Monday morning’s news that a ransomware attack was likely the cause of a major security incident at Universal Health Services (UHS) evidenced the reality that cyberattacks can happen at any time. Though many an employee approaches the weekend with anticipation of being able to step away from work and enjoy some rest and relaxation, that’s often not the case for security teams.
UHS was not alone in suffering a security incident this week, though. Cyberscoop reported, “A cybersecurity incident has forced the computer systems of an Ohio medical center offline for multiple days and prompted the clinic to postpone elective procedures for patients.”
Yes, these attacks on healthcare systems can make us feel uneasy and vulnerable, but The Hill had more uplifting news. On Wednesday, the bipartisan State and Local Cybersecurity Improvement Act got unanimous approval in the House. The legislation would not only require the Cybersecurity and Infrastructure Security Agency (CISA) to develop a strategy to improve cybersecurity at the state, local, territorial and tribal governments but would also create a $400 million grant program for those entities to defend against and respond to cyberattacks.
Alas, it’s National Cybersecurity Awareness Month, so let’s raise our own awareness about what else made industry headlines this week.
Oct. 2: Concerns are heightened that a last-minute software update to voting machines across the state of Georgia could be indicative of other glitches just weeks ahead of November’s election, according to the Cybersecurity 202.
Oct. 1: A report published by the UK government found a security flaw of “national significance,” according to news from ZDNet.
Oct. 1: Kylie Cosmetics informed its customers that their names, addresses and credit card information could have been compromised as part of the Shopify data breach.
Oct. 1: As part of a multi-state data breach settlement, insurance company Anthem will pay out $39.5 million to the 43 states impacted.
Sept. 30: Months after its high-profile breach, Twitter announced it has appointed former Rubrik Chief Information Security Officer Rinki Sethi as their new CISO.
Sept. 30: According to Security Magazine, a new report from DTEX Systems found that the behaviors of trusted insiders have significantly changed in the shift to a remote workforce, and that “56% of companies reported remote workers actively bypassed security controls to intentionally obfuscate online activity. This is more than 4.5 times higher than 2019 which represents a 450% increase in the first eight months of 2020.”
Sept. 29: FCW reported, “The Defense Department released an interim rule for its Cybersecurity Maturity Model Certification program that will require contractors to prove they are keeping up with key cybersecurity measures.”
Sept. 28: “There is a lot of responsibility that comes with vetting and choosing IoT vendors. Your data, and more importantly your customers’ data, is flowing through those devices. It’s critical to make sure that data is as secure as possible,” opined Christos Kalantzis in a Security Boulevard post.