mandiant Threat Intelligence North Korean

North Korean Hackers Expand Targets to Healthcare and Energy Sectors

A recent report by cybersecurity firm Mandiant reveals that Andariel, a North Korean hacking group, is broadening its scope of attacks to include the healthcare, energy, and financial sectors. This group, likely affiliated with the Democratic People's Republic of Korea Reconnaissance General Bureau, has previously targeted government institutions and critical infrastructure.

Andariel's cyber operations have become increasingly sophisticated over the years. According to Mandiant, the group is now being tracked as APT45 and continues to employ advanced tools and techniques to maximise impact while evading detection. These operations often aim to gather intelligence from government nuclear facilities, research institutes, and defence systems.

Michael Barnhart, Mandiant's principal analyst, highlighted that Andariel has been actively seeking blueprints for military advancements, emphasising the group's flexibility in targeting any entity to achieve its goals, including hospitals. Mandiant's report suggests that Andariel has been involved in ransomware development and deployment, operating under various codenames such as Onyx Sleet, Stonefly, and Silent Chollima. There are also links to the DPRK's notorious Lazarus hacking group.

North Korea is one of the few nations that supports for-profit hacking, using stolen funds to support the development of weapons of mass destruction and to bolster its economy. The report notes that Andariel directly targeted nuclear research facilities and power plants in 2019, including a facility in India. Following a suspected COVID-19 outbreak in North Korea in 2021, the group expanded its focus to the healthcare and pharmaceutical sectors.

Government and Defense Espionage

Initially, Andariel's activities centred on espionage campaigns against government agencies and defence industries. Over time, the group has shifted to include financially motivated operations, such as targeting the financial sector. Barnhart attributed many of North Korea's military advancements to Andariel's successful espionage efforts against governments and defence organisations globally.

Use of Artificial Intelligence

The report also references a January warning from the South Korean National Intelligence Service about North Korea's use of generative artificial intelligence technologies to conduct sophisticated cyberattacks and identify potential targets. This development accentuates the growing complexity and adaptability of North Korean hacking groups like Andariel.

Mandiant, a part of Google, has been working closely with multiple U.S. government agencies, including the FBI, to monitor Andariel's activities. This collaborative effort aims to mitigate the threat posed by the group and to protect critical infrastructure from its attacks.

The Mandiant report paints a concerning picture of Andariel's expanding operations and the increasing sophistication of its cyberattacks. As the group continues to evolve and adapt, it remains a substantial threat to various sectors worldwide, including healthcare, energy, and finance.

Massive Cyber Attack Hits MediSecure, Impacting Millions of Australians



 

MediSecure

Australia cyber attack Data financial strain Hacking Healthcare MediSecure

Massive Cyber Attack Hits MediSecure, Impacting Millions of Australians

In a shocking revelation, MediSecure, an eprescription provider, has confirmed that approximately 12.9 million Australians have been affected by a cyberattack that occurred in April. This incident has surpassed previous notable breaches, including the Optus and Medibank data breaches in 2022, in terms of the number of individuals impacted.

The administrators of MediSecure, FTI Consulting, disclosed that the compromised data includes individuals' healthcare identifiers. However, due to the complexity and sheer volume of the data involved, identifying the specific individuals whose data was stolen is financially unfeasible for the company. This inability to pinpoint affected individuals prevents MediSecure from notifying them about the breach.

Data Complexity and Financial Constraints

The compromised server contained 6.5 terabytes of data, equivalent to billions of pages of text. This data was stored in a mix of semi-structured and unstructured formats, making it extremely difficult to analyse without incurring substantial costs. The encrypted nature of the server further complicates efforts to determine the exact information accessed by the malicious actors. MediSecure's financial limitations have left the company unable to afford the extensive resources needed to sift through the massive amount of data.

Notification Delays and Administrative Actions

Despite the hack occurring in April, MediSecure did not make the incident public until May. The delayed notification has raised concerns about the company's crisis management and communication strategies. Subsequently, the company entered administration in June, and its subsidiary, Operations MDS, went into liquidation. This subsidiary was identified as the main trading entity of the corporate group, highlighting the severe impact of the cyberattack on the company's operational capabilities.

Impact on Healthcare Services

MediSecure had provided a crucial service that allowed healthcare professionals, such as general practitioners, to send electronic prescriptions to patients. However, this service has not been used for new electronic prescriptions since November 15, following a decision by the federal Health Department to designate eRx as the sole e-script provider. This shift has left many healthcare providers scrambling to adapt to the new system, further complicating the ecosystem for electronic healthcare services in Australia.

The MediSecure cyberattack highlights the growing threat of data breaches and the challenges companies face in managing and mitigating such incidents. With 12.9 million Australians potentially affected and the company unable to notify them, the breach underscores the need for robust cybersecurity measures and the financial resilience to respond effectively to such crises. This incident serves as a stark reminder of the vulnerabilities that exist in the digital age and the critical importance of safeguarding sensitive information.

The Financial Fallout of UnitedHealth’s Ransomware Attack



 

United Health

Data Extortion Healthcare Privacy Ransomware United Health

The Financial Fallout of UnitedHealth’s Ransomware Attack

A $2.3 Billion Lesson

The recent ransomware attack on UnitedHealth Group serves as a stark reminder of the vulnerabilities that even the largest corporations face. The attack, which has resulted in costs soaring to at least $2.3 billion, underscores the severe financial and operational impacts of cyber threats.

The health insurance company revealed the estimate in its second-quarter earnings report on Tuesday. The $2 billion cost estimate is based on the millions UnitedHealth has already spent to restore its systems following the attack, which caused a severe outage in February.

The Attack and Immediate Response

UnitedHealth Group, a leading healthcare and insurance provider, fell victim to a sophisticated ransomware attack. The attackers encrypted critical data and demanded a ransom for its release. Despite the company’s robust cybersecurity measures, the breach highlighted gaps that were exploited by the cybercriminals.

In response to the attack, UnitedHealth made the difficult decision to pay a $22 million ransom. While this payment was significant, it represents only a fraction of the total costs incurred. The immediate priority was to restore systems and ensure the continuity of services for millions of customers who rely on UnitedHealth for their healthcare needs.

The Broader Financial Impact

System Restoration: Restoring encrypted data and rebuilding IT infrastructure required substantial investment. This process involved not only technical recovery but also ensuring that systems were secure against future attacks.

Lost Revenue: During the period of disruption, UnitedHealth experienced significant revenue losses. The inability to process claims, manage patient data, and provide timely services had a direct impact on the company’s financial performance.

Operational Costs: Additional costs were incurred in the form of overtime pay for employees working to mitigate the attack’s effects, hiring external cybersecurity experts, and implementing enhanced security measures.

Legal and Regulatory Expenses: Navigating the legal and regulatory landscape post-attack added another layer of costs. Compliance with data protection regulations and managing potential lawsuits required extensive legal resources.

Customer Support Initiatives: To maintain customer trust, UnitedHealth launched several support initiatives. These included offering free credit monitoring services to affected individuals and setting up dedicated helplines to address customer concerns.

Lessons Learned and the Path Forward

The ensuing disruption also hindered UnitedHealth from completing medical prescriptions, resulting in a revenue loss, according to the company's earnings report.

In Q1, UnitedHealth predicted that the ransomware assault would cost the company between $1 billion and $1.2 billion. However, in Tuesday's results release, the business raised its forecasts to more over $2 billion, citing the need to pay for "financial support initiatives and consumer notification costs," which include providing loans and funds to affected hospitals and pharmacies.

In the second quarter alone, UnitedHealth incurred "$1.1 billion in unfavorable cyber attack effects," according to the business.

UnitedHealth is still recovering from the ransomware attack, while the "majority" of its IT systems have been restored. Furthermore, multiple class-action lawsuits have been brought against UnitedHealth for failing to protect patient information. As a result, the ransomware attack's costs to the organization may continue to rise.

Cyberattack Exposes Patient Data in Leicestershire



 

Sensitive Data Leak

Cyber Attacks data security Healthcare Healthcare Industry Patient Data Personal Data Breach Sensitive Data Leak

Cyberattack Exposes Patient Data in Leicestershire

A recent cyberattack has compromised sensitive patient data in Leicestershire, affecting several healthcare practices across the region. The breach, which targeted electronic patient records, has led to significant concerns over privacy and the potential misuse of personal information. Those impacted by the attack have received notifications detailing the breach and the measures being taken to secure their data and prevent further incidents.

Healthcare providers in Leicestershire are collaborating with cybersecurity experts and law enforcement agencies to investigate the breach, identify the perpetrators, and implement enhanced security measures. The goal is to protect patient information and prevent similar incidents in the future. Patients are advised to be vigilant, monitor their personal information closely, and report any suspicious activity to the authorities. The exposed data includes names, contact details, and medical records, all of which are highly sensitive and valuable to cybercriminals. The breach underscores the growing threat of cyberattacks in the healthcare sector, where such information is frequently targeted.

In response, affected practices have taken immediate steps to bolster their cybersecurity protocols and provide support to those impacted. In addition to enhancing security measures, healthcare providers are committed to maintaining transparency and keeping patients informed about the investigation’s progress and any new developments. This commitment is crucial in rebuilding trust and ensuring that patients feel secure in the handling of their personal information. The healthcare sector has increasingly become a prime target for cyberattacks due to the vast amounts of sensitive data it holds. This incident in Leicestershire serves as a stark reminder of the vulnerabilities within our digital systems and the importance of robust cybersecurity measures. The breach has highlighted the need for constant vigilance and proactive steps to protect sensitive information from cyber threats.

In the aftermath of the breach, healthcare providers are focusing on not only addressing the immediate security concerns but also on educating patients about the importance of cybersecurity. Patients are being encouraged to take measures such as changing passwords, enabling two-factor authentication, and being cautious about sharing personal information online. As the investigation continues, healthcare providers are committed to working closely with cybersecurity experts to strengthen their defenses against future attacks.

This collaborative effort is essential in safeguarding patient data and ensuring the integrity of healthcare systems. The Leicestershire data breach is a significant event that underscores the critical need for heightened security measures in the healthcare sector. It calls for a concerted effort from both healthcare providers and patients to navigate the challenges posed by cyber threats and to work together in creating a secure environment for personal information.

By taking proactive steps and fostering a culture of cybersecurity awareness, the healthcare sector can better protect itself and its patients from the ever-evolving landscape of cyber threats.

Poland Pushes for Shorter Drug Data Protection in EU



 

Privacy

Drugs Europe Healthcare intellectual property Pharmaceutical Firms Privacy

Poland Pushes for Shorter Drug Data Protection in EU

At a recent EU meeting in Luxembourg, Poland supported a European Commission proposal to shorten the time new drugs are protected by data exclusivity rules. Health Minister Izabela Leszczyna said Poland prefers one year of market protection over longer periods of data protection.

In April 2023, the European Commission suggested reducing the data exclusivity period for drugs from eight to six years. Minister Leszczyna agreed, saying this would help people access new treatments more quickly without adding extra paperwork. She also proposed one year of market protection for new uses of existing drugs instead of extending data protection.

Balancing Incentives and Access

Minister Leszczyna emphasised that Poland supports measures to ensure all EU countries have access to modern treatments. She suggested that incentives should focus on market protection and not last longer than a year. For drugs treating rare diseases, extending protection could be considered, but for other drugs, different solutions should be found.

Challenges in Generic Drug Production

Krzysztof Kopeć, President of the Polish Association of Pharmaceutical Industry Employers, highlighted issues with drug shortages, especially for generic drugs. He explained that producing drugs in Europe is becoming less profitable, leading to shortages. Although the European Commission wants to boost drug production in Europe, current regulations do not support this, and production costs are higher in Europe than in Asia.

Concerns from Innovative Drug Companies

Innovative drug companies argue that changing existing intellectual property rules is not the answer to drug access problems. They believe the current rules should continue to support innovation and ensure EU patients can access new treatments. Michał Byliniak, General Director of INFARMA, stressed the need for EU reforms to improve drug supply security, availability, and affordability while also supporting new drug development.

INFARMA is discussing potential risks of shorter protection periods with the Ministry of Health and other stakeholders. They warn that reducing protection could limit access to advanced treatments. INFARMA supports keeping current data protection levels and creating incentives to promote innovation, address unmet medical needs, and encourage research in the EU.

Poland's support for a shorter data exclusivity period shows its commitment to balancing access to new treatments, innovation, and economic realities in the EU drug industry. As discussions continue, the goal remains to create rules that ensure safe, effective, and affordable medicines are available to everyone in Europe.

AI Accelerates Healthcare's Digital Transformation



 

Healthcare

Artificial Intelligence Cyber Security Cyberattacks CyberCrime Digital Data Digital Transformation Healthcare

AI Accelerates Healthcare's Digital Transformation

Throughout the healthcare industry, CIOs are implementing technologies that allow precision diagnostics, reduce clinician workload, and automate back-office functions, from ambient documentation to machine learning-based scheduling. A lot of data is available in Penn Medicine BioBank, an institution run by the University of Pennsylvania Health System. A team led by Michael Restuccia's SVP and Chief Information Officer saw the opportunity to use this data for the benefit of patients at the research hospital.

As a physician, professor, and vice chair of radiology at the University of Pennsylvania Perelman School of Medicine, Charles Kahn says that understanding the characteristics of a population and how a particular individual differs from the rest allows the person to intervene earlier in the condition in question. This is a group of innovative healthcare companies that are pushing the envelope in the digitization of healthcare that has earned the CIO100 award over the past few years. Penn is just one example. The Stanford Medicine Children’s Health, the University of Miami Health System, as well as Atlantic Health have all begun working on precision medicine, machine learning, ambient documentation and other projects.

From a clinical point of view, Bill Fera, MD, the principal who leads Deloitte Consulting’s AI practice, says that we’re witnessing a growing number of advances in radiology, diagnostic services, and pathology. It is very noteworthy that the AI-powered CT scan analysis system is one of the first systems to be implemented in clinical practice, partly because academic medical practices that conduct research can build and operate their own tools without the burden of obtaining FDA approval, which is what healthcare product manufacturers have to deal with.

Although the system did not appear overnight, it took some time for it to come together. According to Donovan Reid, associate director of information services applications at Penn Medicine, it took at least two years for the algorithm to be ready for real-time deployment, and four years before the system finally became operational last year. "It took us hopefully two years to get it ready for actual deployment," he says. Due to the large amount of processing resources required, the team decided to host the algorithm in the cloud.

As a result, the data was encrypted before it was sent to the cloud for processing, and the results were returned to the radiology report after the processing was completed. This was coordinated by the IT team, who developed an AI orchestrator that will be made available to other healthcare providers as a free software package. According to Penn professor Walter Witschey, the availability of this will be a great help for community service hospitals.

A couple of challenges were faced by the team before the system was up and running. There was concern among IT regarding the impact of imaging data flows on infrastructure, and the amount of computing resources needed at any given time had to be matched to the amount of imaging studies being required. Additionally, the system would have to be able to provide results as soon as possible. It has been incredibly surprising to find out that the direct cost, outside of labor, is only about $700 per month. “Doctors want interpretation right away, not at 4 a.m.,” she says.

Over 6,000 scans have already been processed through the system, and the team now plans to expand the application to accommodate more of the 1.5 million imaging scans that the hospital system performs on an annual basis.

Web3 in Healthcare: Privacy, Consent, and Equity



 

Web3

Blockchain Data Healthcare Technology Web3

Web3 in Healthcare: Privacy, Consent, and Equity

The convergence of Web3 technologies and the healthcare industry has sparked significant interest and investment. As blockchain, decentralized applications (dApps), and smart contracts gain traction, the potential benefits for healthcare are immense. However, this rapid adoption also brings cybersecurity challenges that must be addressed.

The Promise of Web3 in Healthcare

1. Decentralization and Data Ownership

Web3 technologies promise to decentralize control over health data. Patients can own and manage their medical records, granting access to healthcare providers as needed. This shift empowers individuals, enhances privacy, and streamlines data sharing.

2. Interoperability

Blockchain-based solutions enable seamless data exchange across disparate systems. Interoperability can improve care coordination, reduce administrative overhead, and enhance patient outcomes.

3. Supply Chain Transparency

Web3 can revolutionize pharmaceutical supply chains. By tracking drug provenance on an immutable ledger, we can prevent counterfeit drugs from entering the system.

The Cybersecurity Challenge

1. Smart Contract Vulnerabilities

Smart contracts, the backbone of dApps, are susceptible to coding errors. High-profile incidents like the DAO hack 2016 ($50 million stolen) underscore the need for rigorous auditing and secure coding practices.

2. Data Privacy Risks

While Web3 promises data ownership, it also introduces new privacy risks. Public blockchains expose transaction details, potentially compromising patient confidentiality.

3. Ransomware Attacks

Healthcare organizations are prime targets for ransomware attacks. Web3 adoption increases the attack surface, as hospitals and clinics integrate blockchain-based systems.

Notable Incidents

1. Change Healthcare Breach (2023)

Change Healthcare, a major player in healthcare payment processing, suffered a cyberattack. Hackers exploited a vulnerability in their Web3-enabled billing platform, compromising patient data and disrupting financial transactions. The incident cost the company millions in fines and legal fees.

2. PharmaChain Supply Chain Attack (2022)

PharmaChain, a blockchain-based drug tracking platform, fell victim to a supply chain attack. Malicious actors injected counterfeit drug information into the ledger, leading to patient harm. The incident highlighted the need for robust security protocols.

Safe Future: Preventive Measures

1. Code Audits

Thoroughly audit smart contracts before deployment. Engage security experts to identify vulnerabilities and ensure robust coding practices.

2. Privacy-Enhancing Technologies

Explore privacy-focused blockchains (e.g., Monero, Zcash) for sensitive health data. Implement zero-knowledge proofs to protect patient privacy

3. Incident Response Plans

Healthcare organizations must develop comprehensive incident response plans. Regular drills and training are essential to minimize damage during cyberattacks.

Rethinking the Cloud: Why Companies Are Returning to Private Solutions



 

Privacy

Business Cloud Computing Cloud Services data security Healthcare IT Industry Privacy

Rethinking the Cloud: Why Companies Are Returning to Private Solutions

In the past ten years, public cloud computing has dramatically changed the IT industry, promising businesses limitless scalability and flexibility. By reducing the need for internal infrastructure and specialised personnel, many companies have eagerly embraced public cloud services. However, as their cloud strategies evolve, some organisations are finding that the expected financial benefits and operational flexibility are not always achieved. This has led to a new trend: cloud repatriation, where businesses move some of their workloads back from public cloud services to private cloud environments.

Choosing to repatriate workloads requires careful consideration and strategic thinking. Organisations must thoroughly understand their specific needs and the nature of their workloads. Key factors include how data is accessed, what needs to be protected, and cost implications. A successful repatriation strategy is nuanced, ensuring that critical workloads are placed in the most suitable environments.

One major factor driving cloud repatriation is the rise of edge computing. Research from Virtana indicates that most organisations now use hybrid cloud strategies, with over 80% operating in multiple clouds and around 75% utilising private clouds. This trend is especially noticeable in industries like retail, industrial sectors, transit, and healthcare, where control over computing resources is crucial. The growth of Internet of Things (IoT) devices has played a defining role, as these devices collect vast amounts of data at the network edge.

Initially, sending IoT data to the public cloud for processing made sense. But as the number of connected devices has grown, the benefits of analysing data at the edge have become clear. Edge computing offers near real-time responses, improved reliability for critical systems, and reduced downtime—essential for maintaining competitiveness and profitability. Consequently, many organisations are moving workloads back from the public cloud to take advantage of localised edge computing.

Concerns over data sovereignty and privacy are also driving cloud repatriation. In sectors like healthcare and financial services, businesses handle large amounts of sensitive data. Maintaining control over this information is vital to protect assets and prevent unauthorised access or breaches. Increased scrutiny from CIOs, CTOs, and boards has heightened the focus on data sovereignty and privacy, leading to more careful evaluations of third-party cloud solutions.

Public clouds may be suitable for workloads not bound by strict data sovereignty laws. However, many organisations find that private cloud solutions are necessary to meet compliance requirements. Factors to consider include the level of control, oversight, portability, and customization needed for specific workloads. Keeping data within trusted environments offers operational and strategic benefits, such as greater control over data access, usage, and sharing.

The trend towards cloud repatriation shows a growing realisation that the public cloud is only sometimes the best choice for every workload. Organisations are increasingly making strategic decisions to align their IT infrastructure with their specific needs and priorities.

Cyberattacks Threaten US Hospitals: Patient Care at Risk



 

Patient Data

American Hospital Association Ascension Ascensions Health System cyber attack Healthcare Patient Data

Cyberattacks Threaten US Hospitals: Patient Care at Risk

A severe cyberattack on Ascension, one of the largest healthcare systems in the United States, has disrupted patient care significantly. The ransomware attack, which began on May 8, has locked medical providers out of critical systems that coordinate patient care, including electronic health records and medication ordering systems. This disruption has led to alarming lapses in patient safety, as reported by health care professionals across the nation.

Marvin Ruckle, a nurse at Ascension Via Christi St. Joseph in Wichita, Kansas, highlighted the chaos, recounting an incident where he almost administered the wrong dose of a narcotic to a baby due to confusing paperwork. Such errors were unheard of when the hospital’s computer systems were operational. Similarly, Lisa Watson, an ICU nurse at Ascension Via Christi St. Francis, narrowly avoided giving a critically ill patient the wrong medication, emphasising the risks posed by the shift from digital to manual systems.

The attack has forced hospitals to revert to outdated paper methods, creating inefficiencies and increasing the potential for dangerous mistakes. Watson explained that, unlike in the past, current systems for timely communication and order processing have disappeared, exacerbating the risk of errors. Melissa LaRue, another ICU nurse, echoed these concerns, citing a close call with a blood pressure medication dosage error that was fortunately caught in time.

Health care workers at Ascension hospitals in Michigan reported similar issues. A Detroit ER doctor shared a case where a patient received the wrong medication due to paperwork confusion, necessitating emergency intervention. Another nurse recounted a fatal delay in receiving lab results for a patient with low blood sugar. These incidents highlight the dire consequences of prolonged system outages.

Justin Neisser, a travel nurse at an Indiana Ascension hospital, chose to quit, warning of potential delays and errors in patient care. Many nurses and doctors fear that these systemic failures could jeopardise their professional licences, drawing parallels to the high-profile case of RaDonda Vaught, a nurse convicted of criminally negligent homicide for a fatal drug error.

The health sector has become a prime target for ransomware attacks. According to the FBI, health care experienced the highest share of ransomware incidents among 16 critical infrastructure sectors in 2023. Despite this, many hospitals are ill-prepared for prolonged cyberattacks. John Clark, an associate chief pharmacy officer at the University of Michigan, noted that most emergency plans cover only short-term downtimes.

Ascension's response to the attack included restoring access to electronic health records by mid-June, but patient information from the outage period remains temporarily inaccessible. Ascension has asserted that its care teams are trained for such disruptions, though many staff members, like Ruckle, reported receiving no specific training for cyberattacks.

Federal efforts to enhance health care cybersecurity are ongoing. The Department of Health and Human Services (HHS) has encouraged improvements in email security, multifactor authentication, and cybersecurity training. However, these measures are currently voluntary. The Centers for Medicare & Medicaid Services (CMS) are expected to release new cybersecurity requirements, though details remain unclear.

The American Hospital Association (AHA) argues that cybersecurity mandates could divert resources needed to combat attacks. They contend that many data breaches originate from third-party associates rather than hospitals themselves. Nevertheless, experts like Jim Bagian believe that health systems should face consequences for failing to implement basic cybersecurity protections.

The cyberattack on Ascension calls for robust cybersecurity measures in health care. As hospitals consolidate into larger systems, they become more vulnerable to data breaches and ransomware attacks. Health care professionals and patients alike are calling for transparency and improvements to ensure safety and quality care. The situation at Ascension highlights the critical nature of cybersecurity preparedness in protecting patient lives.

Defending Hospitals and Clinics: Strategies Against Ransomware



 

Ransomware

Data Healthcare Malicious Campaign malware Ransomware

Defending Hospitals and Clinics: Strategies Against Ransomware

The healthcare industry has become a prime target for ransomware attacks in recent years. These malicious campaigns exploit vulnerabilities in healthcare systems, disrupt critical services, and compromise sensitive patient data.

According to Steve Stone, president of Rubrik's Zero Labs, ransomware is one of the levers changing how enterprises think about risk. Zero Labs' latest analysis shows that healthcare firms are more likely to lose 20% of their sensitive data after a ransomware attack.

This blog post will explore why healthcare organizations are at risk and discuss strategies to mitigate these threats.

1. Data Sensitivity and Volume

Healthcare organizations handle vast amounts of sensitive data, including patient records, medical histories, and financial information. This data is a goldmine for cybercriminals seeking economic gain. According to recent reports, healthcare data breaches cost organizations an average of $7.13 million per incident. The sheer volume of sensitive data makes healthcare an attractive target.

2. Architectural Similarities

While ransomware operators don’t exclusively focus on healthcare, the industry shares architectural nuances with other sectors. For instance:

Legacy Systems: Many healthcare institutions still rely on legacy systems that lack robust security features. These outdated systems are more susceptible to attacks.

Interconnected Networks: Healthcare networks connect various entities—hospitals, clinics, laboratories, and insurance providers. This interconnectedness creates multiple entry points for attackers.

Medical Devices: Internet of Things (IoT) devices, such as MRI machines and infusion pumps, are integral to patient care. However, they often lack proper security controls, making them vulnerable.

3. Risk Surface Area

Preventing ransomware starts with understanding your risk surface area. Here’s how healthcare organizations can reduce their exposure:

Identity Management: Properly managing user identities and access rights is crucial. Limiting access to sensitive data based on roles and responsibilities helps prevent unauthorized changes.

Data Visibility: Organizations must know where sensitive data resides, both on-premises and in the cloud. Regular audits and data classification are essential.

Backup and Recovery: Robust backup solutions are critical. Regularly backing up data ensures that even if ransomware strikes, organizations can restore systems without paying the ransom.

4. Incident Response Challenges

Healthcare organizations face unique challenges in incident response:

Hybrid Environments: Many healthcare systems operate in hybrid environments—partly on-premises and partly in the cloud. Coordinating incident response across these environments can be complex.

Patient Safety: Ransomware attacks can disrupt critical services, affecting patient care. Balancing data protection with patient safety is a delicate task.

Collaboration: Effective incident response requires collaboration among IT teams, legal departments, and external cybersecurity experts.

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

About Me

Showing result(s) for

Popular Posts

Pages

Menu Item

Healthcare: Juicy Target for Criminals

Complexity: Flaw in IT System

Understanding the Complex vs. Complicated

Solution for Better Healthcare Security

The Need for AI Regulation

The Ten Mandatory Guardrails

Using AI for Medical Queries

No Personalized Care

Bias and Data Quality

Misuse

Privacy Concerns

A $2.3 Billion Lesson

The Attack and Immediate Response

The Broader Financial Impact

Lessons Learned and the Path Forward

The Promise of Web3 in Healthcare

1. Decentralization and Data Ownership

2. Interoperability

3. Supply Chain Transparency

The Cybersecurity Challenge

1. Smart Contract Vulnerabilities

2. Data Privacy Risks

3. Ransomware Attacks

Notable Incidents

1. Change Healthcare Breach (2023)

2. PharmaChain Supply Chain Attack (2022)

Safe Future: Preventive Measures

1. Code Audits

2. Privacy-Enhancing Technologies

3. Incident Response Plans

1. Data Sensitivity and Volume

2. Architectural Similarities

3. Risk Surface Area

4. Incident Response Challenges