Category: BAI Security Blog

Cybersecurity is a hot topic in the healthcare arena, with high-profile breaches at Premara Blue Cross and Anthem highlighting the vulnerability of organizations holding high volumes of sensitive information. The U.S. Department of Health and Human Services reported 235 breaches in 2015 involving more than 112 million health records – 100 times more than any other year. And 8 out of 10 of the largest healthcare hacks ever happened last year. To address the issue, the HHS is putting together a Health Care Industry Cybersecurity Task Force as part of the Cybersecurity Information Sharing Act of 2015.   Yet in 2016, the biggest threats to healthcare data security so far are something far simpler: theft, misplaced laptops, and even garbage

Hollywood Presbyterian Medical Center is the latest medical facility to be attacked by cyber-criminals – this time, by a type of malware known as ransomware. For an entire week, the malicious code took down the hospital’s network. While certain departments were able to function offline, other patients were relocated to nearby hospitals. Identified by the FBI as one of the most prevalent cyber-threats, ransomware encrypts files, locking out an organization’s access until they pay a ransom in exchange for the decryption key. Ultimately, to restore access, HPMC paid a ransom of 40 Bitcoins, or $17,000. With the proliferation of electronic medical records and the reliance healthcare organizations place on email, document management, and other computer-related functions, a similar attack would

Much has been made of the Internet of Things and the way in which it will transform our lives — for the better, in many cases. Yet the interconnectivity of all these devices and the paths they pave for cyber criminals, hackers, and other threats pose a significant issue for enterprises dealing in secure data. Nowhere has the IoT become more of a threat to organizations than in the wearable technology market. The industry, which includes fitness activity trackers, smartwatches, and health issue monitoring, among others, has exploded in recent months. ABI Research estimated that there would be 200 million wearable devices on the market by the end of 2015, and 780 million by the end of 2018. And a

The productivity benefits of telecommuting have been supported by numerous studies. The latest was conducted by Stanford University professor Nicholas Bloom and graduate student James Liang, who is also a cofounder of the Chinese travel website Ctrip. During the nine-month study, Ctrip call center employees who volunteered to participate were randomly assigned either to work from home or in the office for nine months. Those who worked from home produced a 13% performance increase and handled 4% more calls per minute than their office bound colleges. Home workers also reported that they were much happier with their jobs and proved significantly less likely to quit. Plus, Ctrip estimated that it saved $1,900 per telecommuting employee for the nine months that

Data Breach Insurance: Is It Necessary? edited We know that data/networks can and should be secured more effectively. While no security system will ever be 100% bulletproof, there are glaring issues with bad practice in all of the recent high-profile breaches. We’ll look at why this might be happening in a follow-up post this week, but in this post we’ll focus on the costs of recovery after a breach. The forensic investigation and remediation process following a breach is costly and time consuming. Confronting the facts about how long hackers may have been in the system and what they might have done while they were there is also painful for those charged with securing that system. Addressing the legal and

As you may already have heard, a 15-year-old was arrested for what is being called one of the UK’s biggest cybercrimes to date – the successful attack on British ISP TalkTalk last week. TalkTalk services the consumer and small business markets. The data breach suffered by the company was most likely the result of a SQL injection attack, and may have exposed data on all of TalkTalk’s 4 million customers — including their names, addresses, email addresses, phone numbers, account information, and some financial data. The company has stated that not all of the data was encrypted. Apparently the IT security team was distracted by a denial-of-service attack, during which time the data thief (or thieves) managed to access customer

Prevent, detect, and contain: that’s the National Security Agency (NSA) advice for mitigating the damage of malware attacks. The NSA is warning businesses and agencies to prepare for an upswing of attacks in which data is not only stolen/exposed, but is, along with the network systems that house the data,  destroyed or left unusable in the wake of the attack. Annihilation of data is a growing threat, notes the NSA in its report, “Defensive Best Practices Against Destructive Malware.” Compiled by the NSA’s Information Assurance Directorate (IAD) division, the report provides a good proactive baseline for warding off attacks, along with advice on how to keep attackers from running amuck after they have gained some access to the network. Security

Man-In-The Middle Exploits and the IOT There are roughly 25 billion smart devices and objects busily gathering data and beaming information back to their respective motherships (and business partners). That’s up from 7 billion things a mere five years ago. And five years from now? The consensus is that 50 billion things will be interconnected, merrily gathering data, making our lives easier and transforming the world into a malicious hacker’s magic kingdom. Unfortunately, research by OpenDNS confirms that internet of Things devices do create new opportunities for attackers to remotely exploit organizations. According to the OpenDNS report, 23 percent of organizations surveyed have no controls to prevent unauthorized devices from connecting to the corporate network. OpenDNS also discovered that some computing