Cyber Briefing | October 2023

We’re here to make sure you stay in the know about the latest in cybersecurity and healthcare trends. Our goal is to provide you with the information and headlines you need to stay informed and confident as a Healthcare Cyber Defender. Feel free to use this valuable resource to enhance your presentations and gather essential data points.

Growth in the Number of Healthcare Records Compromised per Breach

In our monthly cyber briefing, Steve Cagle, Clearwater’s CEO, reviewed the current rate of healthcare records breached. The totals are increasing because of some significant breaches in September. Stemming from the MOVEit vulnerability, Nuance Communications’ notification of breach included 1.2M individuals, adding to this trend of a larger number of records per breach.

Ransomware Attacks in the US and Healthcare-Focused

“Over the last 12 months, education and healthcare were the most beleaguered sectors in the US outside of services. They received so many attacks that if they were countries, they would be the fourth and sixth most attacked in the world.”

2023 State of Ransomware Report – Malwarebytes

Another recent ransomware headline and one of the latest victims is a large Michigan health provider. Suspicious activity led to an investigation and subsequent partial IT shutdown of 14 locations. The threat actors claim to have stolen 6 TB of data – 2.5 M records.

FBI Cyber Division Notification

Dual Ransomware Happening Closely Together

Two or More Ransomware Variants Impacting the Same Victims and Data Destruction Trends

The FBI recently observed a concerning pattern of dual ransomware attacks happening closely together. In these incidents, cybercriminals employed two distinct ransomware variants against their target companies. These variants included AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal, and were used in different combinations. This dual ransomware approach resulted in a damaging mix of data encryption, data theft, and financial losses due to ransom payments. Subsequent ransomware attacks on already compromised systems could pose a significant threat to the affected organizations.

Sign up to receive these alerts directly here: https://delivery.fbi.gov/subscribe

SEC Ruling for Cybersecurity Risk Management and Incident Disclosure now in Effect

SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure

Incident Reporting

  • Beginning 12/18/23
  • Disclosure of material cyber incidents on 8-K
  • 4 days from determining a material incident
  • “Materiality” must be determined “without delay”

Annual Reporting

  • All fiscal year periods ending on or after 12/15/23
  • Disclose risk management and governance information in relation to cybersecurity, including board proficiency and oversight of cybersecurity risks on 10-K

Cisco Issued a Zero-Day Notice and Subsequent Update Regarding Multiple Vulnerabilities in Their IOS XE Software Web UI Feature

Read the details, including summary, affected products, indicators of compromise and workarounds on Cisco’s site.

CISA Added Two Known Exploited Vulnerabilities to Their Catalog

According to CISA’s website, based on evidence of active exploitation, it added the following two known vulnerabilities to its catalogue of known vulnerabilities:

  • CVE-2023-4966 Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
  •  CVE-2021-1435 Cisco IOS XE Web UI Command Injection Vulnerability

Read more here.

Newsletter

Sign up for our monthly newsletter discussing hot topics and access to invaluable resources.


Related Blogs

Clearwater Cyber Briefing: Key Trends and Takeaways for November 2024

Clearwater Cyber Briefing: Key Trends and Takeaways for November 2024

In today’s ever-evolving threat landscape, staying ahead of cybersecurity risks is more critical than ever for healthcare organizations. That’s why, each month, Clearwater Security delivers a Cyber Briefing, providing a comprehensive digest of the latest news, emerging threats, and key updates from across the healthcare cybersecurity ecosystem. These briefings are designed to equip healthcare leaders with the knowledge and insights they need to safeguard their organizations and stay informed on the most pressing issues.
Experts Predict Increasing Digital Health Investment in 2025: Innovators Can Turn Cybersecurity into Value Creation

Experts Predict Increasing Digital Health Investment in 2025: Innovators Can Turn Cybersecurity into Value Creation

Digital innovation in healthcare continues to march forward, with artificial intelligence (AI) attracting even more attention and contributing to funding patterns across product categories and therapeutic areas. With a strong close to this year, 2024 funding dollars and deal counts could exceed 2023 historicals. This sustained growth demonstrates a healthcare landscape eager for technological advancements and poised to adopt new solutions that can drive efficiency and improve patient outcomes. Investors and innovators alike are seizing this opportunity to make a lasting impact on healthcare systems worldwide.

Connect
With Us