惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
SegmentFault 最新的问题
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Attack and Defense Labs
Attack and Defense Labs
F
Full Disclosure
Vercel News
Vercel News
N
News | PayPal Newsroom
The GitHub Blog
The GitHub Blog
H
Hacker News: Front Page
H
Heimdal Security Blog
P
Privacy International News Feed
博客园 - 司徒正美
Google DeepMind News
Google DeepMind News
N
Netflix TechBlog - Medium
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
Cisco Blogs
L
Lohrmann on Cybersecurity
D
Docker
Recent Announcements
Recent Announcements
Security Archives - TechRepublic
Security Archives - TechRepublic
人人都是产品经理
人人都是产品经理
C
CXSECURITY Database RSS Feed - CXSecurity.com
P
Proofpoint News Feed
T
Tailwind CSS Blog
C
Check Point Blog
博客园 - 叶小钗
Google Online Security Blog
Google Online Security Blog
Martin Fowler
Martin Fowler
Stack Overflow Blog
Stack Overflow Blog
博客园 - 聂微东
S
Secure Thoughts
博客园 - Franky
博客园_首页
阮一峰的网络日志
阮一峰的网络日志
P
Palo Alto Networks Blog
Latest news
Latest news
量子位
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 三生石上(FineUI控件)
The Cloudflare Blog
Last Week in AI
Last Week in AI
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Cyberwarzone
Cyberwarzone
小众软件
小众软件
Cisco Talos Blog
Cisco Talos Blog
Hacker News: Ask HN
Hacker News: Ask HN
T
Threatpost
T
Tenable Blog
P
Privacy & Cybersecurity Law Blog
WordPress大学
WordPress大学

Breaches – ThreatDown by Malwarebytes

Snowflake “breach” looks like 165 individual incidents Ticketmaster, Santander Bank breaches linked to Snowflake hack, threat actor claims K-12 district hit with $500k Medusa ransomware attack Comcast’s Xfinity breached by Citrix Bleed; 36 million customer’s data accessed MongoDB warns customers about data breach after cyberattack State of Maine data breach impacts 1.3 million people Okta breach happened after employee logged into personal Google account - ThreatDown by Malwarebytes Medical research data Advarra stolen after SIM swap 1Password reports security incident after breach at Okta
Ransomware drives healthcare provider into administration
Pieter Arntz · 2024-06-08 · via Breaches – ThreatDown by Malwarebytes
Medicine

Australian e-prescription provider MediSecure has entered voluntary administration following a cyberattack.

As we know, falling victim to a ransomware group can be very costly. Remember, it’s not just the ransom payment—the cost of getting your business back to work and then improving security to prevent a repeat of the attack often outweigh it.

According to research by Coveware, the average ransom payment amount was close to $400,000 in the first quarter of 2024. But as Fisher Phillips pointed out, beyond the payments, the average cost of each ransomware attack last year was over $5 million, which is very close to the $4.45 million that IBM quotes for the cost of a data breach.

So, even if you don’t pay the ransom, have an excellent backup strategy, and your ransomware recovery plan is optimized and readily executable, there can still be significant disruption.

It’s also no secret that healthcare organizations are usually not in the happy place I described above. They simply don’t have the money, resources, or IT teams that would be necessary to get there.

A painful example is the Australian e-prescription provider MediSecure. The company facilitates electronic prescribing and dispensing of prescriptions. Last month, it confirmed a large-scale cybersecurity incident in which personal and health-related data were stolen.

Three weeks further on and MediSecure has entered voluntary administration. Voluntary administration is an insolvency procedure where an external administrator is appointed because the company is in financial trouble.

Voluntary administration is designed to resolve a company’s future. The voluntary administrator takes full control of the company. This allows the director or a third-party time to find a way, if possible, to save the company or its business.

As we have pointed out in the past, the days that ransomware groups steered clear of healthcare organizations are long gone, and some groups even appear to single out healthcare organizations for special attention.

Healthcare data is also easy to ransom because of the value patients, clinicians, lawmakers, and healthcare organizations place on keeping it private. That, combined with the historical under-investment in cybersecurity, and the ongoing digitalization of healthcare, makes it a tempting target.

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
  • Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like ThreatDown EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.