The Healthcare Sector is Still Under Siege by Cybercriminals

The Healthcare Sector is Still Under Siege by Cybercriminals

---

Although every industry has been impacted by cyberattacks during the unprecedented wave of cybercrime in 2020, the healthcare sector really experienced a disproportionate share. That wasn’t good news in the middle of a global pandemic that was driving already challenged healthcare organizations to the brink and beyond in the worst health crisis in generations. Cybercriminals saw an opportunity and they took it – confirmed data breaches in the healthcare industry increased by 58% in 2020. Now industry experts are wrestling with a thorny question: are healthcare cyberattacks a legitimate public health crisis?

---

---

 No one disputes that cyberattacks against hospitals, health systems, research facilities, pharmaceutical manufacturers and even temperature-controlled transportation were incredibly disruptive to the COVID-19 pandemic response around the world. Experts estimate that the healthcare sector alone lost $25 billion alone last year and an estimated 27% of all cyberattacks in 2020 targeted healthcare organizations. That’s not including pharmaceutical companies, research facilities, testing laboratories, equipment manufacturers, technology providers, insurance companies and myriad other healthcare-related businesses.

This onslaught led to huge problems exactly when hospitals and clinics couldn’t stand to have anything else go wrong. Unfortunately, according to researchers at Blackberry, healthcare sector businesses are the most likely to pay ransoms, making them extremely attractive targets. The information gained in healthcare data breaches is also exceptionally desirable and valuable. During the race to develop a COVID-19 vaccine, the pressure was on pharmaceutical companies, with three major contenders breached in one week at the peak of the pressure. Two specific outcomes for healthcare-related cyberattacks have made an especially strong case for healthcare cybercrime constituting a public health crisis. 

---

Ransomware

Ransomware attacks against every target soared in 2020, and healthcare was no exception. Attacks against healthcare organizations dramatically increased in Q4 2020, with a month-over-month increase of about 45%in early November. That followed an alarming 71% spike in October. Researchers noted that on average, businesses and organizations faced an average of 440 ransomware attacks per week in October 2020 – and by the end of November 2020 that number climbed to 626 — nearly 90 attacks every single day.

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) didn’t wait to make a pronouncement about the status of ransomware attacks on healthcare targets. CISA, FBI and HHS joined together in a rare joint warningthe healthcare sector on October 28, 2020, to be on high alert for a new flood of attacks and continuing pressure, including potential activity by nation-state threat actors. Private security experts agree that it was the right call. At the time, the alert specifically called out TrickBot ransomware, but the suggested precautions would offer healthcare organizations strong protection against most other types of ransomware as well.

---

---

Care Continuum Impacts

The most feared result of potential cyberattacks against healthcare targets is a disruption in care. Many hospital systems experienced IT outages as a result of cyberattacks that caused serious problems. In some cases, hospitals were forced to resort to old-fashioned written records during these outages, or they experienced an inability to access important test results, scans, x-rays and other important patient information. Universal Health Services (UHS), a nationwide hospital and health facility operator in the US, experienced a massive IT network outage in late September 2020. The company was forced to disconnected its IT system after identifying a malware attack. The outage lasted for eight days in the middle of a pandemic wave, creating more stress for already overburdened medical; staffers in its facilities. In hundreds of UHS healthcare facilities across the US, healthcare workers were forced to resort to cumbersome downtime protocols and paper records during the outage.

It wasn’t just hospitals who have felt the pinch. Just last week, scores of US hospitals were impacted by a security breach at a specialist provider of equipment for cancer treatments.  Supply chain and third-party riskhas been a nightmare for every industry in the last 12 months. Swedish oncology and radiology system provider Elekta’s announcement of a data security incident, purported to be ransomware, was a heavy blow to 42 hospitals that were reliant on its first-generation cloud-based storage system. This led to an inability for providers to access the precise notes and details of radiotherapy treatments for patients. Yale New Haven Health in Connecticut was forced to take its radiation equipment offline for over a week, resulting in many of the hospital’s cancer patients being transferred to other providers with little notice.  Care disruptions are an unfortunate reality for many hospitals, and that makes cybercrime like this a public health emergency.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

The Future of Fax A Look at Where It Is & Where It’s Going

The Future of Fax A Look at Where It Is & Where It’s Going   Wednesday, June 2, 2021 1:00 – 1:15 p.m. EST     Enterprise digital fax is evolving and it’s important to stay ahead of the curve. Whether you are running a fax server in house, having it hosted and managed in the cloud, or using software as a service (SaaS), join us for this informative 15-minute mini-webinar. We'll highlight where fax stands today and where its headed.   We'll also show you the various approaches to deploying your fax server, dive into some of the newest features available, and offer a peek into what the future holds.    You will learn: Various deployment methods for fax Some of the newest features & modules RightFax road map for upcoming versions Where fax technology is headed   This session is a must for developers and business teams alike.    We hope you can join us!

Sign Up Here

Bit by Bit, 115 West 29th Street, 4th floor, New York, NY 10001

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

5 Reasons Why Your Business Needs IT Security Audits

5 Reasons Why Your Business Needs IT Security Audits

By Robert Blake

 

The cybersecurity world is constantly evolving due to an ever-growing number of threats. One way to stay proactive against cybercriminals is to conduct IT security audits on a routine basis. A managed IT service provider can easily perform these audits to identify any areas of weakness within your organization. These IT audits play an important role in helping you stay alert to any potential weaknesses before they are exploited by cybercriminals.

 

Here are a few more reasons why cybersecurity audits are a necessity in today's digital work environment.

 

1) Measure the Efficiency of Your Business

Understanding how to maximize efficiency for your company is essential in staying up with the competition. Outdated technology can make it impossible to operate at a high level while also exposing your business to additional security risks. An IT security audit is a great way to identify any outdated technology that needs to be updated or replaced to ensure your business is functioning as efficiently as possible.

 

2) Identity IT Security Issues

Many times, it's difficult for a business to identify any potential security flaws before it's too late. Using an IT service provider to perform these cybersecurity audits can help you find any weaknesses within your system and allow you to develop a plan to take care of these problems. A proactive approach to cybersecurity will greatly reduce downtime and decrease the likelihood of your business suffering a cybersecurity incident.

 

3) Avoid Compliance Violations

Maintaining compliance in handling confidential data is a necessity in a wide range of industries. Failure to follow these guidelines can often lead to significant financial penalties while also damaging your reputation. An IT security audit provides a great opportunity to ensure your business is following the latest compliance guidelines to avoid any problems in the future.

 

4) Evaluate Data Flow

Another reason to consider an IT security audit is that it helps to identify the flow of data in your business. For example, these audits will determine how data is processed and stored within your IT infrastructure. An audit will also look for any potential security concerns that can lead to a data breach. Data management can play a key role in preventing data breaches and making sure only a few employees have access to this confidential information.

 

5) Enhance IT Security for Remote Employees

Many businesses are allowing employees to work from home for the foreseeable future. Unfortunately, remote employees are often prime targets for cybercriminals. Performing an IT security audit is a great way to identify any potential security concerns for remote employees, such as outdated software, weak passwords, or unencrypted file sharing. Recognizing these concerns and taking care of these problems as soon as possible is critical due to the ever-growing number of remote employees.

 

Closing Thoughts

A cyber attack can wreak havoc on your business operations and lead to hours of downtime. Staying proactive against these ever-changing threats is essential in today's workplace. Using an IT service provider to conduct cybersecurity audits on a regular basis is one of the best ways to stay a step ahead of these threats. These IT professionals will look for any signs of weaknesses while also providing your business with an action plan to further improve your operations and give you the best IT security available.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

Ransomware Risk is a Rising Tide That Can Swamp Your Business

Ransomware Risk is a Rising Tide That Can Swamp Your Business

---

Cybercriminals are refining their approach to ransomware, and risk has risen worldwide. Targeted ransomware is today’s rising trend. Researchers determined that targeted ransomware has grown by an eye-popping 767%, easily dwarfing all other types. Recent numbers logged by UK researchers show a record-breaking 11% year-on-year increase in attacks against UK targets in Q1 2021.

Every business is at risk of falling victim to ransomware – after all, more than 60% of organizations worldwide experienced a damaging ransomware incident in 2020. Ransomware has especially battered healthcare targets, but that’s not the only industry that’s experiencing increased risk. No matter the size, your business is at an increased risk of experiencing a ransomware incident in today’s volatile threat landscape, and that danger is growing.

How can you guard against becoming a victim of targeted ransomware? By taking sensible precautions that keep your systems and data safe, like phishing resistance training using BullPhish ID. Your employees can learn to spot and stop real risks that are prevalent in your industry in customized phishing simulations. If you’re not already using multifactor authentication with Passly, this is a great time to add it. It stops 99% of password-based cybercrime, including cybercriminals with a password that they just phished off an unwary employee. 

In a 2021 survey, 70% of survey respondents said that they believe that their business will be harmed by email-based attacks like targeted ransomware attacks in the next year, up from 59% in 2020. But you don’t have to join that number- put strong protections in place now and you can have peace of mind that you’ve chosen a powerful defense for your essential systems and data.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

Third-Party Risk Brings Danger to Your Door Daily

Third-Party Risk Brings Danger to Your Door Daily

---

Even if you’re making all the right cybersecurity moves, can you be certain that every organization that your business has a relationship with is doing the same thing? 98% of organizations have had a threat arrive at their doorstep because of a data breach or security incident a third party or supply chain source in the last 12 months – and that’s a vector for incoming cyberattacks that you may not even know about.

Third-party and supply chain risk can come from any vendor or service provider that you do business with. Are you outsourcing file transfers or information storage? That’s how more than a dozen universities were hacked using information gained in a breach at transference and collaboration specialist Accellion. Using specialized software for fundraising? Hundreds of leading charitable organizations and trusts were too – and many of them were hacked because of a data breach at software provider BlackBaud. 

No business can exist without others. Any organization that has information about your business could be putting your systems and data at risk. As the world becomes more interconnected and cloud-based, that risk is growing every year. New cyberattacks fueled by dark web data are adding to that risk too. At the start of 2020, an estimated 65% of the information already on the dark web could harm businesses, and 22 million more new records were added by the end of that year.

Reduce your company’s chance of damage from a third party or supply chain based attack by taking a few simple precautions. Add multifactor authentication to every account – Microsoft says that it stops 99% of password-based attacks. Increase phishing resistance training too. Much of the data that bad actors gain is used for spear phishing. Dark web monitoring helps reduce risk too by alerting you if any of your company’s protected credentials are exposed.

How about some good news? By following these tips, you’re not just increasing your company’s protection against third party and supply chain risk. You’re also boosting your organization’s overall cybersecurity posture against many other damaging risk like ransomware and account takeover as well as increasing your cyber resilience – and that delivers you some much-needed peace of mind.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

Secure Your Clients Against Third Party/Supply Chain Risk Fast

Secure Your Clients Against Third Party/Supply Chain Risk Fast

---

CISA has declared April National Supply Chain Integrity Month. But you don’t have to be a US-based business to benefit from this helpful reminder! No business is an island and third-party/supply chain risk is snowballing for every organization. As a flood of records stolen in data breaches continues to fuel cybercrime from the dark web, your clients are at an increased risk for BEC, ransomware, spear phishing, impersonation scams and so much more. this problem isn’t going away anytime soon. In fact, expect it to continue getting worse. You’ll want to review your clients’ security posture against third-party and supply chain risk today(TPR/SCR) – and we’re here to help you address vulnerabilities fast!

---

---

Almost Every Business Experienced a TPR/SCR Risk in 2020

In an increasingly interconnected world, companies are more intertwined than ever before. MasterCard’s Risk Recon unit reported on the proliferation of risk factors that businesses face today in The State of Third-Party Risk. Their survey respondents said that when it came to the necessity of checking vendors for cybersecurity risks, one-third assessed fewer than 25 vendors annually, another third checked between 25 and 100 and the last third dealt with more than 100 vendors. About 5% of respondents were in charge of assessing more than 750 third per year! Even a highly reputable major vendor like Microsoft could saddle businesses with an unexpected vulnerability.

Just because they’ve reached out to assess cybersecurity procedures and policies at a potential third party or supply chain connection, that doesn’t mean that the connection is safe. While 81% of respondents claimed that 3/4 of their vendors pass their security questionnaires, only 14% of those surveyed trust those responses. 31% of respondents stated that they have vendors they considered to be a material risk in the event of a data breach. That tracks with other industry data indicating that an astonishing 98% of monitored organizationsclocked a threat from a supplier domain in 2020.

---

Don’t miss these bad password lists & good password tips. DOWNLOAD IT>>

---

More Dark Web Data = More TPR/SCR

Why are organizations facing more relationship risk than ever before? An enormous amount of data hit the dark web last year, including an estimated 22 million new records. Experts already estimated that 65% of the information on the dark web at the start of 2020 could harm businesses. Those new records and other scraped or stolen information provide abundant fresh fuel for cybercrime, increasing everyone’s risk. Threats from suppliers’ jacked domains are also a huge problem. Cybercriminals piggybacking on legitimate business domains has increased risk in every sector. About 74% of those threats are phishing attempts or impostor schemes, and almost 30% were malware-related.

Newly ascendant supply chain and third-party risks have had a profound impact on business security. When looking at the fallout, another survey reported that 80% of respondents had suffered at least one breach via the supply chain, a majority had suffered at least two breaches and one in ten had suffered more than six. The manufacturing sector was especially beleaguered, with 57% of survey respondents saying they have suffered breaches related to supply chain exposure in the past 12 months. Visibility is a major concern – 29% of the executives said they had no way of knowing if a risk was spawned at a vendor until it became a cyberattack on their business.

---

---

Mitigating This Risk Isn’t Impossible

TPR/SCR may be growing, but there’s no reason why your clients can’t gain some peace of mind against it when you guide them into taking a few practical, affordable steps to minimize their exposure and keep their data safe. The best part is that not only will these moves protect them from TPR/SCR, they’ll also gain additional protection against other cyberattacks that they might be faced with, increasing their overall cyber resilience. 

Password Compromise 

This huge pitfall is one of the top ways that companies gain risk exposure through the supply chain because password reuse is endemic and at least 65% of people reuse passwords across the board, including for business or enterprise accounts. But two solutions are strong defenders in the fight against password compromise risk from these sources.

• Multifactor authentication stops 99% of password-based cybercrime including an employee’s often-recycled password, and it’s just one of the many tools that boost security through Passly.
• Dark web monitoring with Dark Web ID gives IT teams crucial time to respond if a company’s passwords hit dark web markets or dumps no matter where they’re snatched from enabling companies to react before the bad guys do.

Spear Phishing & Ransomware

Exponential growth in phishing risk has put every business solidly in cybercriminal sights. Bad actors are using the data gleaned from breaches at service providers, manufacturers, wholesale suppliers, transportation companies, business services firms and more to mount phishing-based cyberattacks on companies in every industry. 

• Reduce the chance of a phishing attack from harming a business by up to 70% with security awareness and phishing resistance training through BullPhish ID
• Repeat that training at least quarterly using preloaded phishing simulation kits or customize the content to reflect industry-specific dangers including attachments and URLs

Securing your clients against the escalating risk that comes from third parties or the supply chain immediately is crucial – 72% of compliance leaders expect the number of TPR/SCR risk that companies face to increase in 2021. By acting now to take sensible precautions, you and your clients can feel confident that you’re insulated against this growing threat vector. Contact the experts at Bit by Bit to find the perfect combination of solutions to defeat this risk.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

Small Changes Now Pay Big Dividends Later

Small Changes Now Pay Big Dividends Later

---

A down economy is forcing many companies to make spending cuts. But when you’re going through your budget looking at things that you can pare down or put off, don’t add cybersecurity to that list. Instead, look at the ways that your security solutions can be maximized to ensure that you’re getting the real value out of them that you’re already paying for – you’re almost certainly going to find a few unexpected features.

For example, if you’re already using Dark Web ID for dark web monitoring, you’re making a strong move to protect your business from credential compromise danger, even if that risk comes from your employees reusing their work passwords elsewhere (which 65% of people do). But are you monitoring your executives’ private email accounts too? You don’t need to buy anything extra to do it – you can do that with Dark Web ID, an often overlooked bonus!

Password protection isn’t really protection anymore. That’s why multifactor authentication (MFA) is a modern essential that authorities like Microsoft recommend to stop 99% of password-based cybercrime. But experts also recommend single sign-on, and secure password vaults. Instead of buying multiple solutions to accomplish those goals, you can find one solution that does everything, like Passly, making your IT budget stretch even farther. Plus, Passly also provides automated password resets, a huge time (and money) saver.

While it may be tempting to slash your security budget and put off making security adjustments, it’s a dangerous proposition. Overall cybercrime increased approximately 85% in 2020 and things aren’t slowing down. Make the smart decision to play the long game and still profit in the short term by making careful investments in cybersecurity upgrades – and avoid having your business get knocked for a loop in the wake of today’s cyber crimewave.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831