At a glance.
- US HHS urges healthcare organizations to become more proactive.
- Using Chrome's Enhanced Safe Browsing mode.
- Trading privacy for user experience.
- Data breach at a major cookware manufacturer.
US HHS urges healthcare entities to be more proactive.
The US Department of Health and Human Services' (HHS) Health Sector Cybersecurity Coordination Center issued an alert last week urging healthcare institutions to utilize a more "proactive preparedness" approach to safeguarding their electronic health record/electronic medical record systems (EMR/EHR) as they are an attractive bounty for cybercriminals. As GovInfoSecurity explains, the threat brief notes that patient records containing protected health information include up to eighteen identifiers – “more information than any other breached record” – that are lucrative to cybercriminals for extortion, fraud, identity theft, and data laundering.
The HHS advises that a more proactive approach will help health entities better “understand vulnerabilities in the current network landscape and provides guidance needed for a framework that will be effective in identifying and preventing attacks, which is key to protecting EMRs/EHRs, along with access to vital patient data." This framework should include training staff about related risks, implementing multifactor authentication, regularly updating and patching systems containing protected health data, and eliminating any data encryption blindspots. The threat brief also urges healthcare entities to create a multi-layered endpoint security strategy and to go on the offensive by engaging in threat hunting to prevent potential attacks.
The pros and cons of Chrome’s Enhanced Safe Browsing mode.
Wired offers a primer on using Google Chrome’s Enhanced Safe Browsing mode, which is, to quote Google, designed for "users who require or want a more advanced level of security while browsing the web.” Reducing a user’s risk of falling prey to phishing scams by 35%, this safety feature sounds like something we all could benefit from. But Enhanced Safe Browsing mode is not the default because it comes at a price: it gives Google increased access to data regarding the user’s internet activities. When turned on, Enhanced Safe Browsing mode will conduct a higher level of checks on extensions and downloads, and suspicious files will be flagged for review. Chrome already checks sites you visit against a list of known dangerous URLs, but the new feature will check sites even if they’re not on the list. Enhanced Safe Browsing is available for desktops across all platforms, but is not yet offered for iPhones or iPads.
Data show that users will give up privacy for experience.
Results from a survey conducted by the API management firm Axway show that nearly 60% of users are willing to trade data privacy for a better user experience. The global survey reflects differences of opinion based on region, with 75% of Brazilians agreeing that user experience is more important than privacy, compared to 59% of Americans and 50% of UK respondents. Nearly two-thirds of those surveyed are willing to use their Facebook or Google logins to access other apps in order to save themselves the trouble of creating a new account, and more than three-quarters of respondents say they’ll give health providers more patient data if it will lead to better care and easier access to their health records.
Axway Chief Technology & Innovation Officer Vince Padua told Business Wire, “This survey tells us there’s a clear appetite for ‘Open Everything.’ It indicates there is an expectation for satisfying digital experiences. Securely opening up data while building on heritage infrastructure can help craft these experiences – while allowing companies to give us the privacy and security we crave.” When it comes to financial data, users in Latin America, the Middle East, and Africa are most receptive to open banking, while US and EU respondents were more hesitant.
Cookware distributor sustains data breach.
BleepingComputer reports that the Meyer Corporation has disclosed a data breach affecting employees' personal information. The compromise is believed to be the work of the Conti ransomware gang. The data at risk include, the company told employees, "first and last name; address; date of birth; gender; race/ethnicity; Social Security number; health insurance information; medical condition(s) and diagnoses; random drug screening results; COVID vaccination cards and status; driver’s license, passport, or government-issued identification number; Permanent Resident Card and information regarding immigration status; and information regarding your dependents (including Social Security numbers), if applicable that you may have provided to the company in the course of your employment."
Erich Kron, security awareness advocate at KnowBe4, wrote about role that Conti and other ransomware gangs continue to play in data exposure:
“Ransomware groups such as Conti have been a thorn in the side of organizations from almost all industries and around the world. Attacks such as this one by the Conti group are typically a ransomware type of attack that first steals the data, then encrypts it and holds the decryption key ransom. In addition, the groups generally threaten the victim organization with exposure of the stolen data, which can include customers, employees, financial information, or intellectual property, among other things, if they do not pay.
"The challenge is, even if the organization has paid the ransom to keep the data from being released publicly, they still must deal with the fact that the data was stolen in the first place. In heavily regulated industries or localities with strong privacy laws, this can result in significant fines and other financial impact.
"With the theft of data being so prevalent in modern cyberattacks, and the resulting financial implications of these attacks, the importance of preventing the attacks has become a very strong focus. Because groups such as Conti and other bad actors use email phishing as a top method of gaining initial network access, it has never been more critical to foster a strong, good, security culture through security awareness training and regular simulated attacks.”
Amit Shaked, CEO of Laminar, again reminds us that, "Data is no longer a commodity, it's a currency — as this incident represents. Information within an organization’s network is valuable to both businesses and attackers. This incident also reminds us that with a majority of the world’s data residing in the cloud, it is imperative that security becomes data-centric and solutions become cloud-native. Solutions need to be completely integrated with the cloud in order to identify potential risks and have a deeper understanding of where the data reside. Using the dual approach of visibility and protection, data protection teams can know for certain which data stores are valuable targets and ensure proper controls, which allows for quicker discovery of any data leakage.”
And Aaron Sandeen, CEO and co-founder, Cyber Security Works, puts Conti in the context of the C2C underworld market:
“Conti ransomware is a ransomware-as-a-service (RaaS) operation believed to be controlled by the Russia-based cybercrime group called Wizard Spider. Its prolific track record continues into 2022, with multiple attacks being reported on the likes of a marketing giant, a nationalized bank, an electronics manufacturing firm and now a kitchenware manufacturer.
"After the discovery of the critical Log4Shell vulnerability in the Apache framework in December 2021, threat actors, including Conti began exploiting the new vulnerability, as organizations scurried to fix their unpatched systems. Conti also became the first ransomware group to have a complete exploit chain for the Log4J vulnerability, thereby raising concerns worldwide about a spate of supply-chain Conti attacks leveraging the critical Apache bug.
"To get ahead of RaaS operations like Conti, we recommend adopting a risk-based approach. Ideally, organizations should seek out near real-time vulnerability platforms that can centralize threat data and identify, investigate and rank vulnerabilities based on weaponization – a more effective approach than waiting for reports to be formalized, interpreted and delegated.”