In late May of this year, a new cyberattack technique was discovered that delivered malware via the mouse hover feature in PowerPoint files. This technique debuted in a spam campaign that targeted the United Kingdom, Poland, Sweden, and Netherlands.
Recently, the ransomware attack dubbed “WannaCry” made global news as it spread across more than 150 countries, infecting hundreds of thousands of devices. A few things made this ransomware attack interesting, such as the operating system the majority of the victims were running.
In recent years we have been seeing a surge of cyberattacks in all industries, but one specifically is really feeling the heat. Due to the sensitive nature of their work, the healthcare industry is particularly susceptible to cyberattacks like ransomware. Ransomware is a form of malicious software that locks users out of their data and threatens to destroy the data if a ransom is not paid. Cybercriminals can not only make a profit by forcing a provider to pay for important files to be decrypted, but they stand to gain a political or socioeconomic upper hand by tarnishing the reputation of certain health organizations.
Somewhere off the shore of the Black Sea lives Evgeniy Bogachev—the notorious Russian hacker with a $3,000,000 bounty on his head. This man is the most wanted cybercriminal in all history. If he even sets foot outside of Russian territory, the United States will do whatever it takes to grab hold of him. He has been accused of money laundering, conspiring, and racketeering throughout the digital world.
Last year, the healthcare industry saw an immense rise in ransomware attacks. This trend is expected to increase in 2017. Just this month, Erie County Medical Center (ECMC) in Buffalo, N.Y. had a computer virus shut down the hospital’s computer system. According to a local news report on April 16th, the medical center switched to their backup system to avoid paying the hacker’s ransom.
This April, Governor Bill Haslam signed into law an amendment to Tennessee’s Encryption Safe Harbor Statue. The encryption safe harbor allows for the nondisclosure of encrypted data incidents, so long as the information was not accessed. The amendment to the statute requires that any organization with a data breach that could potentially expose unencrypted personal information, or where there is access to the encryption key, to submit a notification.
The FBI’s recent Private Industry Notification warns medical and dental facilities of cybercriminals targeting file transfer protocol (FTP) servers operating in anonymous mode within their organizations. Healthcare providers are particularly susceptible to this type of attack, as hackers can steal protected health information (PHI) or personally identifiable information (PII) to intimidate, extort money, or ruin the reputation of business owners.