October Cyber News Bytes
ALERT: Ransomware Threatens U.S. Healthcare
The FBI, Department of Homeland Security and Department of Health & Human Services have issued an alert regarding a new, large-scale ransomware attack on healthcare providers across the United States. In an attack that began on October 26, Russian-speaking hackers utilizing Ryuk ransomware have infiltrated six hospitals’ computer systems from New York to California. The hackers have demanded upwards of $1 million from each facility to stop the attack, which some have paid. Ryuk is a form of ransomware that encrypts essential data on computer systems. It has already forced some facilities to disrupt patient care and cancel noncritical surgeries. The Washington Post has more details on the attack, which will undoubtedly be one to monitor in the weeks ahead.
Las Vegas Students’ Information Released By Hackers
As our dependence on technology continues to grow amid the COVID-19 pandemic, there is a significant increased exposure to ransomware attacks by hackers desperate to make a buck. An attack on the Clark County School District in Las Vegas, NV highlights this danger. According to an article from The Hill, hackers released the personal data of 320,000 students after the district refused to pay a ransom. This incident puts an exclamation point on a troubling trend in the cybersecurity world that will need to be monitored in the coming months.
As we continue to see ransomware activity and examples like this be a challenge for organizations across all industries, it is imperative that businesses begin to familiarize themselves with this unique risk and proactively develop a security plan to mitigate risk and impact should an attack occur. An article from NetDiligence provides a helpful overview of ransomware attacks and suggestions for preparing for a potential attack.
FBI Warns Consumers to Avoid Hotel Wireless Networks
Staying in any hotel usually means free access to a public wireless network as a basic amenity for guests. However, these networks may put you and your personal information at risk. The FBI recently released a warning about the dangers of hotel wireless networks due to generally poor, outdated equipment and software. While COVID-19 has impacted the travel routines of many, this is still a critical reminder. Libraries, coffee shops, restaurants and airports that provide access to a public wireless network can all share these same risks and vulnerabilities.
A recent article from Ride The Lightning highlights warning signs and steps to take if your device is compromised while utilizing a public wireless network.
Maryland Non-Profit Robbery Highlights Cybersecurity Threats
The Jewish Federation of Greater Washington, a Maryland-based non-profit organization, recently fell victim to a significant cybersecurity incident involving an employee’s personal computer. A hacker compromised a remote-working employee’s computer to steal $7.5 million in endowment funds. The attack was discovered by a security contractor who noticed unusual activity in an employee’s email account. With the abrupt shift to remote working in 2020, cybersecurity has become a struggle for many IT departments trying to keep up with the unprecedented amount of employees working from home.
A piece from NetDiligence features a Q&A session addressing the importance of employee training and implementing additional security measures to help mitigate the cybersecurity risks associated with remote working.
Lessons Learned from the NYFDS’s First Cybersecurity Enforcement
The New York State Department of Financial Services (NYSDFS) cybersecurity regulators recently charged First American Title Insurance Company with enforcement actions alleging violations of the NYSDFS Cybersecurity Regulation, the first enforcement of this kind. The NYSDFS is pursuing a per-record fine or settlement.
An article from NetDiligence discusses some lessons to be learned from the enforcement actions, which can be applied to all organization types. These lessons include the importance of increasing cybersecurity, having an actionable incident response plan in place, and following internal policies and procedures of timely remediation of known system vulnerabilities.
Privacy Regulation is increasing across the country in the cybersecurity space in conjunction with the sophistication and the continually growing number of data security incidents/cyberattacks occurring. Businesses should review their systems and procedures to ensure that they comply with the regulations and to protect themselves from potential violations.
RCM&D is here for you to help protect your cybersecurity. Talk to a trusted advisor today with any questions on these highlighted issues and beyond.