Faced with relentless cyberattacks and the shortcomings of existing defenses, Sanaz Yashar embarked on a journey to create a security risk and mitigation platform, transforming frustration into startup Zafran, which emerged from stealth Thursday with more than $30 million in funding.
UnitedHealth Group has admitted data was "taken" in the cyberattack on Change Healthcare and has just started analyzing the types of personal, financial and health information potentially compromised. The U.S. is offering a $10 million bounty for BlackCat, which claims to have launched the attack.
Proposed federal sticks and carrots to incentivize the health sector to implement stronger cybersecurity standards are already meeting opposition from some industry groups that say financial help is welcome but payment penalties for perceived laggards likely will do more harm than good.
A nursing home operator is seeking bankruptcy protection, citing the effects of a ransomware attack last fall and fallout from the recent Change Healthcare outage as factors that contributed to its financial woes. Also, a Senate bill aims to address cash flows for some health firms hit by an attack.
In the latest weekly update, four editors discussed ISMG's plans for in-depth and diverse coverage at the 2024 RSA conference, the latest guidance on web trackers from federal regulators and the latest forecasts on quantum computing - and why security teams should care.
A Mississippi women's health clinic has filed a proposed class action lawsuit against UnitedHealth Group alleging the disruption in claims processing caused by the cyberattack on the company's Change Healthcare unit and the resulting IT outage is threatening to push the practice into bankruptcy.
Ransomware groups hope threats are enough to sway victims so they don't have to follow through. For victims who pay ransoms, the results are almost guaranteed to be less than advertised - more akin to buying a pig in a poke than a contractual guarantee of service.
For the love of humanity, please stop playing into ransomware groups' hands by treating their data leak blogs as reliable sources of information and then using them to build lists of who's amassed the most victims. That's not what data leak sites actually document.
It's critical for hospitals and other firms to not only prepare for how they will respond to a cyberattack but also to consider the regional impact if a neighboring provider of services needed in the community is disrupted by a serious cyber incident, said Margie Zuk of Mitre.
LockBit ransomware affiliate Mikhail Vasiliev on Tuesday received a nearly four-year prison sentence in Canada and consented to extradition to the United States, where he faces charges of conspiracy to commit computer intrusion. He must also pay CA$860,000 in restitution to his Canadian victims.
The vast healthcare ecosystem disruption caused by the recent attack on Change Healthcare, which affected more than 100 of the company's IT products and services, underscores the concentrated cyber risk when a major vendor suffers a serious cyber incident, said Keith Fricke, partner at tw-Security.
Ransomware groups may come and go, but often it's only in name, as the individuals involved will move on to power whatever group remains a going concern. Cue a reported flow of top talent from LockBit, which was recently disrupted by law enforcement, to Akira, which is apparently alive and well.
The Department of Health and Human Services is working on grant programs and other financial programs to help under-resourced healthcare organizations deal with the cybersecurity challenges they're facing, said La Monte Yarborough, CISO and acting deputy CIO at HHS.
The healthcare sector needs a 911-style cyber civil defense system that can help all segments of the industry, including under-resourced groups, to more rapidly and effectively respond to cyberattacks and related incidents, said Erik Decker, CISO of Intermountain Health and a federal cyber adviser.
The Change Healthcare attack is already providing valuable lessons to healthcare firms - mostly about the importance of resilience, especially when it comes the industry's supply chain and third parties, said Nitin Natarajan, deputy director of the Cybersecurity and Infrastructure Security Agency.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.