Health3PT Initiative Takes Aim at Hospitals’ Risk
Hospitals have been feeling the heat of ransomware activity since the onset of the pandemic. Many ransomware actors target third-party imaging vendors and electronic medical records systems – meaning any third-party risk can become a first-party risk. Healthcare CISOs and industry leaders have formed a new initiative called Health3pt to collect best practices and address security responsibilities along the supply chain. Best practices are largely pulled from the HITRUST Common Security Framework (CSF), a set of risk controls that include practices like management responsibilities, segregation in networks and user-access rights. A new article from ITBrew goes in-depth on Health3pt and its benefits in the fight against ransomware.
Cowbell’s SME Modeling
Systemic risk, defined as the possibility of a single event or development triggering widespread failure or disruption, continues to be one of the most analyzed subjects in cyber risk management. In a recent whitepaper, cyber insurance provider Cowbell, which focuses on small to medium-sized enterprises (SMEs), provided some insight into addressing risk within the SME segment. Understanding how vital SMEs are to the U.S. economy, the Cowbell report provides a valuable resource for securing our infrastructure against cyber risk. The report outlines how SMEs can assess and measure their exposure to systemic risk, ultimately providing risk management guidance for mitigating such exposures. As SMEs continue to implement new technical solutions and business connectivity continues to expand, it is critically important for businesses to understand and utilize resources like this.
FBI Takes Down HIVE
HIVE is a ransomware group responsible for extorting more than $100 million from over 1,300 companies worldwide, with victims including hospitals, schools and more. The group targeted the healthcare sector, which “compromised the safety and health of patients in hospitals” according to Errol Weiss, Chief Security Officer for the Health Information Sharing and Analysis Center. As the Justice Department continues its efforts to crack down on overseas ransomware groups, the FBI recently announced that they seized HIVE’s computer network infrastructure “as part of a coordinated law enforcement action.” Unfortunately, the ransomware economy continues to be lucrative. However, there are signs that these coordinated enforcement actions are making a dent in cybercriminal earnings.
Three Cybersecurity Trends for 2023
With the continued increase of cyber attacks and the costs associated with them, the area of cybersecurity will remain critical as we move through 2023. ITBrew highlighted the following three cybersecurity trends to look for in 2023:
- Zero-Trust Security: An approach that assumes nothing is safe from a cyber security standpoint.
- Password-less Authentication: This approach would bypass inputting a text password, but would instead require an “MFA-style mobile code, USBs, biometrics, or other outside-the-box approaches.”
- AI-Based Security: This approach would provide consistency “taking a strong role in threat detection, automated responses and protection protocols.”
We should expect to continue to see new trends in the area of cybersecurity as the sophistication of cyber criminals continues to evolve.
New From the RCM&D Cyber Team: Pixels and Tracking Technology Blog
Pixel and tracking technology collects information like search queries, browsing history and more to help marketers create targeted advertisements. It all sounds harmless, right? For the healthcare industry, organizations interested in utilizing this technology may want to think twice, or at least prepare for potential risks. A June 2022 article from The Markup states that 33 percent of the top 100 hospitals in the U.S. utilize pixels and tracking technology. Since that article was published, over 30 class action lawsuits have been filed due to healthcare organizations sharing protected health information with advertisers. Check out the latest blog from the RCM&D cyber team diving into the use of pixels and tracking technology, the potential regulatory risks that come with this technology, and how to mitigate those risks.