Select Page

Blog

Digital Health Companies: Get Ahead of The Cybersecurity Implications of The SVB Collapse

The news of the Silicon Valley Bank (SVB) collapse is everywhere right now, and with it has come much speculation about what should have been done to prevent it, the fallout it will or won’t cause, and much more.

We’re not going to weigh in on any of that.

We do want to share some thoughts about the cybersecurity implications of what’s happened and offer some words of caution.

Malicious threat actors love a good frenzy, a crisis they can capitalize on and exploit to carry out an attack. This is where digital health leaders and entrepreneurs, whether they are SVB customers or assumed to be, should be on high alert.

50% of US venture-backed tech and life science companies bank with SVB and countless VC firms; with a target audience this size, a malicious actor doesn’t need to know who is affected and who isn’t-they can just start guessing. They don’t need everyone to fall for their antics, just an unfortunate few. And because SVB customers include many digital health and medical device companies, patient data is potentially at risk.

Here are some ways you can and should expect bad actors to start exploiting the fear and panic surrounding the SVB collapse.

Misinformation: It isn’t hard to make information look official. Don’t believe everything you read right now. Whether it’s the crash of other banks, emergency funds and banking services available to you, or any number of other messaging-operate out of suspicious default. Assume everything is fake until you verify through a reputable source.

Social Engineering: This is where we’re expecting to see a lot of malicious strategies. Here are three types of social engineering to be on the lookout for:

  • Phishing emails: The FBI’s Internet Crime Complaint Center’s Internet Crime Report 2022 reports phishing is the top cybercrime of 2022. It only takes one person to click on link in a phishing email and open your network to a malicious threat actor. Similarly, your employees should be on the lookout for personal phishing emails aimed at getting their personal banking credentials, etc.
  • Fake social media accounts: this is a common strategy of malicious threat actors, created to lure people into giving their personal information to someone that looks official or legitimate but isn’t.
  • Fake CEO emails or text messages: this tactic can be incredibly effective to a staff that isn’t educated, prepared, and vigilant. When your CEO emails you and asks for something, no matter how crazy it seems, it’s easy to take action without thinking. It often starts with, “I need a favor right now” or something similar and can quickly expose your organization or an employee’s personal credentials.

Be Vigilant: You can take action right now to help protect your organization, employees, and patient data with just a few simple steps:

Communicate with your employees. Starting with whether or not your organization has been affected by the SVB collapse and the developments over the past few days. Don’t assume that because you ingest the news regularly that your employees do the same-they may not be aware that all deposits have been backstopped and that companies have access to their funds. Don’t let them wonder and worry; it makes them more likely to fall for a phishing email or fake CEO email.

Educate your employees. Events like the SVB collapse are a paradise for scammers and malicious threat actors. Educate employees to know what to look for, how to verify information, and that the leadership team should never ask for sudden favors or financial information via email or text.

Engage your cybersecurity partner. Don’t assume your cybersecurity partners are on high alert on your behalf. Make sure you and your Security Operations Center are paying extra attention to failed logins, multi-factor authentication failures, and alerts. If you don’t have someone managing endpoint detection, firewall, logs, or actively threat hunting for you, now is a good time to consider engaging a partner.

Stay vigilant with your vendors. A vendor breach can quickly become yours. Your vendors are just as likely to be targets of all the above threats as your organization is, be sure you have insight into the threats that may exist along your supply chain.

The HITRUST r2 framework is designed to be comprehensive, and this scoping factor is a perfect example of that design philosophy. It forces you to think beyond firewalls and IAM policies and consider the full environment in which your systems operate. For organizations in leased commercial office space, that environment includes a landlord, a property management company, a cleaning crew, a fire marshal, a building security team, and a building full of mechanical systems you don’t control.

The question isn’t whether you can justify answering “No.” The question is whether your control environment genuinely supports that answer and whether you can prove it to an assessor who’s going to walk your halls, try your door handles, peek into your wiring closets, and ask you who else has a key.

Get this scoping factor right, and you build a foundation of credibility that carries through the rest of your assessment. Get it wrong, and you spend the rest of the engagement explaining why your scoping doesn’t match reality.

Start with the building. The rest follows from there.

SME Highlight

Steve Meyer, CCSFP, CHQP

Steve Meyer is the Senior Director of Consulting Services at Clearwater, bringing over 37 years of experience across various aspects of Information Technology to Clearwater customers. Steve leads the HITRUST Assessment Services team.

Read More

View All Resources

Cyber Briefings for Healthcare Organizations

Stay informed on the latest healthcare cybersecurity, privacy, and compliance threats. Join Clearwater Cyber Briefings each month for expert insights and actionable risk intelligence.

Register Today to Stay Informed

Related Blogs

No results found.