Tag Archive for: practices

Best Practices for Data Cloud Security

/in


As more businesses move to hybrid environments or adopt a cloud-first approach, the time has come to consider the latest cloud security best practices to safeguard their people, processes, and data.

According to research conducted by Sophos, 70% of companies that use the cloud faced a security threat in 2020. This proves that today, data cloud security is more important than ever. This term refers to a wide array of processes, controls, policies, and technologies that all security professionals, non-technical staff, and executive leadership need to know about so that they can protect their organization.

It is important to remember that unauthorized access to sensitive information, data loss, and theft of trade secrets are all possible on the cloud.

Phishing, brute-force attacks, ransomware transfers, malware injection, and hijacking of accounts are common ways of hacking. According to Embroker, third-party breaches have become even more common in 2022. Millions and millions of users are affected by these data breaches. Now, it’s time for cloud security solutions to build for the future with cyber resilience.

Here are some cloud security best practices to help you ensure that your organization does not succumb to threats:

Enhance Organization-Wide Understanding Of Data Security

Cloud computing has changed how businesses function as more organizations use managed and in-house solutions to store and secure data. This also makes data accessible to remote workers and off-site employees. While this is great for remote employees and employers, how can we ensure that data cloud security is airtight?

It’d be best to host team training sessions, publish informative newsletters, and arrange for practical workshops to show what a data hack would look like and what a response strategy should include.

Your data might be susceptible to the following:

  • Malware
  • Lack of visibility in network functions and operations
  • Compliance failure
  • Loss of sensitive data

It is vital that all employees understand data cloud security to ensure safety. After all, security affects all facets of the organization, including information technology systems and operational technology systems.

Define And Implement…

Source…

Data of 380K patients compromised in hack of 13 anesthesia practices

/in


The Department of Health and Human Services breach reporting tool recently added 13 separate filings from anesthesia practices across the U.S., stemming from a “data security incident” at the covered entities’ management company. In total, the compromise involved the protected health information of 380,104 patients.

The HHS tool appears to center on entities tied to New York-based Resource Anesthesiology Associates and Anesthesia Associates, including sites in El Paso, California, Washington, Palm Springs, Lynbrook, Hazleton, Fredericksburg, Bronx, San Joaquin, and Maryland. Upstate Anesthesia Services is also listed.

It’s currently unclear the name of the management company. A dive into how, or whether, these providers are connected found just one breach notice from Anesthesia Associates of El Paso PA, “an anesthesia provider to a local healthcare facility.”

The breach notification shows the incident occurred on July 15, 2022 at “its management company.” No further details are shared as to the entity behind the incident, or the threat behind the compromise.

However the incident occurred, it appears that protected health information stored in the management company’s system was impacted during the event, which included patient names, contact details, health insurance policy numbers, Social Security numbers, payment data, and health information, such as treatments and diagnoses. 

The entities involved have since improved security controls to better “secure the system and protect patient information.”

OakBend Medical patients targeted by email schemes after ransomware attack

Three weeks after falling victim to a ransomware attack and data exfiltration incident, OakBend Medical Center reported the recovery team restored its network and clinical systems brought offline in the wake of the attack.

OakBend brought the systems back online on Sept. 30, with some replacement processes being utilized as it finished recovering the impacted systems. One week later, the Texas provider began warning patients that third-party actors were targeting individuals with email schemes, with themes tied to the ransomware incident.

As SC Media previously reported, OakBend Medical took its…

Source…

2022 FAIR Conference to Explore Scaling Risk Management Practices to Tackle Growing Cyber Threats

/in


Get instant alerts when news breaks on your stocks. Claim your 1-week free trial to StreetInsider Premium here.

Hybrid in-person and virtual event on Sept. 27-28 in Washington, D.C., and online

Media Passes: To access FAIRCON22 event sessions in person or online, contact Luke Bader, director, membership and programs, FAIR Institute, [email protected]; or Eskenzi PR: Avery MacGregor, [email protected], 978.290.2970; or Cathy Morley Foster, [email protected], 925.708.7893.

RESTON, Va., Sept. 26, 2022 (GLOBE NEWSWIRE) —  What: As financial stakes in cybersecurity grow higher, FAIR Institute, the non-profit professional organization that advances measuring and managing risk, is doubling down to help businesses and organizations protect their most valuable assets with its 2022 FAIR Conference (FAIRCON22). The annual event, this year themed, “Scale: Risk Management to the Next Level,” will bring together thought leaders in cyber and operational risk management to discuss best FAIR™ (Factor Analysis of Information Risk) practices to develop increased value and alignment with business goals.

When: This premiere global risk management conference will be held in-person at the Mandarin Oriental Hotel, Washington, D.C., and virtually Tuesday, Sept. 27, and Wednesday, Sept. 28. Program line-up features dynamic keynote addresses, interactive C-suite panels, and expert case study sessions.

Who: Open to professionals in risk management and offers beginner and advanced session tracks.

  • Speakers: Jack Jones, chairman, FAIR Institute; Mark Tomallo, senior vice president, CISO, Victoria’s Secret; Mary Elizabeth Faulkner, CISO, Thrivent Financial; Jeff Norem, Deputy CISO, Freddie Mac; Matthew Tolbert, senior cybersecurity specialist, supervision and regulation, Federal Reserve Bank of Cleveland; and James Lam, public and private board director; National Association of Corporate Directors (NACD) certified director and D100 honoree; ERM consultant, author, and speaker; and Derek Johnson senior reporter, SC Media; among others.
  • In-person and Virtual: “This year, we are pleased to welcome attendees back in person and to virtual events for FAIRCON22. The conference focus is on ‘Scale,’ demonstrating how to…

Source…

Feds warn about social engineering in cyberattacks on physicians’ practices

/in


HHS agency warns “vishing,” combining scam emails and phone calls, is on the rise.

Phony phone calls paired with bogus emails are part of “vishing” scams that are a rising threat to cybersecurity of physicians’ practices.

Voice phishing, or vishing, is the method “of eliciting information or attempting to influence action via the telephone,” according to the latest analyst note by the Health Sector Cybersecurity Coordination Center (HC3) within the U.S. Department of Health and Human Services (HHS). This month, HC3 also published “The Impact of Social Engineering on Healthcare,” a threat brief that describes how scammers manipulate human psychology for their own gain.

“A social engineer can manipulate staff members into giving access to their computers, routers or Wi-Fi,” to steal protected health information, personal indentifiable information or install malware, the threat brief said.

A growing problem

When part of computer hack attacks, social engineering is problematic in health care because people are naturally trusting, have a desire to help, and want to look intelligent. Workers do not want to get in trouble, but some do take short cuts, the threat brief said.

In large health care organizations, staff members do not always know all their coworkers.

Analysts have said patient data is valuable for bad actors, and health care systems must pay hefty prices to free data and restore computer systems due to attacks. In 2021 and 2022, health care had the largest average cost of a data breach — $10.1 million in 2022 – among the public, energy, technology, pharmaceuticals, and financial sectors, according to HC3.

Phishing and vishing

With phishing, an attacker sends a fraudulent message is designed to trick people into revealing sensitive information, or deploy malicious software such as ransomware into the victim’s computer infrastructure. It was the most common threat to health care organizations, accounting for 45% of security incidents, followed by ransomware at 17%, said the threat brief, citing a health information cybersecurity survey.

In the last year, vishing cyber attacks have increased in all sectors and as a social engineering technique, it has been…

Source…