Ransomware Archives - gettectonic.com
Cyber Insurance

Cyber Insurance

Navigating Cyber Insurance in an Evolving Threat Landscape The rapidly shifting cyberthreat landscape presents unique challenges for healthcare organizations and underwriters navigating cyber insurance coverage decisions. Cyber liability insurance plays a crucial role in shielding healthcare providers from the mounting costs associated with data breaches and cyberattacks, which now average $9.77 million per incident in the healthcare sector, according to IBM. The Challenges of Retaining Cyber Insurance Healthcare, among other heavily targeted sectors, faces difficulties in securing and maintaining affordable cyber insurance. The constantly evolving threat landscape impacts risk profiles, which drives up premiums and complicates coverage retention. Although year-over-year premium growth plateaued in the U.S. in 2023, 79% of respondents in a Delinea survey still reported increased insurance costs, with 67% experiencing premium hikes between 50% and 100%. As high-profile healthcare cyberattacks and increasing cyber risks persist, navigating the insurance landscape remains a significant challenge. Additionally, the lag in processing claims makes it difficult to anticipate how underwriters will respond to these changing threats. How the Evolving Threat Landscape Impacts Cyber Insurance Obtaining adequate cyber insurance coverage can be challenging in today’s risk-heavy environment. Unlike traditional insurance, where risks remain static, cyber risks constantly evolve to counteract security controls. “Cyber insurance risk adjusters face a unique challenge; unlike fires, which aren’t actively trying to burn you in new ways, cyberthreats are constantly adapting to bypass existing protections,” said Christopher Henderson, senior director of threat operations at Huntress. This continuous adaptation often means that by the time underwriting is complete, a risk assessment may already be outdated. Shifts in the threat landscape are driving changes in cyber insurance questionnaires. While in 2023 insurers focused on remote access tools, vulnerability management, and administrative access controls, the focus in 2024 shifted to include multifactor authentication (MFA) and identity-based attack prevention. This shift highlights the need for organizations to adapt to new requirements in cyber insurance as cybercriminals add new tactics to their playbooks. Adapting Insurance to Emerging Threats As cyberthreat tactics evolve, insurers may adjust policy terms to keep pace with the latest risks. Henderson suggests that insurers could move toward shorter underwriting cycles, possibly even six-month periods, to better align with the rapidly shifting cyber landscape. Mitigating Risk and Controlling Cyber Costs Several factors influence cyber insurance premiums, including organizational size and security posture. For healthcare providers, adhering to industry standards like SOC 2 and ISO 27001 can demonstrate compliance with best practices, improving coverage terms and potentially lowering premiums. Healthcare organizations using the NIST Cybersecurity Framework (CSF) as their primary security standard reported lower premium increases compared to those without this framework, according to a 2024 report by KLAS Research, Censinet, and the American Hospital Association. Henderson emphasizes the importance of layering new strategies with proven, traditional ones: “While staying vigilant against newer tactics like social engineering and identity-based attacks, maintaining consistent, auditable identity verification and MFA protocols remains crucial.” Despite upfront costs, cyber insurance can significantly reduce financial impact during cybersecurity incidents. For example, a 2024 Sophos report found that organizations with cyber insurance saw an average ransomware recovery cost of $2.94 million compared to $3.48 million for those without coverage. Navigating cyber insurance can be complex for healthcare organizations, but careful attention to risks and proactive security measures can help them secure the right coverage at sustainable rates. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Health Cloud Brings Healthcare Transformation Following swiftly after last week’s successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more Top Ten Reasons Why Tectonic Loves the Cloud The Cloud is Good for Everyone – Why Tectonic loves the cloud You don’t need to worry about tracking licenses. Read more

Read More
Cybersecurity

Cybersecurity Regulations for Hospitals

Beyond the 72-hour reporting requirement, which took effect on October 2, 2024, hospitals must implement key cybersecurity measures, such as multifactor authentication and a robust incident response plan, by October 2025. These regulations currently apply only to general hospitals, excluding other healthcare facilities like nursing homes and diagnostic centers.

Read More

Challenges of EHR Implementation in Healthcare

Challenges of EHR Implementation and How to Overcome Them Implementing an electronic health record (EHR) system is a monumental task, with complexities that require careful planning and execution. Common challenges—such as resistance to change, data migration hurdles, cost overruns, cybersecurity risks, and patient engagement issues—can impede progress. However, understanding these obstacles and applying targeted strategies can pave the way for a smooth transition. 1. Resistance to Change The adoption of a new EHR system affects nearly every workflow in a healthcare organization, often sparking resistance among staff. Fear of change and attachment to familiar processes can hinder implementation. Solution: 2. Data Migration Issues Accurate migration of patient health records is critical, yet transitioning data between systems often presents technical and logistical challenges. Solution: 3. Cost Overruns EHR implementation costs can quickly escalate, extending beyond software and hardware expenses to include consulting fees, training, and operational adjustments. Solution: 4. Heightened Cybersecurity Risks Transitioning sensitive patient data between EHR systems increases vulnerability to breaches, ransomware, and other cybersecurity threats. Solution: 5. Patient Engagement Challenges Patients are often overlooked during EHR transitions, leading to confusion about changes in medication requests, appointment scheduling, and other interactions. Solution: Conclusion EHR implementation is undoubtedly challenging, but with proactive strategies, healthcare organizations can navigate these complexities effectively. By addressing resistance to change, ensuring seamless data migration, managing costs, bolstering cybersecurity, and engaging patients, organizations can achieve a successful EHR transition that enhances workflows, safeguards data, and improves patient outcomes. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Health Cloud Brings Healthcare Transformation Following swiftly after last week’s successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more

Read More
Healthcare Cloud Computing

Healthcare Cloud Computing

Cloud Computing in Healthcare: Ensuring HIPAA Compliance Amid Growing Adoption As healthcare organizations increasingly turn to cloud computing for scalable and accessible IT services, ensuring HIPAA compliance remains a top priority. The global healthcare cloud computing market is projected to grow from $53.8 billion in 2024 to $120.6 billion by 2029, according to a MarketsandMarkets report. A 2023 Forrester report also highlighted that healthcare organizations are spending an average of .5 million annually on cloud services, with public cloud adoption on the rise. While cloud computing offers benefits like enhanced data mobility and cost efficiency, maintaining a HIPAA-compliant relationship with cloud service providers (CSPs) requires careful attention to regulations, establishing business associate agreements (BAAs), and proactively addressing cloud security risks. Understanding HIPAA’s Role in Cloud Computing The National Institute of Standards and Technology (NIST) defines cloud computing as a model that provides on-demand access to shared computing resources. Based on this framework, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued guidance on how HIPAA’s Security, Privacy, and Breach Notification Rules apply to cloud computing. Under the HIPAA Security Rule, CSPs classified as business associates must adhere to specific standards for safeguarding protected health information (PHI). This includes mitigating the risks of unauthorized access to administrative tools and implementing internal controls to restrict access to critical operations like storage and memory. HIPAA’s Privacy Rule further restricts the use or disclosure of PHI by CSPs, even in cases where they offer “no-view services.” CSPs cannot block a covered entity’s access to PHI, even in the event of a payment dispute. Additionally, the Breach Notification Rule requires business associates, including CSPs, to promptly report any breach of unsecured PHI. Healthcare organizations engaging with CSPs should consult legal counsel and follow standard procedures for establishing HIPAA-compliant vendor relationships. The Importance of Business Associate Agreements (BAAs) A BAA is essential for ensuring that a CSP is contractually bound to comply with HIPAA. OCR emphasizes that when a covered entity engages a CSP to create, receive, or transmit electronic PHI (ePHI), the CSP becomes a business associate under HIPAA. Even if the CSP cannot access encrypted PHI, it is still classified as a business associate due to its involvement in storing and processing PHI. In 2016, the absence of a BAA led to a .7 million settlement between Oregon Health & Science University and OCR after the university stored the PHI of over 3,000 individuals on a cloud server without the required agreement. BAAs play a crucial role in defining the permitted uses of PHI and ensure that both the healthcare organization and CSP understand their responsibilities under HIPAA. They also outline protocols for breach notifications and security measures, ensuring both parties are aligned on handling potential security incidents. Key Cloud Security Considerations Despite the protections of a BAA, there are inherent risks in partnering with any new vendor. Staying informed on cloud security threats is vital for mitigating potential risks proactively. In a 2024 report, the Cloud Security Alliance (CSA) identified misconfiguration, inadequate change control, and identity management as the top threats to cloud computing. The report also pointed to the rising sophistication of cyberattacks, supply chain risks, and the proliferation of ransomware-as-a-service as growing concerns. By understanding these risks and establishing clear security policies with CSPs, healthcare organizations can better safeguard their data. Prioritizing security, establishing robust BAAs, and ensuring HIPAA compliance will allow healthcare organizations to fully leverage the advantages of cloud computing while maintaining the privacy and security of patient information. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Health Cloud Brings Healthcare Transformation Following swiftly after last week’s successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more

Read More
Iran-based cyber threat actors have been targeting U.S

Iran-based cyber threat actors have been targeting U.S

Iran-based cyber threat actors have been targeting U.S. and international organizations across various sectors, including healthcare, according to a joint cybersecurity advisory from the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Department of Defense Cyber Crime Center. The advisory highlights known threat groups such as Pioneer Kitten, UNC757, Parisite, Rubidium, and Lemon Sandstorm. These actors have been observed targeting a range of sectors including education, healthcare, defense, finance, and local government, as well as organizations in countries like Azerbaijan, the United Arab Emirates, and Israel. A significant portion of these actors’ operations against U.S. organizations involves gaining network access and subsequently collaborating with ransomware affiliates to deploy ransomware. The advisory notes that these actors offer full domain control and admin credentials to networks globally. Recently, they have been working directly with ransomware groups to facilitate encryption and share a percentage of ransom payments. The FBI has identified collaborations between these threat actors and ransomware affiliates such as NoEscape, Ransomhouse, and ALPHV. Despite their association with the Iranian government, these groups typically obscure their Iranian origins and provide vague details about their nationality when working with ransomware affiliates. Tracking of these Iranian cyber threat actors dates back to 2017, with recent activities documented up to August 2024. The advisory draws parallels with a September 2020 alert about Iran-backed hackers exploiting VPN vulnerabilities, based on previous FBI investigations. The advisory provides technical insights into the threat actors’ methods, including their use of public-facing network devices like Citrix Netscaler for initial access. To mitigate risks, the FBI and CISA recommend that organizations prioritize patching vulnerabilities associated with CVE-2024-3400, CVE-2022-1388, CVE-2019-19781, and CVE-2023-3519. Organizations are also advised to review security controls, examine logs, and search for unique identifiers and indicators of compromise. If organizations suspect they have been targeted by these Iranian cyber threat actors, they should contact their local FBI field office for assistance. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Health Cloud Brings Healthcare Transformation Following swiftly after last week’s successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more

Read More
Unlocking Enterprise AI Success

Unlocking Enterprise AI Success

Companies are diving into artificial intelligence. Unlocking enterprise AI success depends on four main factors. Tectonic is here to help you address each. Trust is Important-Trust is Everything Data is everything—it’s reshaping business models and steering the world through health and economic challenges. But data alone isn’t enough; in fact, it can be worse than useless—it’s a risk unless it’s trustworthy. The solution lies in a data trust strategy: one that maximizes data’s potential to create value while minimizing the risks associated with it. Data Trust is Declining, Not Improving Do you believe your company is making its data and data practices more trustworthy? If so, you’re in line with most business leaders. However, there’s a disconnect: consumers don’t share this belief. While 55% of business leaders think consumers trust them with data more than they did two years ago, only 21% of consumers report increased trust in how companies use their data. In fact, 28% say their trust has decreased, and a staggering 76% of global consumers view sharing their data with companies as a “necessary evil.” For companies that manage to build trust in their data, the benefits are substantial. Yet, only 37% of companies with a formal data valuation process involve privacy teams. Integrating privacy is just one aspect of building data trust, but companies that do so are already more than twice as likely as their peers to report returns on investment from key data-driven initiatives, such as developing new products and services, enhancing workforce effectiveness, and optimizing business operations. To truly excel, companies need to create an ongoing system that continually transforms raw information into trusted, business-critical data. Data is the Backbone-Data is the Key Data leaks, as shown below, are a major factor on data trust and quality. As bad as leaked data is to security, data availability is to being a data-driven organization. Extortionist Attack on Costa Rican Government Agencies In an unprecedented event in April 2022, the extortionist group Conti launched a cyberattack on Costa Rican government agencies, demanding a $20 million ransom. The attack crippled much of the country’s IT infrastructure, leading to a declared state of emergency. Lapsus$ Attacks on Okta, Nvidia, Microsoft, Samsung, and Other Companies The Lapsus$ group targeted several major IT companies in 2022, including Okta, Nvidia, Microsoft, and Samsung. Earlier in the year, Okta, known for its account and access management solutions—including multi-factor authentication—was breached. Attack on Swissport International Swissport International, a Swiss provider of air cargo and ground handling services operating at 310 airports across 50 countries, was hit by ransomware. The attack caused numerous flight delays and resulted in the theft of 1.6 TB of data, highlighting the severe consequences of such breaches on global logistics. Attack on Vodafone Portugal Vodafone Portugal, a major telecommunications operator, suffered a cyberattack that disrupted services nationwide, affecting 4G and 5G networks, SMS messaging, and TV services. With over 4 million cellular subscribers and 3.4 million internet users, the impact was widespread across Portugal. Data Leak of Indonesian Citizens In a massive breach, an archive containing data on 105 million Indonesian citizens—about 40% of the country’s population—was put up for sale on a dark web forum. The data, believed to have been stolen from the “General Election Commission,” included full names, birth dates, and other personal information. The Critical Importance of Accurate Data There’s no shortage of maxims emphasizing how data has become one of the most vital resources for businesses and organizations. At Tectonic, we agree that the best decisions are driven by accurate and relevant data. However, we also caution that simply having more data doesn’t necessarily lead to better decision-making. In fact, we argue that data accuracy is far more important than data abundance. Making decisions based on incorrect or irrelevant data is often worse than having too little of the right data. This is why accurate data is crucial, and we’ll explore this concept further in the following sections. Accurate data is information that truly reflects reality or another source of truth. It can be tested against facts or evidence to verify that it represents something as it actually is, such as a person’s contact details or a location’s coordinates. Accuracy is often confused with precision, but they are distinct concepts. Precision refers to how consistent or varied values are relative to one another, typically measured against some other variable. Thus, data can be accurate, precise, both, or neither. Another key factor in data accuracy is the time elapsed between when data is produced and when it is collected and used. The shorter this time frame, the more likely the data is to be accurate. As modern businesses integrate data into more aspects of their operations, they stand to gain significant competitive advantages if done correctly. However, this also means there’s more at stake if the data is inaccurate. The following points will highlight why accurate data is critical to various facets of your company. Ease and speed of access Access speeds are measured in bytes per second (Bps). Slower devices operate in thousands of Bps (kBps), while faster devices can reach millions of Bps (MBps). For example, a hard drive can read and write data at speeds of 300MBps, which is 5,000 times faster than a floppy disk! Fast data refers to data in motion, streaming into applications and computing environments from countless endpoints—ranging from mobile devices and sensor networks to financial transactions, stock tick feeds, logs, retail systems, and telco call routing and authorization systems. Improving data access speeds can significantly enhance operational efficiency by providing timely and accurate data to stakeholders throughout an organization. This can streamline business processes, reduce costs, and boost productivity. However, data access is not just about retrieving information. It plays a crucial role in ensuring data integrity, security, and regulatory compliance. Effective data access strategies help organizations safeguard sensitive information from unauthorized access while making it readily available to those who are authorized. Additionally, the accuracy and availability of data are essential to prevent data

Read More
Standards in Healthcare Cybersecurity

Standards in Healthcare Cybersecurity

The Change Healthcare cyberattack was a significant incident with widespread ramifications across the healthcare industry, with effects that are likely to persist for months or even longer. Standards in Healthcare Cybersecurity will change as a result. Since the ransomware attack on UnitedHealth Group’s (UHG) subsidiary, Change Healthcare, providers have faced financial and operational challenges due to disruptions in claims processing and other essential services. Change Healthcare, which processes 15 billion transactions annually and interacts with one in every three patient records in the U.S., is undergoing a complex and lengthy recovery process, with long-term implications for the industry. The attack was first reported on February 21st when Optum, another UHG subsidiary, alerted customers about the unavailability of some applications due to a cybersecurity issue. It was later confirmed that the BlackCat ransomware gang was responsible for the attack, which led to a $22 million ransom payment by UHG. The scale of the attack caused significant operational disruptions across the healthcare system, affecting entities ranging from large pharmacy chains to small, independently owned practices. In the weeks following the attack, UHG began restoring services, but the recovery process remains ongoing. UHG CEO Andrew Witty testified before Congress that the cybercriminals had gained access to Change Healthcare systems nine days before deploying the ransomware, using compromised credentials to access a Citrix portal without multi-factor authentication. The decision to pay the ransom was described as one of the hardest Witty has ever had to make. The incident has highlighted the vulnerabilities in healthcare cybersecurity, particularly for large organizations like UHG that handle vast amounts of sensitive data. It has also fueled the debate over whether ransomware payments should be made illegal, with arguments on both sides regarding the implications for victims and the broader cybersecurity landscape. The attack has prompted a strong response from industry groups and the federal government. The American Hospital Association (AHA) and the American Medical Association (AMA) have been vocal about the impact on providers, with the AHA calling it “the most significant and consequential cyberattack on the U.S. healthcare system in American history.” The federal government, through the Department of Health and Human Services (HHS), has provided guidance to Medicare providers and launched a formal investigation into the breach. As the healthcare industry continues to recover, the long-term impacts of the Change Healthcare cyberattack are expected to shape future cybersecurity strategies. The incident has underscored the importance of robust third-party risk management, the implementation of security measures like multi-factor authentication, and the potential need for more stringent regulatory standards in healthcare cybersecurity. The full extent of the breach, including the number of individuals affected, remains to be seen, but it is already clear that this event will have lasting repercussions for the industry. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Health Cloud Brings Healthcare Transformation Following swiftly after last week’s successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more Top Ten Reasons Why Tectonic Loves the Cloud The Cloud is Good for Everyone – Why Tectonic loves the cloud You don’t need to worry about tracking licenses. Read more

Read More
gettectonic.com