The healthcare industry continues to experience high numbers of cyberattacks and data breaches and healthcare organizations have responded by strengthening their cybersecurity programs, but they continue to face significant challenges, the biggest of which is a lack of cybersecurity staff. That was cited as the main barrier to robust cybersecurity by 61% of respondents to the 2022 HIMSS Healthcare Cybersecurity Survey of healthcare cybersecurity professionals responsible for day-to-day operations or oversight of healthcare cybersecurity programs.

The biggest problem is hiring talent. There is a global shortage of cybersecurity professionals, and with the demand for staff high, qualified cybersecurity professionals can afford to pick and choose employers carefully. Almost 84% of respondents said they struggle to attract skilled staff. Unsurprisingly, given the high demand for staff, an insufficient budget for hiring staff was a problem for 55% of respondents, with non-competitive compensation cited as a problem for 43% of respondents.

When skilled cybersecurity professionals are hired, retention is a problem. Almost 67% of respondents said retaining qualified cybersecurity professionals is a problem, which is unsurprising given that cybersecurity professionals are such a precious commodity. The survey revealed that there is a lack of training for cybersecurity staff to keep them up to date on the latest threats, with 61% of respondents saying there simply isn’t time to provide ongoing cybersecurity training. 42% of respondents said employers didn’t subsidize the cost (22%) or did not subsidize the cost enough (20%). Worryingly, given the extent to which phishing is used in healthcare cyberattacks, only 89% of cybersecurity professionals are provided with training on the detection and mitigation of phishing attacks, and only 47% are trained on how to detect and mitigate insider threats.

Cybersecurity is not just about the IT department, in fact, that is one of the biggest cybersecurity myths that needs busting. Everyone has a role to play in the cybersecurity of their organization, yet the data suggest that training for the workforce is nowhere near comprehensive enough. 91.8% of respondents said security awareness training is provided to information technology staff, but only 69% said security awareness training is provided to clinicians, and the figure fell to just 44% for contractors, and 29% for vendors.

Aside from staffing difficulties, a lack of budget is hampering cybersecurity improvements for 51% of respondents, and the problem is deepening. Only 51% of respondents said they got a cybersecurity budget increase from 2021 to 2022, with almost 7% seeing their budget decline. While there are healthcare organizations that devote around 10% of their IT budget to cybersecurity, typically only 6% or less of the IT budget goes on cybersecurity.

Other key barriers to robust cybersecurity were a lack of a data inventory showing the data held and where it is located (45%), a lack of data classification (38%), a lack of cooperation with other people in the organization (31%), policies and procedures do not reflect current practices (31%), and a lack of executive buy-in (23%).

One of the biggest security wins when it comes to phishing defense is implementing phishing-resistant multi-factor authentication (passwordless), yet despite the calls from CISA to implement phishing-resistant multi-factor authentication, only 9.4% of respondents who had implemented some form of multi-factor authentication used this gold standard. 57% of respondents were still reliant on basic single-factor authentication.

While the survey suggests improvements are being made to cybersecurity at healthcare organizations in response to the high threat level, there are still many challenges to overcome and while the problem of recruitment is unlikely to be resolved in the near future, healthcare organizations could do more and provide the cybersecurity staff they have with more support.

You can access the 2022 HIMSS Healthcare Cybersecurity report here.

The post Survey Highlights Ongoing Healthcare Cybersecurity Challenges appeared first on HIPAA Journal.

The Cybersecurity and Infrastructure Security Agency (CISA) has released an updated version of its Zero Trust Maturity Model, the purpose of which is to help federal agencies adopt zero trust security. While the guidance is primarily intended for federal agencies, it can be used by any organization looking to improve its security posture through zero trust.

The traditional approach to security involves perimeter defenses to keep unauthorized individuals out of protected internal networks, where anyone inside the network is trusted. The perimeter security model has served organizations well for many years, but it is only effective when there is a border to protect and the vast majority of IT resources and critical assets are inside that border. Today, most networks are not entirely on-premises and remote working is now common, so many trusted individuals are outside of the border. Further, with perimeter security, if the perimeter is breached, an attacker could compromise large parts of the network, IT resources, and critical data. Zero trust is based on the assumption that a network has already been compromised and limits access to data, networks, and infrastructure to the minimum level, then constantly assesses the legitimacy of access through continuous verification.

CISA’s Zero Trust Maturity Model is based on 5 pillars – identity, devices, network, data, and applications and workloads – and can be used to assess the current level of zero trust maturity. Version 2 of the Zero Trust Security Model incorporates recommendations collected through the public comment period and sees the addition of a new maturity stage. There are now four maturity stages in the model – traditional, initial, advanced, and optimal. ‘Initial’ was added as CISA recognizes that organizations have different starting points on their journey to zero trust.

The updated Model also includes several new functions and updates to existing functions, which organizations should consider when they plan and make decisions about zero trust architecture implementation. The updated maturity model also provides a gradient of implementation across each of the five pillars to facilitate the implementation of zero trust, supporting organizations as they make minor advancements on their journey toward the full implementation of zero trust architecture.

“CISA has been acutely focused on guiding agencies, who are at various points in their journey, as they implement zero trust architecture,” said Chris Butera, Technical Director for Cybersecurity, CISA. “As one of many roadmaps, the updated model will lead agencies through a methodical process and transition towards greater zero trust maturity.

The post CISA Updates its Zero Trust Maturity Model appeared first on HIPAA Journal.

Microsoft has announced that its Digital Crimes Unit, the Health Information Sharing and Analysis Center (Health-ISAC), and the cybersecurity firm Fortra are taking action to prevent the legitimate red team post-exploitation tool, Cobalt Strike, from being illegally used by malicious actors for delivering malware and ransomware.

Cobalt Strike is a collection of tools used for adversary simulation that can be used to replicate the tactics and techniques of advanced threat actors in a network and emulate quiet, long-term actors with persistent access to networks. The tool was first developed in 2012 and fast became one of the most widely adopted tools among penetration testers. Cobalt Strike has grown in sophistication over the years, its functionality has been significantly enhanced, and it is part of Fortra’s cybersecurity portfolio.

While the tool is incredibly useful for red team operations, cracked copies of the tool have been circulated within the cybercriminal community and malicious use of the tool by cybercriminals is now increasing. Cobalt Strike is used by multiple ransomware gangs, including Lockbit and Conti, before the group split in 2022. Microsoft reports that Cobalt Strike has been used in more than 68 ransomware attacks on healthcare providers in more than 19 countries around the world. The attacks have prevented access to electronic health records, disrupted critical patient care services, resulted in delays to diagnosis and treatment, and have cost healthcare organizations millions of dollars in recovery and repair costs. The tool was also used in the devastating attack on the Health Service Executive in Ireland and the recent attack on the Government of Costa Rica.

Fortra has taken action to prevent the illegal use of Cobalt Strike, including stringent vetting processes for new customers; however, malicious actors have been using older, cracked versions of the tool to gain backdoor access to machines for distributing malware and accelerating the deployment of ransomware. Microsoft says the exact identities of the malicious actors using the tool are not known, but malicious infrastructure used by those threat actors has been detected in Russia, China, and the United States. In addition to misuse of the tool by financially motivated cybercriminals, advanced persistent threat actors from Russia, China, Vietnam, and Iran are known to have used cracked versions of Cobalt Strike.

Microsoft, Fortra, and Health-ISAC have joined forces to increase efforts to disrupt cracked, legacy copies of Cobalt Strike and abused Microsoft software. In contrast to Microsoft’s typical efforts to combat cybercrime by disrupting the command-and-control infrastructure of malware families, efforts are being made to remove illegal, legacy copies of Cobalt Strike to prevent further use by malicious actors.

On March 31, 2023, the U.S. District Court for the Eastern District of New York issued a court order allowing Microsoft, Fortra, and Health-ISAC to disrupt the infrastructure used by criminals to facilitate attacks in more than 19 countries. Relevant Internet Service Providers (ISPs) will be notified about the malicious use of the tool and computer emergency readiness teams (CERTs) will assist in taking the infrastructure offline and disrupting cracked, legacy copies of Cobalt Strike and compromised Microsoft software. Microsoft, Fortra, and Health-ISAC will also be collaborating with the FBI Cyber Division, National Cyber Investigative Joint Task Force (NCIJTF), and Europol’s European Cybercrime Centre (EC3) to prevent misuse of Cobalt Strike.

“Disrupting cracked legacy copies of Cobalt Strike will significantly hinder the monetization of these illegal copies and slow their use in cyberattacks, forcing criminals to re-evaluate and change their tactics,” explained Microsoft. “Today’s action also includes copyright claims against the malicious use of Microsoft and Fortra’s software code which are altered and abused for harm.”

The post Microsoft, Fortra, and Health-ISAC Join Forces to Disrupt Malicious Use of Cobalt Strike appeared first on HIPAA Journal.

The Health Sector Cybersecurity Coordination Center (HC3) has issued a warning about a threat actor that is conducting targeted distributed denial of service (DDoS) attacks on the U.S. healthcare sector. The attacks involve flooding networks and servers with fake Domain Name Server (DNS) requests for non-existent domains (NXDOMAINs), which overloads DNS servers and prevents legitimate DNS requests. These attacks have been conducted since at least November 2022.

DNS servers are used to locate web resources and identify the IP addresses of the requested resources to allow a connection to be made. A DNS Proxy Server will contact the DNS Authoritative Server when a request is received, and if the IP address of that resource is identified, it will be relayed back allowing a connection to be made. In a DNS NXDOMAIN flood DDoS attack, the DNS Proxy Server will be flooded with requests for non-existent domains and the server’s resources will be consumed querying the NXDOMAIN requests with the DNS Authoritative server, and the DNS Authoritative Server will use its resources dealing with the queries.

These requests are usually sent to the DNS Proxy server by a botnet – an army of malware-infected devices under the control of the attacker. Depending on the scale of the attack, legitimate DNS requests will be slowed down or may even be completely prevented, thus stopping legitimate users from accessing a website or web application.

These attacks tend to be relatively short-lived, lasting several hours to a few days. During an attack on a healthcare provider’s domain, patients may be prevented from accessing appointment scheduling applications and patient portals, and a healthcare provider’s website may be rendered inaccessible. Staff may also be prevented from accessing web applications.

These attacks are typified by large amounts of DNS queries for non-existent hostnames under legitimate domains, UDP packets encapsulated in IPv4 and IPv6, widely distributed source IPs, potentially spoofed source IPs, and DNS servers generating lots of NXDOMAIN errors.

Blocking these attacks is difficult as the devices that are part of the botnet are often widely distributed and the botnet may consist of several thousand devices. While it may not be possible to block an attack in progress, there are mitigations that can limit the impact of these attacks. These include blackhole routing/ filtering out suspected domains and servers, implementing DNS Response Rate Limiting, blocking further requests from the client’s IP address for a limited period, ensuring cache refresh takes place, reducing the timeout for recursive name lookup to free up resources in the DNS resolver, increasing the time-to-live (TTL) on existing records, and applying rate limiting on traffic to overwhelmed servers.

While HC3 did not confirm the source of these attacks, the healthcare sector is being targeted by the hacktivist group, Killnet, in response to U.S. Congress’ support for Ukraine. Killnet has been active since at least January 2022, and has stepped up its attacks on the U.S healthcare sector in recent months.

The post HC3 Warns of DNS NXDOMAIN DDoS Attacks on the Healthcare Sector appeared first on HIPAA Journal.

Ransomware and phishing attacks on organizations have increased over the past 12 months as have the costs associated with the attacks. In 2022, the average cost of a data breach increased to $4.35 million and $10.1 million for healthcare data breaches (IBM Security).

Due to the high costs and reputational damage caused by data breaches, cybersecurity teams are being pressured into keeping cyberattacks and data breaches quiet, even though there are often legal requirements for reporting data breaches. The recently published Bitdefender 2023 Cybersecurity Assessment has revealed the extent to which cybersecurity teams are being pressured into staying silent about data breaches. In the United States, 74.7% of respondents said they had experienced a data breach or data leak in the past 12 months and 70.7% of those respondents said they had been told to keep a security breach confidential when it should have been reported. 54.7% of respondents said they did keep a security breach confidential when they knew it should be reported.

Bitdefender’s survey suggests healthcare organizations are failing to report data breaches. 28.6% of healthcare respondents said they were told not to report a security incident that should have been reported and did not report the breach. In the United States, 78.7% of respondents said they are worried that their company will face legal action due to the incorrect handling of a security breach.

Bitdefender also asked IT professionals about the biggest threats that they now face. In the United States, the biggest perceived threats were software vulnerabilities/zero days (80%), supply chain attacks (73.3%) phishing/social engineering (58.7%), insider threats (50.7%), and ransomware (45.3%), with the human factor the biggest concern for business leaders. The biggest security challenges faced by U.S. organizations were extending security capabilities across multiple environments (49.3%), complexity (49.3%), incompatibility with other security solutions (32.1%), and reporting capabilities (40%).

Respondents were also asked about the biggest security myths that they would love to see busted. The biggest bugbear was that the organization is not a target for cybercriminals (42.7%), closely followed by using non-corporate approved apps is not a big deal (40%), that security is the sole responsibility of the IT department (36%), and emails that are delivered to inboxes are always safe to click/open (36%).

Given the increase in cyberattacks on U.S. organizations, it is reassuring that 78.7% of respondents said they are planning to increase their security budgets. 49.3% of respondents said they were planning to cut back on new cybersecurity tech purchases and 38.7% said they were cutting back on new cybersecurity hires, as organizations look to security vendors to provide assistance. 95% of respondents said they are planning on increasing the number of security vendors, and 90% said they are looking for holistic, all-in-one security solutions to ease the burden and avoid compatibility issues.

The survey for the report was conducted by Censuswide on 400 IT professionals from junior IT managers to CISOs, in organizations with 1000+ employees in the USA, UK, Germany, France, Italy, and Spain.

The post Security Teams Pressured into Keeping Quiet About Security Breaches appeared first on HIPAA Journal.

Almost all organizations experienced at least one cyberattack in the past 12 months, according to new research published by Sophos in its State of Cybersecurity 2023 Report. The findings come from an independent study of 3,000 leaders with responsibility for cybersecurity across 14 countries, including the United States. 94% of respondents said they had to deal with at least one cyberattack on their organization in the past 12 months.

Malicious actors are increasingly using automation and cybercrime-as-a-service offerings to conduct sophisticated cyberattacks at scale, and network defenders are finding it increasingly difficult to defend against these threats. The problem has been compounded by a shortage of expertise due to the global lack of cybersecurity professionals.

The extent to which IT teams are having to investigate and respond to potential intrusions is limiting their ability to complete other IT projects and dedicate time to strategic projects, and IT teams are overworked and overwhelmed. The survey confirmed that IT teams feel they are constantly on the back foot and that they are unable to get ahead and proactively improve their defenses and reduce their workload. It is no surprise that 93% of respondents admitted that executing essential security operations was challenging.

The workload of security teams has become so great that there is simply not enough time to investigate all security alerts. 93% of respondents admitted to only investigating fewer than half of all security alerts that are generated about potential malicious activity, and 71% of organizations said they struggle to identify and prioritize the alerts and events to investigate. The time that must be devoted to investigating high-priority security alerts is considerable, with the full detection, investigation, and response process typically taking 9 hours for organizations with up to 3,000 employees and up to 15 hours for larger organizations. More than half of surveyed IT professionals think cyberthreats are now so sophisticated that they are unable to deal with the threats on their own, with 64% of small businesses feeling that way. Data exfiltration, phishing, ransomware, extortion, and DDoS attacks were the biggest security concerns for 2023, with the biggest security risk perceived to be security tool misconfiguration.

It can be a struggle to get one step ahead of malicious actors, but the researchers suggest this is possible with a comprehensive, but straightforward approach that is focused on optimizing prevention, reducing exposure, and disrupting adversaries to buy defenders time to respond. Sophos recommends creating a scalable incident response process, minimizing the attack surface as far as possible, improving prioritization of the alerts that need to be investigated, and using specialist services to optimize the response time. The researchers recommend implementing adaptive defenses that are able to slow down adversaries to give network defenders time to respond. The last step is to “set up a virtuous cycle that combines technology and human expertise to turbo-charge defenses, enabling an increase in speed, efficacy, and impact.  Together they accelerate the defender flywheel, enabling them to pull ahead.”

The post 94% of Organizations Experienced a Cyberattack in 2022 appeared first on HIPAA Journal.

Hackers are increasingly using cloud apps for malware delivery, according to the latest Netskope Threat Labs Report. Historically, malicious actors have relived on email and malicious URLs for malware delivery and security solutions have been developed to protect against these attack vectors. Secure email gateways can detect and block malicious email attachments and URL filtering blocks access to malicious websites and as defenses against these vectors have improved, threat actors have had to look for alternative ways to deliver their malicious payloads and many are now taking advantage of the increasing popularity of enterprise cloud apps.

As is the case with other industries, cloud apps have proven popular in healthcare for improving productivity and supporting a remote workforce. The average enterprise healthcare user interacts with 22 cloud apps a month, with 94% of enterprise healthcare users downloading data from cloud apps each month. The most popular cloud apps in healthcare are OneDrive, Microsoft Teams, SharePoint, and Google Drive, with OneDrive used by 36% of enterprise healthcare users each day.

These cloud apps are being increasingly used by malicious actors for malware delivery, according to Netskope. Cloud apps were leveraged in 38% of malware infections in March 2022, and 42% of malware infections in February 2023. By utilizing cloud apps for malware delivery, malicious actors are able to bypass standard security solutions such as spam and URL filters, which do not inspect cloud traffic.

OneDrive is the most popular cloud app in healthcare, and it is the one that is most frequently abused by malicious actors for malware delivery, followed by the free web hosting service, Weebly, and the cloud-based content management, file sharing, and collaboration app, Box. Malware infections through Box were 6.6% higher in healthcare than in other industries and accounted for 12% of malware infections.

The malware most commonly delivered through web apps over the past 12 months is Trojans, which provide threat actors with an initial foothold in a network. Trojans are delivered by initial access brokers who sell that access to other cybercriminal groups or use that foothold to deliver other malware or legitimate tools that allow them to move laterally and achieve a much more extensive compromise. Downloaders are also commonly distributed via cloud apps, followed by file-based exploits for exploiting known unpatched vulnerabilities, information stealers, and backdoors.

As cloud apps become more popular and data uploads and downloads from cloud apps increase, abuse of these apps is only likely to increase and they are a potential weak point in security. It is important to inspect all HTTP and HTTPS downloads, including those from cloud apps, and to subject all risky file types – such as executable files – to static and dynamic analysis before they are downloaded. Consider restricting access to or blocking downloads from cloud apps that you do not specifically authorize for use, and block uploads to those apps to limit the potential for data exposure. Netskope also recommends implementing an intrusion prevention system that is capable of identifying and blocking malicious traffic patterns.

The post Hackers Increasingly Targeting Cloud Apps for Distributing Malware appeared first on HIPAA Journal.

The pro-Russian hacktivist group KillNet has continued with its attacks on healthcare organizations in the United States in retaliation for U.S. Congress’s support for Ukraine, and on January 28, 2023, the group launched its biggest wave of Distributed Denial of Service (DDoS) attacks to date – a coordinated attack on more than 90 healthcare organizations in 48 U.S. states. 55% of the targets were healthcare systems with at least one hospital and lone hospitals with Level I trauma centers.

The increase in activity has prompted the Health Sector Cybersecurity Coordination Center (HC3) to issue a new Analyst Note about the group, which describes its latest activities, the tactics, techniques, and procedures observed in the recent attacks on the healthcare and public health (HPH) sector, and provides recommended mitigations to defend against and reduce the severity of the group’s attacks.

The group has been active since at least January 2022 and has been actively targeting countries that have pledged support for Ukraine following the Russian invasion, especially NATO countries. In December 2022, KillNet embarked upon a campaign of DDoS attacks on organizations in the HPH sector. The group conducts DDOS attacks that last several hours to a few days causing service outages. While these attacks do not typically cause any major damage, the systems they target suffer outages that threaten critical day-to-day operations at HPH organizations.

While the DDoS attacks appear to have slowed in March, further attacks can be expected. Microsoft has also reported that the group has been targeting healthcare applications on Azure infrastructure for the past 3 months. 31% of the attacks were on pharmaceutical and life sciences firms, 26% on hospitals, 16% on health insurance providers, and 16% on health services and care. While DDOS attacks in 2022 mostly involved Transmission Control Protocol (TCP) as the main attack vector, 53% of the attacks on healthcare were User Datagram Protocol (UDP) floods, and 44% involved TCP.

The group recruits affiliates to assist with the attacks and sends open invitations to the cybercriminal community to help the group achieve its aims, and KillNet has attracted considerable support and respect from the cybercriminal community. While the group does not appear to have engaged in significant data theft to date, KillMilk, the founder and leader of the group, claimed to have stolen the credit card details of 2.5 million Americans and threatened to sell the data. In a recent post, KillMilk claims to have left KillNet to set up a new group called Black Skills, which is allegedly a highly organized military hacking company. The new KillNet leader operates under the name Blackside, and claims to have experience in ransomware, phishing, and crypto theft attacks.

It is currently unclear if the restructuring will see a change in tactics but what is clear is the group plans to continue with its hacktivist campaigns in countries that are considered to be anti-Russia or pro-Ukraine, and the group is considered to continue to pose a significant threat to the HPH sector.

The post KillNet Hacktivist Group Continues to Target U.S. Healthcare Organizations appeared first on HIPAA Journal.

The dark web is extensively utilized by cybercriminals and is therefore a rich source of information… information that can be leveraged by organizations to improve their cyber defenses. The dark web is used by cybercriminals to buy and sell malware, leak sensitive data, and share vulnerabilities and techniques, techniques and procedures that can be used in cyberattacks, and utilizing that data can help organizations to gain an understanding of the threat actors that are targeting their organization, and how attacks are likely to occur.

Dark web intelligence is used by organizations in many industries, but the healthcare industry lags behind other sectors in the use of dark web intelligence. According to a recent survey conducted for Searchlight Cyber, 80% of large enterprises across all industry sectors utilize dark web intelligence as part of their security strategy, with the finance sector leading in the adoption of dark web intelligence with 85% of financial organizations gathering data from the dark web.

Yet only 57% of healthcare organizations use dark web intelligence to learn about their adversaries and improve their defenses against cyberattacks. It is therefore no surprise that just 60% of healthcare CISOs said they were confident about understanding the profile of their adversaries. CISOs in the oil and gas industry were also less likely than average to use dark web intelligence, and they also were not confident that they could understand the profiles of their adversaries. Searchlight Cyber says there is a direct correlation between gathering more dark web intelligence and a stronger security posture, as using dark web data allows organizations to gain a better understanding of the adversaries that are targeting their organization and their industry and also increases the chances of spotting an attack.

“There are a number of possible explanations as to why oil and gas companies and healthcare organizations are behind in the adoption of pre-attack intelligence,”  said Ben Jones, CEO and co-founder of Searchlight Cyber. “Both of these industries have large, complex, and legacy infrastructure, which means they may be prioritizing other security challenges such as vulnerability patching. It is also likely that, unlike enterprises in the finance sector, health and energy organizations may not have historically considered themselves the primary target for financially-motivated cyberattacks emanating from the dark web.”

The survey was conducted on 1,008 Chief Information Security Officers (CISOs) at large enterprises ($200 million+ revenues and 2,000+ employees) between November 2022 and January 2023. The survey found that almost all CISOs – 93% – are concerned about dark web threats, and 72% of surveyed CISOs said they think dark web intelligence is critical to defending their organization.  CISOs in healthcare were much less likely to appreciate the importance of understanding dark web threats than other industries. The survey revealed only 50% of healthcare CISOs believe criminal activity on the dark web had an impact on their company, compared to the average of 64%, and only 53% of healthcare CISOs believe intelligence on cybercriminals is critical to defending their organization.

“As recent incidents have shown us, [hackers] are increasingly targeting enterprises in industries such as healthcare, oil and gas, and manufacturing to leverage the critical nature of these companies, and extort ransoms. This makes it an imperative for these organizations to begin monitoring the dark web, to spot the early warning signs of attack, and improve their security posture based on a better understanding of their adversaries.”

While the value of dark web intelligence is generally appreciated, Searchlight Cyber believes dark web data is being underutilized. While 71% of respondents said they would like to see whether their suppliers are being targeted on the dark web, only 32% of those CISOs are gathering dark web data to monitor attacks against their supply chain. Only 50% of healthcare CISOs said they were interested in seeing if their suppliers are being targeted on the dark web, which suggests there is a lack of understanding about where cyberattacks against their enterprises are originating.

Jim Simpson, Director of Threat Intelligence at Searchlight Cyber, said most sources of threat intelligence tell organizations where attacks have happened in the past, but dark web intelligence provides clues as to what is most likely to happen next and provides visibility into cybercriminal reconnaissance which gives organizations the best chance of spotting attacks before they hit the network.

The post Healthcare CISOs Undervalue Dark Web Intelligence appeared first on HIPAA Journal.