Collaborate Disseminate
Cybersecurity threats against health care have skyrocketed in recent years.
The post Senators push for more frequent medical device cybersecurity guidance from FDA appeared first on CyberScoop.
Continue reading Senators push for more frequent medical device cybersecurity guidance from FDA
A little more than a year removed from its role in advancing some of the most significant cybersecurity legislation ever enacted, the Cyberspace Solarium Commission is transforming into version 2.0 of itself. With some of its key recommendations now law — such as the creation of the Office of the National Cyber Director in the White House — the remnant of the congressionally created panel is turning its attention to tracking how those ideas are implemented, while studying some of the issues it didn’t get to fully examine before releasing its final report. Those areas of study include protecting the water, maritime transport and health care sectors, as well as strengthening the federal and private sector workforce and ensuring plans to avert disruptions to the economy caused by cyberattacks. Now housed within the Foundation for Defense of Democracies (FDD) think tank, the commission’s 2.0 work should take another two years, […]
The post The Cyberspace Solarium Commission pushed some major policies into law. So what now? appeared first on CyberScoop.
Colonial Pipeline didn’t notify the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency of its ransomware incident, and CISA still didn’t have technical details about the attack as of Tuesday morning, the agency’s top official told senators. Acting director Brandon Wales also said he didn’t think Colonial would have reached out to CISA if the FBI hadn’t alerted his agency, he said in testimony before the Homeland Security and Governmental Affairs Committee. That exchange — and others over the course of a hearing that touched on several major recent security incidents — served as yet another reminder that despite the constant drumbeat for improved cybersecurity information sharing between industry and government, it still doesn’t happen fully in even some of the most dire circumstances. “This is potentially the most substantial and damaging attack on U.S. critical infrastructure ever,” said Ohio Sen. Rob Portman, the top Republican on the panel, in […]
The post Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing appeared first on CyberScoop.
Colonial Pipeline didn’t notify the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency of its ransomware incident, and CISA still didn’t have technical details about the attack as of Tuesday morning, the agency’s top official told senators. Acting director Brandon Wales also said he didn’t think Colonial would have reached out to CISA if the FBI hadn’t alerted his agency, he said in testimony before the Homeland Security and Governmental Affairs Committee. That exchange — and others over the course of a hearing that touched on several major recent security incidents — served as yet another reminder that despite the constant drumbeat for improved cybersecurity information sharing between industry and government, it still doesn’t happen fully in even some of the most dire circumstances. “This is potentially the most substantial and damaging attack on U.S. critical infrastructure ever,” said Ohio Sen. Rob Portman, the top Republican on the panel, in […]
The post Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing appeared first on CyberScoop.
The Department of Health and Human Services says New York health insurer Excellus has agreed to pay a multimillion-dollar penalty after a data breach exposed sensitive information about more than 9 million people between late 2013 and May 2015. The $5.1 million fine is for violations of privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA), according to the department’s Office for Civil Rights (OCR). The incident stemmed from a hack against Excellus’ systems during an era that featured well-publicized attacks on corporations such as Target, Sony and Home Depot. Years later, health data remains a ripe target for cybercriminals, particularly ransomware gangs. U.S. federal agencies warned about an “imminent” ransomware threat in October 2020. The OCR said the breached data included names, addresses, dates of birth, email addresses, Social Security numbers, bank account information, health plan claims and clinical treatment information. “The hackers installed malware […]
The post Health insurer Excellus penalized $5.1M by HHS for data breach appeared first on CyberScoop.
Continue reading Health insurer Excellus penalized $5.1M by HHS for data breach
A day after U.S. federal agencies warned of an “imminent” ransomware threat to hospitals, it’s an all-hands-on deck mentality for a health sector already strained by the coronavirus pandemic. Private threat briefings are being held for hospital executives, federal officials are appealing for more data on the cybercriminals and hospitals are hardening their computer networks. The defensive measures follow an advisory Wednesday from the FBI and departments of Homeland Security and Health and Human Services that cybercriminals were deploying Ryuk ransomware to disrupt IT networks and extort hospitals. It was a stark warning, even for a health care sector accustomed to pandemic-era cyberattacks: Medical organizations are being singled out by capable crooks. While the federal agencies did not name victim organizations, the announcement coincided with suspected ransomware attacks this week on hospitals in New York, Oregon and Vermont, and perhaps other states. The American Hospital Association, which includes 5,000 health […]
The post Health sector mobilizes defenses following Ryuk ransomware warning appeared first on CyberScoop.
Continue reading Health sector mobilizes defenses following Ryuk ransomware warning
Six months ago, as professional sports were postponed indefinitely, schools were shuttering, Tom Hanks was the poster boy for COVID-19, and President Donald Trump addressed a nervous nation, people at the highest levels of the U.S. government became laser-focused on one idea: Coronavirus vaccine research needed to be defended from hacking attempts. Soon after the World Health Organization declared a pandemic, the Pentagon’s Defense Digital Service and the National Security Agency got to work on a behind-the-scenes protection mission for “Operation Warp Speed,” the U.S. government program responsible for producing 300 million coronavirus vaccine doses by January 2021. Known as the Security and Assurance portion of Operation Warp Speed, the mission is no small effort. Consisting of people from DDS, NSA, FBI, the Department of Homeland Security and the Department of Health and Human Services, it has been running behind the scenes for months, and is being detailed here for the first time. […]
The post How the government is keeping hackers from disrupting coronavirus vaccine research appeared first on CyberScoop.
Continue reading How the government is keeping hackers from disrupting coronavirus vaccine research
In early March, as the novel coronavirus swept through the U.S., the Department of Homeland Security’s cybersecurity wing quietly began an initiative that would single out the critical government and private-sector organizations that needed protection from spies and criminals during the pandemic. The list of essential organizations would include U.S. labs working on a vaccine, pharmaceutical firms researching virus treatments and a constellation of equipment suppliers with global supply chains. The initiative turned into something U.S. officials call Project Taken — a multi-agency effort to protect U.S. vaccine research and other data from hacking and infiltration. “We really need to identify the parts of the United States government and industry that are going to get us through this COVID crisis,” recalled Bryan S. Ware, assistant director at DHS’s Cybersecurity and Infrastructure Security Agency. “And we need to prioritize … our capabilities and our outreach to those entities.” While other parts of the […]
The post US cyber officials try to channel Liam Neeson in responding to coronavirus threats appeared first on CyberScoop.
Continue reading US cyber officials try to channel Liam Neeson in responding to coronavirus threats
A volunteer group of cybersecurity professionals formed to protect computer networks during the coronavirus pandemic says it has helped dismantle nearly 3,000 malicious internet domains and identified more than a 2,000 software vulnerabilities in health care institutions around the world. “The threats are coming in like a firehose; as fast as we can take things down, there are new [threats] there,” said Marc Rogers, who is an executive with cybersecurity company Okta and one of the founders of the volunteer group. Known as the Cyber Threat Intelligence (CTI) League, the group’s membership has soared from a few dozen since its founding last month to some 1,400 people in 76 countries today. Security specialists from technology giants like Microsoft are members, and the group says it has formed close connections with law enforcement agencies. Their services are in high demand as health care organizations strain to deal with COVID-19, which has killed more […]
The post Volunteer cybersecurity pros say they’ve stymied hacks against health care organizations appeared first on CyberScoop.
As if the Department of Health and Human Services didn’t have enough to deal with during the coronavirus pandemic, it looks like hackers were trying to redirect people trying to visit a department website to a malicious domain designed to steal their data. By sending phishing messages that sent recipients from a Health and Human Services website to a malicious one, scammers tried compromising people with malicious software capable of capturing credit card data and email credentials. The attempted attack coincided with a surge in attention around the department, as Americans seek guidance amid the COVID-19 outbreak. The malicious “redirect,” as the trick is called, no longer exists after a group of volunteer cybersecurity experts worked with HHS to address it. It is unclear how many devices, if any, were compromised as a result of the activity. It was only the latest effort by digital miscreants to capitalize on international concerns about the pandemic. “The believability that it […]
The post Security pros helped HHS fix a website flaw that exposed visitors to malware appeared first on CyberScoop.
Continue reading Security pros helped HHS fix a website flaw that exposed visitors to malware