It’s Code Red for the healthcare sector after yet another major, life-threatening cyber-attack that experts say was completely preventable.

Deemed the “most significant” cyber-attack in the history of the UK National Health Service (NHS), the June 3 ransomware attack shut down seven London hospital systems, halting treatment, postponing critical operations, and threatening lives.

It underscores the urgent need for cyber preparedness in a sector that’s particularly vulnerable.

Systems are outdated. Basic cyber practices go unperformed. Employees don’t get sufficient security awareness training. Cybercriminals know all this – and they also know that, when lives are at stake, victims are more likely to pay.

The NHS cyber attack’s ramifications extended far and wide. The perpetrators publicly released 400GB of names, birthdates, NHS numbers and blood test results. They also encrypted systems data, rendering it inaccessible, which caused the postponement of more than 6,000 hospital appointments and procedures in London.

Outdated systems, a failure to identify vulnerable points, and a lack of basic cyber hygiene are reasons why the NHS ransomware attack succeeded, the founding chief executive of the National Cyber Security Centre stated. And, he warned, this attack could be a harbinger of more against the NHS.

But the NHS is far from alone. Globally, the health sector has been hard hit of late. Change Healthcare, a US insurance claims processor owned by United HealthCare, suffered a major blow in February, and poor cyber hygiene was also blamed.

To block further attacks, healthcare providers, insurers, and others in the industry around the world will need to act fast to secure their systems, educate their workers, and more.

Read on to explore the NHS cyber-attack in more depth, look at similarities to the Change Healthcare breach, and discover how to efficiently and effectively stem the rising tide of health sector cyber-attacks in the UK and globally.

The Russian ransomware gang Qilin, thought to be Kremlin-backed, infiltrated the computer systems at Synnovis, which provides blood pathology testing and diagnostics to two NHS trusts in London. What happened to Synnovis underscores the concerns that plague health providers worried about suffering a similar attack:

• Business continuity. The attackers froze Synnovis’ systems by encrypting information needed for the systems to run. As a result of the attack, which cyber experts are calling one of the most significant ever against the NHS, 4,913 acute outpatient appointments and 1,391 operations were disrupted, according to the NHS. Guy’s, St Thomas’, King’s College and Evelina London Children’s Hospitals are among those whose ability to provide services was severely impaired.
• Protecting patient data and other sensitive information. Qilin downloaded private data for which it demanded a £40 million ransom. When Synnovis refused to pay, the group released on the dark web data from 300 million patient interactions with the NHS, including HIV and cancer blood test results for which the HIPAA Journal says individuals may now be subject to extortion. The attackers also took spreadsheets containing financial arrangements between hospitals, practitioners, and Synnovis.
• Protecting patient lives. The National Health Service in England was urging people with universal blood types to donate blood after the Synnovis attack disrupted hospitals’ ability to match patients — underlining how cyberattacks can have serious and potentially life-threatening impacts.
• Although no penalties or fines have been mentioned publicly against Synnovis or the NHS to date, providers as a whole whose cyber hygiene is found to be lacking may be vulnerable to penalties, including GDPR fines, should their systems and data suffer breach.

Why did it happen? Ciaran Martin, the founding chief executive of the National Cyber Security Centre, said after the attack that parts of the NHS’s IT system is outdated and remains at risk of more attacks. He blamed the legacy systems as well as a failure to identify vulnerabilities and conduct basic cybersecurity practices as the leading reasons why the NHS cyber-attack succeeded.

The NHS ransomware attack has many similarities to an attack that occurred in the US in February 2024. That attack, called the “most disruptive cyber-attack on US critical infrastructure to date,” is expected to cost parent company United Healthcare (UHC) billions of dollars and unprecedented data losses affecting one-third of Americans. And, similar to the NHS cyber-attack, the Change Healthcare breach might have easily been avoided had basic security hygiene practices been in place, according to testimony.

A US Congressional subcommittee explored cybersecurity vulnerabilities in healthcare during a May 16 hearing. What it found: The healthcare industry as a whole treads on shaky ground, facing more, and more dire, threats than ever before.

Yet, it remains behind the cybersecurity curve compared to most sectors.

Emboldened by the success of the cyber-attack on Change Healthcare, criminals are now targeting others in the sector. U.S. healthcare system Ascension on May 8 discovered a “security event” that caused a systems shutdown: weeks later, employees in a number of states were still documenting care with pen and paper.

Likewise, weeks after the NHS cyber-attack, blood testing in London was reportedly occurring at about 10 percent of its normal rate. Synnovis anticipated taking several months to fully recover, the HIPAA Journal reported.

The health sector “lags far behind most essential infrastructure sectors … on research to understand the risks and develop specific plans to protect, respond, and recover from cyberattacks,” The Lancet reports.

It’s time to catch up, before cybercriminals catch you and your patients. Fortunately, protection is no mystery; security experts know what to do and how to do it effectively and efficiently. To get started, we recommend:

No specific cause for the NHS breach has yet emerged, but this much we know: human error accounts for 95% of all cybersecurity incidents, the World Economic Forum reports.

What to do: Hornetsecurity’s next-gen Security Awareness Service trains employees using realistic spear phishing simulations and AI-powered e-training, heightening awareness of cyber security risks and threats. Employees learn effectively how to protect themselves and their company. The service is fully automated and easy to use.

Obtaining login credentials used to be an automatic in for intruders, but MFA makes it only half the battle. If the hackers don’t have access to the second layer, such as the user’s device or authentication app, they won’t be able to get in.

What to do: Check and double-check all your systems and software to ensure that they’re covered by MFA, preferably phishing resistant varieties, to block unauthorized entry into your systems and software.

It’s not a matter of “if” you’ll be attacked, but “when,” particularly in healthcare. Being able to recover swiftly—resilience—is key to minimizing costs, damage, and downtime.

What to do: Modernize your backup system with Hornetsecurity’s 365 Total Backup Solution. Among its features:

• Automatic backup of Microsoft 365 data multiple times a day;
• Protection from ransomware attacks as well as third-party disruptions via backup storage and security on Hornetsecurity infrastructure, independent of Microsoft;
• Easy search and recovery;
• Hassle-free, unlimited storage;
• Centralized management; and
• Data storage in local, secured, robust and redundant Hornetsecurity data centers, granting control over data jurisdiction.

Robust security includes having safeguards in place for storing, accessing, and sharing sensitive personal health information.

What to do: Adopt a zero-trust model with Hornetsecurity’s 365 Permission Manager tool. Using it, you can:

• Perform bulk actions to manage permissions at scale;
• Use Quick Actions to fix permissions on multiple sites at once;
• Assign out-of-the-box best practice policies, or create custom defined compliance polices for SharePoint sites, Teams, or OneDrive accounts;
• Receive alerts for critical shares or policy violations; and
• Use the Audit function to approve or reject policy violations.

Note that in this attack, the impacted hospitals themselves weren’t breached, it was the supplier of pathology testing. No business today operates independently, and this is especially true in healthcare. Follow the steps above to ensure that “your house is in order” but also investigate your supply chains, understand their security posture, and plan for how your organization can continue operating if a critical supplier is impacted by a cyber-attack.

To properly protect your healthcare environment, use Hornetsecurity Security Awareness Service to educate your employees on how to secure your critical data.

To keep up with the latest articles and practices, visit our Hornetsecurity blog now.

Don’t wait for a crisis: get your checkup and preventative care now. If you’re in the healthcare sector, your organization is extremely vulnerable to breach by criminals emboldened by recent successes. Truly, it’s not a matter of if your healthcare organization will be hit, but when. Contact Hornetsecurity today to try our solutions for free, and protect your systems and data before attackers strike.

Digital technology is not just the trend of the year, it is the tide that has been changing the course of how businesses are going to be run and it is a surge that is yet to fully peak. A new gee-whiz, tech solution comes out every year to upend the established order and bring new ways to gain an edge.

We have witnessed how cloud computing, mobile apps, and social media have impacted the world from the previous examples, however, it is not long for a new round of revolution in the future, where there are already signs of VR, blockchain, AI, and quantum computing rising up. If your company hasn’t already jumped on the digital bandwagon, now is the moment.

The process that exists under the sign of digitization promises new opportunities to people and organizations, which of course there will be times when the going gets tough and everything won’t be so rosy. A major challenge that can be cited here is the security of the technological infrastructure. This is expected to happen because as society gets more connected and various technologies are developed the threats become more complicated and wide, and the higher the dependence on the digital tech is, the higher the exposure to the risk factors is.

Application of such technologies as growth strategies like AI and machine learning are also vulnerable to hacks. Interested in knowing more about managing in these rather rough internet seas? You can listen to our newest Security Swarm Podcast episode in which we discuss the issues and prospects of digitalization in detail.

Nowadays it is equally important to innovate the cybersecurity technology as it is to have the cybersecurity itself. This is partly because of rapid technological advancement taking place on both the traditional ‘white hat’ cybersecurity application side – namely the companies and organizations involved in the utilization and supervision of cybersecurity to guard their data, networks, etc, while on the other side of the spectrum are the ‘black hats’ – the cybercriminals who are keen to exploit weaknesses in these security infrastructures and attack those networks to steal, corrupt and generally misbehave on.

What is happening though is that the threat actors are starting to leverage higher sophistication and technologies and therefore the cybersecurity firms and cybersecurity technology must also move to that level. How? Through innovation. The Global Risk Report 2021 by the World Economic Forum, depicts that “Business, government, and household cybersecurity infrastructure and or measures are overwhelmed or made obsolete by constantly emergent and more frequent cyber-crimes that lead to economic damage, financial loss, geopolitical rivalry and or sociopolitical unrest”.

Cybersecurity must adapt in response to the ever-enhancing and frequenting cyber criminals. Cybersecurity technology in turn helps make innovation possible in every area of the contemporary digital economy, whilst innovative technologies can help cybersecurity businesses protect businesses, organizations, networks, and data around the globe.

As technology continues to rapidly advance, cybersecurity must continuously develop to sustain the pressure of also, well-armed innovation proportionately happening in threat actors’ underworld, but on the bright side, potential threats are also playing an important part in developing a successful business strategy. When they integrate this evaluation into their overall strategy, businesses can quickly spot vulnerabilities and avoid disruptions, which allows them to continue developing in a stable way.

This way, even if a security event does occur, the business can respond to any threats or attacks promptly, and if a breach unfolds, it can minimize and/or mitigate damage. This is often called cyber resiliency, or in the larger context being a resilient business to attacks of various kinds. Businesses are constantly trying to stay ahead and innovate, playing catch up with the transformation in technology advancements, and they are often mishandling the security side of it. Microsoft is one of many companies in this situation

As of 2023, Microsoft has moved 98% of its IT infrastructure to the cloud, something that wasn’t getting too much attention 10 years ago, and this is a prime example of where innovation meets risk. In the summer of 2023, Microsoft suffered a breach in its cloud environment where threat actors had stolen a consumer signing key and then generated tokens for Azure Active Directory and Microsoft accounts (MSA) to gain entry into Exchange Online.

The tech company received criticism for its handling of the security breach, which reportedly began on May 15 when a group known as “Storm 0558” managed to access email accounts. The hackers exploited forged authentication tokens to infiltrate these accounts, which are typically used to verify the identity of entities seeking access to resources, in this case, email inboxes.

Although the company did not provide details about the vulnerability exploited the tech giant mentioned that it took steps to address the forgery method “on behalf of customers.” They mentioned that on June 26th the webmail version of Outlook stopped accepting tokens issued from Azure AD, now known as Microsoft Entra ID.

A day after the breach, the threat actors forced Microsoft’s hand to apply changes and strengthen their security posture by disabling the use of tokens signed with the compromised key and replacing it by June 29th to prevent further misuse. In the end, Microsoft invalidated all MSA signatures, including those acquired by the hackers during the incident.

The company stated that they have enhanced tech security measures for issuance systems following this incident. They have increased the isolation of these systems from environments and users. Implemented improved monitoring and automated alerts, for key-related activities. Here is a breakdown of the CSRB report on our podcasts Microsoft Storm Breach Part 1 and Microsoft Storm Breach Part 2.

Overcoming these challenges won’t be a walk in the park. It will involve considering security aspects throughout transformation initiatives. While Focusing on profitability and efficiency it’s particularly important to also think about ensuring security and building trust in our businesses from the start.

The good news is that organizations don’t have to tackle this on their own. With an outsourcing market and advancements in security technologies, APIs, and cloud platforms companies can collaborate with security experts, sharing intel and necessary resources to adapt swiftly and effectively to a changing security scenery. There’s a lot at stake here as the rise of digital (and cybersecurity) transformation has catapulted companies and agile disruptors into the limelight but success will only smile upon those who prioritize their security posture and take proactive steps.

When encouraging innovation within a company, it’s crucial to establish a risk management plan aligned with the organization’s goals. Regular reviews of this strategy can enhance its effectiveness, and refine the concepts over time, resulting in decision-makers identifying, and resolving issues before they become security concerns.

1. In 2023, threat actors exploited an SQL vulnerability in Progress Software’s MOVEit file transfer app, used by thousands of organizations across the world.

Several organizations whose supply chains use the MOVEit app suffered a data breach, resulting in customer and/or employee data being stolen.

• What exactly does ‘secure managed file transfer software’ entail? It’s a tech solution that enables companies to securely exchange data, between systems and individuals to adhere to compliance requirements.” Furthermore, considering the entities affected – government bodies, educational institutions, and industries holding data – it’s likely that many of them utilized MOVEit to fulfill their compliance duties ensuring a more secure data transfer process compared to using email or public file-sharing platforms

2. Cambridge Analytica, Facebook Scandal (2018): social media has been around for over 20 years now however; the use case is now something bigger than just connecting old friends. The perfect example of Digital Transformation. Businesses can Identify emerging trends and address issues as soon as they arise by tracking relevant keywords and mentions. Cambridge Analytica teamed up with Facebook to gather information from individuals using the app called thisisyourdigitallife, which was developed by Aleksandr Kogan. Participants were compensated for taking a personality test through the app. Initially, Cambridge Analytica stated that the data collected would be used for research purposes only. However as reported by Cadwalladr and Graham Harrison the app also harvested data, from the Facebook friends of the test takers resulting in a database of tens of millions of individuals. Although Facebook’s platform policy permitted the collection of friend’s data to enhance user experience within the app and prohibited its sale or use, for advertising purposes Cambridge Analytica breached this policy.

3. SolarWinds Cyberattack (2020): In one of the most sophisticated and far-reaching cyber espionage campaigns ever discovered, hackers affiliated with the Russian government infiltrated the networks of numerous U.S. federal agencies and private companies through a compromised update in SolarWinds’ Orion software. This software, widely used for IT infrastructure management, was updated with malicious code, which then allowed the attackers to spy on and steal sensitive data from a multitude of high-profile targets, including the U.S. Departments of Homeland Security, Treasury, and Commerce, among others

4. The ransomware attack known as WannaCry that occurred in May 2017 serves as an illustration of the conflict between progress and safeguarding. This cyber threat took advantage of a weakness, in Microsoft Windows, which was first identified by the National Security Agency (NSA). The security flaw, dubbed EternalBlue was exposed to the public by the hacking group Shadow Brokers resulting in one of the largest ransomware assaults ever witnessed.

To properly protect your working environment, use Hornetsecurity Security Awareness Service to educate your employees on how to secure your critical data.

To properly protect your email technology environment, use Hornetsecurity email services such as:

• Spam & Malware Protection
• Advanced Threat Protection
• Email Encryption
• Email Continuity Service
• Email Signature & Disclaimer

To keep up with the latest articles and practices, visit our Hornetsecurity blog now.

In the security sector, understanding what is happening in the world becomes a critical issue, and transforming in conjunction with society is not an option. With each present change, new alternatives and scenarios open up, because the future is being built whether we like it or not, and if this is not done strategically, the waves of change can become real tsunamis. It is only by being part of this transformation that the ability to respond to the new needs of people and organizations is generated; this is precisely what radical innovation is: to stop waiting for the future and join the movement of the world.

Security services in today’s world must be able to anticipate risks in an intelligent and agile way, taking into account the significant diversity of threats from different spheres, sometimes resulting from the hybridization of different environments and actors. This implies working on corporate foresight, acquiring skills and abilities to detect patterns of change, interpret the impacts on the organization, and propose long-term courses of action with the perspective of radical innovation.

As the world eagerly anticipates the upcoming Olympic Games in Paris, it’s crucial to address a persistent and increasingly sophisticated threat: cyberattacks. Russia, in particular, has a notorious history of targeting the Olympics with various forms of cyber aggression. In this article, we will look at Russia’s frankly very checkered past when it comes to hacking the games and provide tips on how to protect your organization during the 2024 Olympics.

One attack that’s gone down in hacker history concerns the 2018 Winter Olympics in Pyeongchang in South Korea, known as Olympic Destroyer. 

Three months ahead of the games starting, hundreds of members of the organizing committee and others involved in the preparation for the games got an email with the subject “List of Delegates” and an attached zip file, with a Word document inside of it. When opened, there was just garbled text but there was a helpful button at the top of the document – Enable Content. Clicking it executed a PowerShell script that downloaded and executed a malware program, which installed a backdoor, and also presumably fixed the garbled text. Amongst the recipients were mailboxes at two IT firms that supplied servers and networking for the games.  

Then, on February the 9th, 2018, the opening ceremony started, and at about the same time, the worms planted on computers inside the Olympic network woke up. Scanning the systems they had been planted on, they found browser and network credentials and used these to log on to other systems and then repeated the same process on that system, quickly spreading throughout the confined network. And once the credentials were exfiltrated, it wiped the Boot Configuration Data, specifically targeting Active Directory Domain Controllers (DCs), crashing them and making them unbootable.  

The IT staff at the Technology Operation Center for the games were fortunately prepared, and within a short amount of time they’d worked around the missing DCs, bringing up Wi-Fi access and internet connected TVs just before the opening ceremony concluded. They then spent the rest of the night fighting against the malware, severing the connection between the Olympic network and the internet and by the next morning they’d eradicated the malware from the network, allowing the games to proceed.  

Once the dust had settled, the question of who was behind the attack started being investigated. The obvious culprit was of course North Korea, and the initial forensics work on the malware found many similarities to previous malware from them, but this didn’t quite make sense. North Korea had actually reached out before the games, Kim Jong-un sent his sister as a diplomatic emissary to the games, and the two countries even combined their women’s hockey teams for the games. 

The main clues as to the true source of the malware came from the Rich Headers in the malware, which gives information about the source files present in the compilation of the program, and these matched exactly between this new malware and earlier samples of North Korean malware. A researcher at Kaspersky Labs, Igor Soumenkov, dug deeper into this match and it didn’t make sense to him, as even a minor change in any of the source files will result in a very different header, so the chance that an identical match is found should be slim. Analyzing Rich Headers isn’t normally part of forensics attribution for malware but proved crucial in this case. Further research showed that this was indeed the case, the malware authors had swapped the Rich Headers on purpose to point the finger at North Korea.  

The real culprits were discovered by noting the IP address and URL that the initial stages (remember that zipped Word document?) of the malware communicated with (C2), which turned out to be identical to the URL used in an attack on the election systems in Illinois and Arizona in the run up to the 2016 US election (200,000 voter’s data was stolen). And there it was, we knew who was behind the attacks on the US elections in 2016 and so Russia was behind this attack as well and had tried to point the finger at the North Koreans. They just forgot the golden rule of operational security – don’t reuse infrastructure between operations – it’ll eventually lead to accurate attribution.

The “hack” that started it all was the doping scandal, where RUSADA, the Russian Anti-Doping agency was facilitating the cheating, rather than stopping it. Starting after the 2010 Winter Olympics (Russia didn’t win “enough” medals), Vitaly Stepanov, who was working at RUSADA and had realized the magnitude of the cheating tried getting the World Anti-Doping Agency (WADA), to take notice, but without much luck. 

He and his wife eventually found a German journalist who took their story seriously, and they broke it in a 2014 TV documentary. Finally, WADA looked at the allegations, investigated and found mass doping, which was then followed by a ban by the International Olympics Committee for Russia to participate in the 2018 Winter Olympics, a ban which still stands today.

In addition to 2018, Russia targeted anti-doping officials and organizations for the 2016 games in Rio, and Tokyo in 2020. 

Several prominent cyber security firms ascertain that cyber-attacks and disinformation campaigns are ramping up ahead of the games next month. Read Microsoft’s take here, and here, along with Mandiant’s report here.  

Hornetsecurity’s Security Lab ascertains that there are two main risks for the Paris games, one is destructive attacks against IT infrastructure for the games (including athletes, the International Olympic Committee, payment and ticketing systems and physical infrastructure), and the other one is disinformation campaigns. The most brazen example of disinformation is a fake documentary named Olympics has Fallen (a play on the 2013 movie) which uses Tom Cruise’s likeness to discredit the International Olympic Committee and advance Russian disinformation. 

Given the ongoing war in Ukraine, expect tie-ins to the games from Russia to also be designed to weaken the resolve of the support across Europe for Ukraine.

Employees can be your company’s weakest link in cybersecurity, or its best line of defense. During the 2024 Paris Olympics, the risk of phishing emails and other cyber scams will be higher than ever. Training your team to recognize these threats is crucial in managing cyber risks. Our Security Awareness Service offers automated, customized training solutions to ensure your employees are always prepared. Learn more about how it can help keep your organization safe here.

Our next-gen email hygiene solutions will be vigilant to stop phishing attempts using the games as lures – a favorite, not only with Russia’s intelligence agencies (as we saw in 2018), but also with common criminals. Any popular event or societal occasion is used to increase the likelihood of compromised victims. Phishing themes will be along the lines of “free tickets to see this game here” (catering to greed) or “your tickets have been cancelled due to a clerical error” (anger) and “terrorist attack at game stadium likely” (fear), along with many other “creative” varieties.  

If you’re a business involved in or supporting the Paris Olympics – it’s very important that you raise your threat awareness in light of the expected activity from Russia (and others). We might also see DDOS attacks against various entities involved in supporting the games.

To properly protect your healthcare environment, use Hornetsecurity Security Awareness Service to educate your employees on how to secure your critical data.

To keep up with the latest articles and practices, visit our Hornetsecurity blog now.

Are you prepared for the games? For sports enthusiasts this question brings up long watching marathons, cheering on your favorite country and celebrating exceptional athletic prowess. For cyber defenders, that question has a totally different meaning – so, are you ready?

Artificial intelligence, commonly known as AI has been around since the 1950s. However, its growth has surged in years due, to advancements in computer technology that have made it more accessible to a range of organizations. This expansion is fueled by the availability of cost-effective computer chips and the vast amounts of data available for training AI systems.

Applications like email spam filters and virtual assistants showcase a glimpse of how AI is being used today. With the increasing digitization of our world, the risk of cyber attacks on interconnected devices and systems is also on the rise underscoring the importance of AI in cybersecurity efforts. By leveraging AIs ability to analyze volumes of data for anomalies and threats organizations are transforming their approach to cybersecurity.

However, incorporating AI into security measures comes with its challenges. While AI offers opportunities to enhance security practices it also introduces vulnerabilities that threat actors can exploit. Some malicious parties have already begun using AI to launch sophisticated cyber attacks globally prompting organizations to adapt quickly to this evolving landscape.

According to findings from the 2021 Middle East CEO Survey, an increasing number of respondents view cyberattacks and data breaches as threats to business growth compared to years. As a result, many organizations are looking to allocate resources toward cybersecurity and data privacy initiatives in response. This heightened awareness underscores the importance for business leaders in staying proactive against cyber threats amidst growing competition, in the realm of intelligence.

Artificial intelligence (AI) encompasses a variety of computer science methods that enable machines to learn from experience adjust to inputs and carry out tasks in a manner of human intelligence. The significance of data, in AI cannot be overstated as it plays a role in shaping the decisions made by AI systems and the quality of those decisions.

There are three ways an AI system may be trained:

• Supervised User-guided machine learning, such as distinguishing between pedestrians and road signs.
• Unsupervised learning involves identifying patterns, correlations, and clusters in data
• Reinforcement learning involves teaching a model to solve problems via trial and error.

AI has the potential to revolutionize a wide range of complicated human functions, whether locally, nationally, or globally. AI systems may be trained to identify health concerns, operate cars, estimate restaurant food demand, and optimize global retail supply chains.

In today’s age where technology is the backbone of the operations of many businesses, cybersecurity teams often face the challenge of juggling multiple tasks within limited timeframes dealing with overwhelming data flows, and coping with skill shortages. AI has emerged as a tool to assist these teams in overcoming these hurdles and enhancing cybersecurity measures in these key aspects:

• Enhancing the accuracy of threat detection in control systems
• Speeding up investigative processes
• Automating response mechanisms
• Coordinating and managing responses effectively

By leveraging AI capabilities organizations can fortify their cybersecurity defenses across different fronts from classifying data and pinpointing vulnerabilities to thwarting spam attacks. At a level, AI can identify malware threats, patch up weak points proactively, and be taught to monitor activities from your Security Operations Centers (SOCs), prevent unauthorized access attempts, and gather intelligence on potential threats lurking in less accessible corners of the internet, like the Dark Web.

In essence, AI is transforming the playing field of cybersecurity by empowering systems to perceive risks and analyze situations intelligently, the closest to what a human, sense,  think and act with improved speed.

1. Sense: Sensors, text analytics, natural language processing, and biometrics all aid cybersecurity systems in detecting odd or suspicious behavior within the organization’s networks.
2. Think: Given the volume of data, machine learning, particularly deep learning, enables systems to improve over time by constantly learning patterns of behavior and lowering the number of false positives or missed attacks.
3. Act: Automated, organized cybersecurity systems respond to threats, closing weaknesses and alerting businesses to attempted attacks.

Deploying an AI-powered cybersecurity system comes with its set of challenges. One major hurdle that organizations face is the lack of cybersecurity data, across all departments, which is crucial for the AI system to effectively learn. Moreover integrating AI raises governance issues for businesses. For instance systems learning is solely dependent on the provided data potentially influenced by biases in data selection. If the quality of data is poor or if the system lacks understanding during analysis it may generate many false positives affecting its decision-making accuracy. To be considered as replacements, for rules-based solutions AI-driven systems must demonstrate accuracy levels.

In addition to data quality and governance, organizations face a dearth of experienced AI professionals and cybersecurity specialists to implement and operate systems on an ongoing basis.

Unfortunately, it’s not the ‘good guys who have realized the potential of AI. Cybercriminals are also using AI strategically to target organizations and speed up cyber attacks by automating tasks like erasing their footprints from internal systems. Therefore organizations need proper cybersecurity measures to protect AI systems across all functions including within their cybersecurity defenses. The three primary AI threat vectors are data, input, and model which are targets to be exploited by attackers through extraction or manipulation. They might tamper with the data that an AI system learns from by ‘poisoning’ it or extracting data for information to understand how the AI system operates. A notable instance of manipulation is seen in the vehicle industry. Attackers can disrupt a car’s behavior by placing pieces of tape, on red traffic lights so that the car’s AI system fails to recognize them leading to the vehicle ignoring stop signs.

Organizations need to safeguard their AI systems from cyber threats by managing access permissions, verifying data to prevent tampering, and educating the AI systems to learn from past breaches and prevent future manipulation.

AI now plays a role, for companies looking to bolster their cybersecurity defenses against sophisticated threats in our electronic world. One of the advantages of utilizing AI is the ability to anticipate security risks through data gathering, filtering, and analysis. By Integrating machine learning into data analysis enhances threat detection proactively allowing organizations to address and mitigate threats effectively. AI is also instrumental in identifying and thwarting phishing attempts by recognizing patterns and analyzing the content of the email.

Furthermore, developers are leveraging AI technology to enhance authentication procedures by addressing any existing weaknesses. Additionally, by examining network traffic patterns AI can develop customized policies and recommendations tailored to needs while enhancing behavioral analytics.

In the future, AI cybersecurity framework will be a cornerstone element, across all aspects of defense strategies. Here are some of the use cases and advantages of AI:

• In the world of cybersecurity having foresight is invaluable.
• Detecting cyber threats ahead of time provides organizations, with the window to effectively thwart these dangers.

• This year over 2,000 distinct cybersecurity vulnerabilities have been documented.
• Managing these vulnerabilities with resources would be nearly impossible.
• AI introduces an approach.

• Managing network security operations demands an amount of time and human effort to oversee and control effectively.
• AI can introduce automation to tasks enabling cohesive operations while reducing the margin of error.

• AI and machine learning play a role in combating phishing attacks.
• These technologies can trace over 10,000 phishing sources.
• They also enable differentiation between legitimate sources.

• Passwords have consistently been identified as one of the weakest links in security measures.
• Biometric authentication is viewed as an alternative, for security enhancements.
• Developers are exploring authentication by addressing any vulnerabilities to enhance the robustness of behavioral analytics.
• AI and machine learning can be used to enhance behavioral analytics by examining patterns.

To properly protect your healthcare environment, use Hornetsecurity Security Awareness Service to educate your employees on how to secure your critical data.

To keep up with the latest articles and practices, visit our Hornetsecurity blog now.

In summary, AI-driven tools have quickly become essential and is some cases over-reliant for assessing and improving cybersecurity measures. These advanced solutions help companies save time, money, and resources by identifying potential risks and weaknesses. Additionally, they enable real-time monitoring of security threats and vulnerabilities while streamlining cybersecurity testing procedures.

When choosing AI-based security tools it is important to consider factors such, as cost, precision, scalability, and user-friendliness. It is at utmost importance to ensure that the selected AI-driven security solution undergoes evaluation and frequent updates. Lastly understanding the applications of AI-based security tools is key to selecting the suitable solution, for your needs.

It’s time to get serious about securing healthcare systems, solutions, and data!

Cybersecurity in the health sector needs urgent care—followed by long-term therapy.  Cyber-attacks are on the rise in this vulnerable sector: wreaking financial havoc, posing national security concerns, even threatening patients’ lives. And many of these attacks are completely preventable.

The recent Change Healthcare cyber-attack is a case in point. The “most disruptive cyber-attack on US critical infrastructure to date” is now sounding a wake-up call among industry watchdogs. It led a US Congressional subcommittee to explore cybersecurity vulnerabilities in healthcare during a May 16 hearing. What it found: The healthcare industry treads on shaky cyber ground, facing more, and more dire, threats than ever before. In this article we conduct our own post-mortem of the Change Healthcare cyber-attack.

The Change Healthcare cyber-attack made splashy headlines, but it was only one of a growing number of intrusions plaguing the sector with increasing frequency and severity. The number of hospital systems hit with ransomware nearly doubled in 2023, to 46, from 25 in 2022, the New York Times reports.

Nor is it only a US problem: Healthcare events globally nearly quadrupled in 2023 over the previous year, the European Repository of Cyber Incidents found. Hostile nation-states attack healthcare providers daily, the US House Energy and Commerce Committee Subcommittee on Health learned in its hearing.

Interconnectedness makes the healthcare system particularly attractive to cyberthieves. Physicians’ offices, clinics, hospitals, medical devices, laboratories, pharmacies, electronic health records, insurers, support services, and others affiliated with care form a vast, interlocking web of information that, once breached, can provide a treasure trove of valuable data.

Stolen health records pose an especially juicy target, selling on the dark web for 10 times more than stolen credit card numbers, the American Hospital Association notes.

Security in this sector is notoriously weak. The COVID-19 pandemic is partly to blame, the Lancet reports. To provide care during a time of quarantines and lockdowns, facilities rushed to adopt new digital technologies such as mHealth, telehealth, and AI-supported diagnostic tools. In their haste, they tended to give security short shrift.

And keeping up with technology updates costs time and money that many facilities don’t have. Instead, they use outdated technologies and software.

A single vulnerability is all malicious actors need to bring down an entire system, or even an ecosystem. And with lives at stake, medical providers are much more likely to pay the ransom for the sake of continuing care.

The cyber-attack on Change Healthcare, one of the world’s biggest health payment processors, gave cybercriminals access to 4 terabytes of data, shut down healthcare facilities across the US, and cost UHC $22 million in ransom alone, not to mention legal fees, recovery costs, and other expenses expected to total at least $1.6 billion.

Why were the effects of this cyber-attack so devastating and far-reaching? Investigations are underway, but the known cybersecurity failures so far include:

• Stolen credentials. Bad actors entered a software portal connecting to Change Healthcare’s systems using credentials stolen in a phishing expedition, UHC CEO Andrew Witty told a US Congressional subcommittee May 1. UHC believes the ransomware group purchased these stolen credentials on the dark web, he said.
• An MFA snafu: The attackers entered through a systems software portal for which MFA had not been switched on.
• Undetected lateral movement: The criminals moved laterally to exfiltrate data for nine days, undetected by security monitoring, before deploying ransomware.
• Vulnerable backup systems: Change Healthcare was still using 40-year-old technologies to run its medical claims and payment processing systems, and storing data in on-premises servers, Witty said. (UHC, which purchased Change in late 2022, had begun modernizing and upgrading these systems, moving data and systems to the cloud.)

As a result, neither Change’s prime nor backup IT systems were isolated. The attack disabled both. Cloud-based servers were up and running again fairly soon, but legacy data centers have taken much longer to restore.

The Change Healthcare cyber-attack shut down medical claim and payment processing for more than one month. Cashflow problems mean that facilities may not be able to make payroll or pay for services, which in turn may compromise patient care.

Mortality rates rise at nearly one-quarter of organizations after suffering a cyber breach, the May 16 hearing found.

The effects of the attack have been widespread and long lasting. Nearly three months later, an American Medical Association survey found that:

• 60% of respondents continued to face challenges in verifying patient eligibility.
• 75% were having trouble submitting claims.
• 79% still could not receive electronic remittance advice.
• 85% continued to experience disruptions in claim payments.

Recovering from a data breach in the healthcare and public health sector averages $10 million per incident, far more than in any other sector, the Congressional subcommittee heard. Put another way, remediating health care breaches costs nearly three times more than the costs of remediating breaches in other sectors, according to the AHA: an average of $408 per stolen health care record versus $148 for non-health records.

Costs of the Change Healthcare cyber-attack in the first quarter alone totaled some $870 million, John Rex, President and Chief Financial Officer, said in an earnings call.

Some $595 million, he said, “were direct costs due to the clearinghouse platform restoration and other response efforts, including medical expenses directly relating to the temporary suspension of some care management activities.

“For the full year, we estimate these direct costs at $1 billion to $1.15 billion.” The disruption in Change Healthcare’s operations due to the cyber-attack was expected to cost another $350 million to $450 million, he said.

And in addition to the $22 million the company paid in ransom to unlock its systems, another group appears to have demanded a second ransom payment to stop leaking the data stolen in the attack, it seems that the criminal group supplying the ransomware kit made off with the entire ransom rather than giving the affiliate who performed the attack their cut. Lawsuits and other legal fees and fines will most likely follow, as well.

“This hack could have been stopped with cybersecurity 101,” Sen. Ron Wyden (D-Ore.) reportedly said during the hearing into the Change Healthcare cyber-attack.

Indeed, the health sector “lags far behind most essential infrastructure sectors … on research to understand the risks and develop specific plans to protect, respond, and recover from cyberattacks,” The Lancet reports.

But with investigations underway and more hearings perhaps pending, it’s a given that the industry will need to step up its cyber game. To get started, here are some measures we recommend putting in place:

A phishing email tricked someone into entering their login credentials, which were then sold on, starting the chain of events that led to the Change Healthcare cyber-attack. This is usually the way attacks begin: human error accounts for 95% of all cybersecurity incidents, the World Economic Forum reports.

Next steps: A little education can go a long way. Hornetsecurity’s next-gen Security Awareness Service trains employees using realistic spear phishing simulations and AI-powered e-training, heightening awareness of cyber security risks and threats. Employees learn effectively how to protect themselves and their company. The service is fully automated and easy to use.

It’s not a matter of “if” you’ll be attacked, but “when,” particularly in healthcare. Being able to recover swiftly—resilience—is key to minimizing costs, damage, and downtime.

Next steps: Modernize your backup system with Hornetsecurity’s 365 Total Backup Solution. Among its features:

• Automatic backup of Microsoft 365 data multiple times a day;
• Protection from ransomware attacks as well as third-party disruptions via backup storage and security on Hornetsecurity infrastructure, independent of Microsoft;
• Easy search and recovery;
• Hassle-free, unlimited storage;
• Centralized management; and
• Data storage in local, secured, robust and redundant Hornetsecurity data centers, granting control over data jurisdiction.

Have safeguards in place for storing, accessing, and sharing sensitive personal health information, and adopt a zero-trust model with Hornetsecurity’s 365 Permission Manager tool. Using it, you can

• Perform bulk actions to manage permissions at scale;
• Use Quick Actions to fix permissions on multiple sites at once;
• Assign out-of-the-box best practice policies, or create custom defined compliance polices for SharePoint sites, Teams, or OneDrive accounts;
• Receive alerts for critical shares or policy violations; and
• Use the Audit function to approve or reject policy violations.

To properly protect your healthcare environment, use Hornetsecurity Security Awareness Service to educate your employees on how to secure your critical data.

To keep up with the latest articles and practices, visit our Hornetsecurity blog now.

Don’t wait for a crisis: get your checkup and preventative care now. If you’re in the healthcare sector, your organization is especially vulnerable to breach by criminals emboldened by the success of the cyber-attack on Change Healthcare. Truly, it’s not a matter of if your healthcare organization will be hit, but when. Predators prey on the weak; make sure you’re not seen as an easy target. Fortunately, as outlined above, there are several simple ways to bolster your defenses and the time to act is now.