Securing Electronic Health Records: Report from HHS Reinforces Need for Contingency Plans

Posted by Ross Moir on Aug 29, 2016 9:06:22 AM

Erics_Healthcare5Actions_Blog_Post.jpg

Type “EHR” and “information security” into Google and you will find tons of Internet websites, news articles, and even YouTube videos on touting the various plusses and minuses of electronic health records, or EHR.  In the last few years, the EHR has become the physician’s best friend, as it helps provide better care, better population health and lower heath care costs.  While EHRs might be changing the way hospitals and practice offices operate, there are still issues with using EHRs securely.   According to the HHS Office of Inspector General, nearly “60 percent of hospitals participating in the federal meaningful use incentive program reported an unplanned disruption in their record systems in 2014 and 2015.” [Note that the meaningful use program is a federally backed program designed to encourage adoption of EHRs by doctors and hospitals].  It is also important to note that most of the reported unplanned disruptions were caused by hardware failure, not from cyber attacks.  While hardware failures are a concern, cyber attacks should also be at the top of the list.  Hospitals are facing an increasing number of directed cyberattacks aimed at disrupting and disabling the IT and health record infrastructure. 

 

Read More

Topics: Cyber Attack, EHR

White House Unveils Color-Coded Scale for Cyber Security Threats

Posted by Ross Moir on Jul 29, 2016 11:39:17 AM

Trending_News_Blog_Post.jpg

On July 26, the Obama administration released a framework for incident handling around cyber-attacks.  The framework is part of the Presidential Policy Directive on United States Cyber Incident Coordination and action plan that was released in February of this year.  It provides a clear standard of when and how government agencies will handle cyber security incidents. Included in the directive is a new color-coded scale that assigns specific colors and response levels to the danger of a cyber-attack.

Read More

Topics: Cyber Attack, cybersecurity

Cybersecurity – When You’re Not a Large Enterprise

Posted by Casey Lang on May 26, 2016 11:03:31 AM

Erics_2_Essential_Security_Program_Elements_Blog_Post.jpg 

Business owners rely on internet connectivity for everything from business operations, productivity and collaboration services to maintaining customer relationships. Unfortunately, the reliance on internet connectivity and cloud services also increases the risks and enhances the exposure to the threat of cyber crime. In addition to stealing money by fraud and deception with things like ransomeware, cyber criminals can also cause damage to your businesses reputation and put you out of business completely depending on the impact and headline worthiness of an incident. As a small business, the risk of a cyber incident or breach can be much more impacting on your ability to do business than a large enterprise that has the ability to absorb the costs that incident response may present.

A business can never be completely safe from the threat of cyber crime but most cyber attacks can be mitigated with some basic security practices. Online security should be taken as seriously as locking the doors of your business and storing cash and valuables in a safe location. Clients have the expectation and right to the security of their data and it's essential that steps are taken to prevent it from being exposed on the internet due to poor security practices. The following tips will enhance your defenses against cyber attacks:

Read More

Topics: Cyber Attack, cybersecurity

Adobe and Windows Zero-day Exploits in the Wild

Posted by Ross Moir on May 16, 2016 12:15:31 PM

Ross_Blog_Post.jpg

The recent news of two new zero-day exploits for Windows and Adobe users was disconcerting for many.  The Windows bug is being exploited in the wild, which users should install fixes as soon as possible.  Cataloged as CVE-2016-0189, the exploit allows attackers to execute malicious code when vulnerable computers visit booby-trapped websites.  According to ARS Technica and Symantec, many of the targeted attacks have been aimed at South Korean websites.  The vulnerability exists in the Jscript and VBScript engines and is exploited using Internet Explorer.  According to Symantec, the exploit may have been delivered through a link included in a spear-phishing email, or a compromised, legitimate website that redirected users to the exploit.  The landing page contained JavaScript code that profiled the computer belonging to the user visiting the site.  South Korea was severely impacted by this zero-day attack, which is heavily reliant on Internet Explorer.  Attackers target South Korean organizations often to gain remote access to South Korean organization computers, steal sensitive data, or even wipe hard drives. The Adobe bug was recently identified in a Flash vulnerability that gives attackers the ability to remotely hijack machines and is currently being exploited in the wild.  FireEye first reported the vulnerability on May 10.  The vulnerability affects Windows, Mac, Linux, and Chrome OS.  The CVE number is CVE-2016-4117.

Read More

Topics: Cyber Attack, Phishing

Financial Institutions Suffer “Carbanak” Cyber Attack

Posted by Kris Kimmerle on Feb 16, 2015 7:54:00 PM


According to the latest Kaspersky Labs report, financial institutions have had approximately $1 billion (£648 million) stolen in the cyber attacks starting in 2013 and are still ongoing. The report identifies a cybercriminal group named “Carbanak” consisting of members from Russia, Ukraine, and China. Carbanak is also suspected as the group behind for the major retail breaches with Bebe Stores, Sheplers, and Staples. Carbanak leveraged well-known vulnerabilities in Microsoft Office in nearly all of their attacks against financial institutions. The average attack was carried out over a period of 2 to 4 months, entailed a 100+ compromised internal systems, and resulted in up to $10 million in stolen financial assets.

Read More

Topics: Cyber Attack

MILCOM, the 2013 Military Communications Conference

Posted by Eric Noonan on Nov 20, 2013 7:50:00 PM

Security assessments can be of transformational value for your organization or they can be shelfware, the determining factor on what you end up with is a matter of leadership and strategy. Here just one example of how an assessment can be transformational.

Read More

Topics: CyberArk, Business, eGRC, Cyber Attack, Breach, Information Sharing

Transformative Value Through A Security Assessment

Posted by Eric Noonan on Nov 14, 2013 7:51:00 PM

Security assessments can be of transformational value for your organization or they can be shelfware, the determining factor on what you end up with is a matter of leadership and strategy. Here just one example of how an assessment can be transformational.

Read More

Topics: Insider, eGRC, Automation, Cyber Attack, Information Sharing

Are Security Assessments of Any Value?

Posted by Eric Noonan on Nov 12, 2013 7:55:00 PM

This post will be broken into multiple parts…taking readers through my experience from the customer side of the equation and how to derive real value out of security assessments.

Read More

Topics: Roadshows, eGRC, Automation, Cyber Attack, Information Sharing