Tag: battle | Page 3

The PATCH Act: Protecting Medical Devices from Cyber Attacks | Spilman Thomas & Battle, PLLC

June 9, 2022/in Computer Security

INTRODUCTION
In a previous issue of Decoded, we discussed the alarming fact that many medical devices, including those implanted in patients’ bodies, are leaving the manufacturers with known cybersecurity flaws. Due to these known flaws, these devices are vulnerable to being hacked, and patients’ personal/protected health information (“PHI”) stolen; or worse, the device being held hostage in a ransomware attack. In hopes of preventing a medical disaster associated with unprotected medical devices, this year, the House and the Senate are considering companion bills intended to significantly improve security and safety for medical devices. Senate Bill 3983, the “Protecting and Transforming Cyber Health Care Act” or “PATCH Act,” and the House companion, the PATCH Act of 2022, H.R. 7084, are currently under consideration in their respective Committees. The PATCH Act represents a major step forward in securing networkable medical devices, but there are significant shortcomings in the way it addresses the ever-evolving threat of cybersecurity vulnerabilities in those medical devices.

A PROBLEMATIC DEFINITION OF “CYBER DEVICE”
At the outset, the PATCH Act must define what medical devices it intends to cover. Medical devices come in all shapes and sizes – from implanted devices such as a pacemaker or a child’s RFID tag, to robotic assisted surgical equipment such as the Da Vinci, or even MRI or X-Ray imaging machinery. These devices are known to be vulnerable to cyberattacks, with a wide range of medical impacts and risks to health and safety. With the PATCH Act, Congress is trying to address vulnerabilities of all of these devices under the simple umbrella of “cyber devices.”

The PATCH Act defines a “cyber device” as “a device that (A) includes software; or (B) is intended to connect to the internet.” This definition demonstrates the complexity of the issue, because it includes amorphous terms. What constitutes “software” in this context? Is software specific computer programing, or does it include passive RFID chip technology? Title 21 of the United States does not otherwise define “software” as a standalone term. Likewise, the phrase “intended…

Source…

Battle against the hackers: Councils across Northern Ireland step up online security after recent attempted cyber attacks

May 22, 2022/in Computer Security

Councils across Northern Ireland are acting to combat the current “heightened” threat of cyber attacks.

ne council has admitted it is dealing with “daily” attempted attacks on its computer systems.

Source…

India’s battle with Pegasus tells a bigger tale of tech laws • The Register

May 8, 2022/in Computer Security

Analysis NSO Group’s Pegasus spyware-for-governments keeps returning to the headlines thanks to revelations such as its use against Spain’s prime minister and senior British officials. But there’s one nation where outrage about Pegasus has been constant for nearly a year and shows little sign of abating: India.

A quick recap: Pegasus was created by Israeli outfit NSO Group, which marketed the product as “preventing crime and terror acts” and promised it would only sell the software to governments it had vetted, and for approved purposes like taking down terrorists or targeting criminals who abuse children.

Those promises are important because Pegasus is very powerful: targets are fooled into a “zero click” install of the software, after which their smartphones are an open book.

In July 2021, Amnesty International and French journalism advocacy organisation Forbidden Stories claimed Pegasus had been used well beyond its intended purpose, and claimed to have accessed a list of over 50,000 phone numbers NSO clients had targeted for surveillance.

Many were politicans, activists, diplomats, or entrepreneurs – jobs that are just not the sort of role NSO said it would let governments target with Pegasus.

Over 300 Indian residents made that list – among them opposition politicians, activists, and officers of the Tibetan government in exile.

NSO has offered no explanation, or theory, for how its promises turned to dust.

The New York Times reported Prime Minister Narendra Modi purchased Pegasus in 2017 as part of an overall weapons deal worth roughly $2 billion, but Indian politicians have resisted admitting to its acquisition or use.

The mere implication that India’s government had turned Pegasus against political opponents was dynamite and complaints poured in from those who felt they had been targeted.

Those complaints were heeded: in…

Source…

An Inside Look At the Battle Against Ransomware Attacks – NBC4 Washington

February 5, 2022/in Internet Security

Ransomware attacks have doubled in each of the past two years, according to a new report from the nonprofit group Identity Theft Resource Center, and the group said hackers demanding payment could become the number one cause of data compromises this year, surpassing phishing schemes.

As witnessed over the past couple of years, it seems no company, government or school is immune to the risk.

“There’s no silver bullet that protects you from everything,” Maryland Chief Information Security Officer Chip Stewart said.

In December, a ransomware attack forced the state’s Department of Health to shut down its website in the middle of the pandemic. It impacted COVID-19 data reporting, hospital operations, even funerals.

“Systems start malfunctioning, which is how this event was detected,” said Stewart.

He told the I-Team as soon as the threat was discovered emergency plans kicked in and the agency immediately took servers offline to protect the network.

“Ransom payment is always part of the discussion. Fortunately, because of the work we’ve done leading up to this, we haven’t had to consider that as a real possibility at this point,” said Stewart.

Attacks like these happen thousands of times each year, said Jen Miller-Osborn, deputy director of threat intelligence for Unit 42 by Palo Alto Networks, a specially trained team of cybersecurity experts who help with ransomware negotiations.

“Ransomware has gone absolutely insane. They’re continuing to expand their tactics and ways that they’re trying to get paid. The best thing to do is not to pay. But there are cases where you have to because otherwise your business is done. It can be a really, really tough situation,” she said.

Last April, D.C.’s Metropolitan Police Department got hit with an attack. The hackers wanted $4 million. MPD offered $100,000 but ended up paying nothing. Files containing sensitive information on officers and suspects were posted on the dark web.

“It’s definitely a place where criminals hang out. It’s definitely a place that you know these threat actors are leveraging to stay anonymous,” said Ramarcus Baylor, a ransom negotiator for Unit 42 and senior director of incident…

Source…

Tag Archive for: battle