Connect with us

Hi, what are you looking for?

Tech & Science

Security expert looks at a data breach affecting over 600 healthcare organizations

Here Chenette  opines: “Any organization that collects and stores consumer data must make protecting that data a priority, but it is especially crucial when dealing with protected health information, which is extremely profitable on dark web marketplaces because it usually contains fixed information, such as dates of birth and Social Security Numbers, which hackers can use to commit identity theft for years to come.”

Photo: © AFP
Photo: © AFP

The Professional Finance Company Inc. (PFC) has suffered from a ransomware attack that has led to a data breach affecting over 600 healthcare organizations. The firm is an accounts receivable management company and the cybersecurity incident has impacted upon 657 of its healthcare provider clients.

According to a notice on its website, PFC “detected and stopped a sophisticated ransomware attack in which an unauthorized third party accessed and disabled some of PFC’s computer systems.”

Looking into this cyber-incident for Digital Journal is Stephan Chenette, Co-Founder and CTO at AttackIQ.

Chenette places the attack in the context of a period of sustained cyber-criminal activity, noting: “It has been an alarming week for cybersecurity in the healthcare sector. The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury (Treasury) have released a joint Cybersecurity Advisory (CSA) on Maui ransomware, which has been used by North Korean state-sponsored cyber to target Healthcare and Public Health (HPH) Sector organizations over the last year.”

Within the attack [pattern, one type of sector appears to be hit the most, as  Chenette  outlines: “The healthcare industry is one of the largest targets for cybercriminals, and since the onset of the COVID-19 pandemic, we’ve seen threat actors leverage this global crisis to target healthcare organizations — stealing this protected health information and creating general unrest.”

One reason for hackers targeting healthcare is due to the rich stream of valuable information that can be drawn from the sector.

Here Chenette  opines: “Any organization that collects and stores consumer data must make protecting that data a priority, but it is especially crucial when dealing with protected health information, which is extremely profitable on dark web marketplaces because it usually contains fixed information, such as dates of birth and Social Security Numbers, which hackers can use to commit identity theft for years to come.”

The same applies to the financial sector, as Chenette states: “This Professional Finance Company Inc alert serves as the latest reminder that organizations simply don’t exercise their defenses enough, and healthcare organizations in particular should be evaluating their existing security controls to uncover gaps before an attacker finds them.”

Current trends emphasize the ongoing vulnerabilities: “We continue to see basic security protection failures resulting in data loss for companies both large and small. This trend is disturbing as the cost of recovering from a breach is far more expensive than conducting proactive testing to validate that the security products and services, which you have already purchased and implemented, are working correctly. Consequently, these types of failures can often be easily avoided.”

In terms of mitigation, Chenette  outlines: “To best defend against Quantum ransomware attacks, it’s important to understand the common tactics, techniques, and procedures used by the adversary. In doing so, organizations can build more resilient security detection, prevention and response programs mapped specifically to those known behaviors.”

Chenette  further recommend: “Organizations that manage sensitive health information must adopt a threat-informed cyber-defense strategy tailored to focus on the adversaries most likely to impact their operations to maximize their ability to protect sensitive information. This should include mapping their security controls to specific attack scenarios to measure an organization’s cybersecurity readiness for the attacks that are sure to come. Additionally, companies should use automated solutions that safely validate their defensive controls against ransomware campaigns and their techniques to avoid falling victim.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

Oxford Research reveals high blood glucose reprograms the metabolism of pancreatic beta-cells in diabetes.

Tech & Science

The CDC revealed Friday it is now tracking a new COVID-19 variant of concern around the U.S. known as XBB.

Tech & Science

AI can replace you guys, too. All it needs is a script, you know.

Tech & Science

Avian flu wiped out 50.54 million birds in the United States this year, making it the country’s deadliest outbreak in history.