The FBI and two other federal agencies issued a joint warning earlier this week, alerting hospitals and medical facilities to the threat of cyberattacks on their information technology systems. According to KrebsonSecurity, “officials from the FBI and the U.S. Department of Homeland Security hastily assembled a conference call with healthcare industry executives warning about an ‘imminent cybercrime threat to U.S. hospitals and healthcare providers.’ ”
The warning turned into a reality for University of Vermont Health Network, which released a statement on October 29 confirming it was working with the FBI in the aftermath of a cyberattack that affected some of its systems. “The attack has caused variable impacts at each of our affiliates. Staff are continuing to follow well-practiced standby procedures to ensure safe patient care.”
The alert from the federal agencies emphasized that organizations must maintain business continuity plans as part of a mitigation strategy. CISA, FBI and HHS do not recommend organizations pay the ransom. Rather, they highlighted several network, ransomware and user awareness best practices among other recommended mitigation measures. When in doubt, city and state officials reportedly said to ask for help with cybersecurity collaboration efforts.
Now let’s turn to other news that made headlines this week.
Oct. 30: Users who subscribe to Google’s 2TB Google One plan will now have a Virtual Private Network (VPN) embedded into the service, ZDNet reported.
Oct. 29: The US Assistant Attorney General called for collaboration among law enforcement, citizens, industry and non-government agencies in the fight against online child exploitation, Infosecurity magazine reported.
Oct. 29: Forbes’ Martin Giles opined that CIOs should pay close attention to the upcoming national election because, “The outcome of the contest will have profound consequences for skilled immigration, data privacy regimes, the regulation of AI and other issues such as cybersecurity that all matter to CIOs.”
Oct. 28: “A computer hacker who took over networks maintained by Hall County, Ga., escalated demands this week by publicly releasing election-related files after a ransom wasn’t paid, heightening concerns about the security of voting from cyberattacks,” The Wall Street Journal reported.
Oct. 28: A blog penned by Microsoft’s Tom Burt said that the company had detected and thwarted malicious activity in which Iranian actors posing as organizers of the Munich Security Conference and the Think 20 Summit in Saudi Arabia were targeting high-profile individuals.
Oct. 27: The Hill reported, “The Trump campaign’s website suffered a brief, apparent hack on Tuesday evening, though the campaign said no important data was exposed.”
Oct. 27: According to Veracode’s State of Software Security Volume 11, “the majority of applications contain at least one security flaw and fixing those flaws typically takes months. This year’s analysis of 130,000 applications found that it takes about six months for teams to close half the security flaws they find.”Oct. 26: Bishop Fox, a private professional services firm, welcomed cybersecurity leaders Alex Stamos and Evan Wolff to its Advisory Board with the hope that their expertise will expedite Bishop Fox’s mission to deliver “comprehensive offensive security testing for organizations globally.”