In response to the growing threat from ransomware attacks, the U.S Department of Justice has launched a new Ransomware and Digital Extortion Task Force that will target the entire ransomware ecosystem as a whole. The aim is not only to bring the individuals conducting the attacks to justice, but also any individuals who assist attackers, including those who launder ransom payments.

The Task Force will include representatives from the DOJ criminal, national security and civil divisions, the Federal Bureau of Investigation, and the Executive Office for United States Attorneys and will work closely with the Departments of Homeland Security and the Treasury. The task force will also work to improve collaboration with the private sector and international partners.

Resources will be increased to address ransomware attacks, training and intelligence gathering will be improved, and the task force will coordinate with the Department of Justice to investigate leads and connections to known cybercriminal organizations and nation state threat groups. In addition to aggressively pursuing all individuals involved in attacks, the task force will make recommendations to Congress on how best to help victims of attacks while discouraging the payment of ransoms.

The task force will help to tackle the proliferation of ransomware attacks by making them less lucrative. According to an internal DOJ Memo written by DOJ Acting Deputy Attorney General John Carlin, “This will include the use of all available criminal, civil, and administrative actions for enforcement, ranging from takedowns of servers used to spread ransomware to seizures of these criminal enterprises’ ill-gotten gains.”

The aim of the task force is to better protect individuals and businesses from ransomware attacks and to ensure the individuals involved are brought to justice. At present, ransomware gangs, members of which are often based overseas, know that there is little risk of being caught and attacks can be extremely profitable.

Ransomware attacks increased sharply in 2020, which was the worst ever year for ransomware attacks. According to a recent report from Chainalysis, more than $370 million in ransom payments were collected by ransomware gangs in 2020, which is an increase of 336% from the previous year. Ransoms are often paid as victims are well aware that paying the ransom, even if it is several million dollars, is a fraction of the cost of recovering from the attack without paying. The cost of attacks could easily be 10 or 20 times higher if the ransom is not paid.

In 2019, the City of Baltimore refused to pay a $75,000 ransom and the attack ended up costing the city more than $18 million. According to the GetApp 2020 Data Security Survey, 28% of businesses have suffered a ransomware attack in the past 12 months and 75% of victims paid the ransom to reduce the cost of remediation.

Ransomware attacks are costing the U.S economy billions. Cybersecurity Ventures has predicted ransomware attacks will continue to increase and are likely to occur at a rate of one every 11 seconds in 2021, with the total cost of the attacks rising to $20 billion in 2021 in the United States alone, with the global cost expected to reach $6 trillion in 2021.

The post DOJ Launches Ransomware and Digital Extortion Task Force appeared first on HIPAA Journal.

Healthcare providers are increasingly leveraging health information technology to provide virtual healthcare services to patients. Telehealth services allow patients living in rural areas and the elderly to gain access to essential medical services, and the pandemic has seen a major expansion in telehealth to provide virtual healthcare services to patients to reduce the spread of COVID-19.

According to FAIR Health, the number of telehealth claims to private insurers has increased by 4,347% in the past year, with virtual care such as telehealth now one of the fastest growing areas of healthcare. The Centers for Medicare and Medicaid Services has committed to providing long term support for virtual healthcare services and Frost & Sullivan predicts there will be a seven-fold increase in telehealth by 2025.

The major expansion of healthcare services has happened quickly and at a time when the healthcare industry is being targeted by cybercriminals more than ever before. Hackers have been exploiting vulnerabilities with ease to gain access to sensitive healthcare data and disrupt operations for financial gain. A 2020 study by SecurityScorecard and DarkOwl revealed there was a near exponential increase in targeted attacks on telehealth providers as the popularity of telehealth soared.

In order for virtual healthcare services to reach their full potential, it is essential for healthcare industry stakeholders to identify and address the privacy and security risks to healthcare data, which can be a challenge in a complex, connected environment such as healthcare.

This week, the Healthcare and Public Health Sector Coordinating Council (HSCC) has published a white paper that provides guidance for the healthcare industry on identifying cybersecurity vulnerabilities and risks related to the use and management of telehealth and telemedicine.

The new resource, Health Industry Cybersecurity—Securing Telehealth and Telemedicine, was published for the benefit of healthcare systems, clinicians, vendors, service providers, and patients, who together share the responsibility for ensuring telehealth provides the maximum benefit while keeping privacy and security risks to a low and acceptable level.

The document explains the cyber risks associated with telehealth and telemedicine and outlines the regulatory issues that apply to telehealth services, providing audit tools, guidance on policies and procedures, and suggesting best practices to adopt.

The guidance document outlines the policy underpinnings of healthcare cybersecurity, explains regulations and organizational policies, cybersecurity considerations, and includes recommendations for implementing and maintaining telemedicine programs.

“Currently, there is no single federal agency with authority to establish and enforce privacy and security requirements for the entire telehealth ecosystem,” explained HSCC. “At a minimum, telehealth systems need to maintain security and privacy consistent with those of all other forms of care.”

Healthcare organizations are encouraged to adopt the best practices suggested in the white paper and implement the recommendations appropriate to their risk profile to improve privacy and security protections to get the optimal benefit from telehealth and telemedicine services.

You can download the HIC-STAT white paper on this link.

The post HSCC Publishes Guidance on Securing the Telehealth and Telemedicine Ecosystem appeared first on HIPAA Journal.

Health-ISAC, in conjunction with the American Hospital Association (AHA), has published guidance for healthcare information security teams to help them improve resilience against supply chain cyberattacks such as the recent SolarWinds Orion incident.

The white paper – Strategic Threat Intelligence: Preparing for the Next “SolarWinds” Event – provides insights into the cyberattack and explores the characteristics that made such an attack possible. The document provides technical recommendations for senior business leaders, C-suite executives, and IT and information security teams to help them prevent and mitigate similar attacks.

Solutions such as SolarWinds Orion have privileged access to the assets they are used to manage, and those supply chain dependencies and inherent trust models were exploited in the SolarWinds Orion attack. The attackers exploited a software update mechanism to inject a backdoor into the network monitoring platform. The update was downloaded and applied by around 18,000 customers and selected companies were then targeted in more in-depth compromises, including several government agencies and cybersecurity firms. The U.S. government recently formally attributed cyberattack to the Russian Foreign Intelligence Service (SVR).

Platforms such as SolarWinds Orion are an attractive target for threat actors. They are used by many attractive targets such as large enterprises and government agencies, they have a centralized system that controls multiple subsystems, networks, and products, and they require little interaction, if any, from the controlled system. The system has an undisclosed, unpatched, or unknown opening that attackers can exploit for a degree of administrative control and, if that opening is exploited, the attackers can gain limited or total control of the subsystems it controls.

All of those factors were exploited in the SolarWinds attack and a further four incidents are described in the white paper where similar characteristics were exploited – – The 2003 HP OpenView vulnerability, WannaCry, NotPetya, and the 2021 SAP Solution Manager incident.

Similar cybersecurity incidents are likely to happen time and time again, so it is important for steps to be taken to minimise risk and limit the damage that can be caused. The white paper details the risks involved with enterprise IT systems such as SolarWinds Orion and provides recommendations that can be applied to allow organizations to predict, and hopefully prevent, similar incidents in the future.

Recommendations include signing up with an ISAC to receive timely and actionable threat intelligence, conducting vulnerability scans to identify vulnerabilities, patching promptly, adhering to the principle of least privilege, and implementing a program of continuous verification to ensure that security controls are still effective at blocking threats.

“What is truly needed is close cooperation between governments, the healthcare sector and all critical infrastructure globally via a formal exchange of cyber threat information and combined cyber defenses – to create a truly global approach,” explained Health-ISAC in the white paper. “We urge organizations to use the strategic and tactical issues discussed in this paper as considerations for all trusted systems used, or planning to be used, in your environment.

The post Health-ISAC Helps Healthcare Organizations Prepare for Supply Chain Cyberattacks appeared first on HIPAA Journal.