Cyber Markets Round-up: Week 21, May '23: Changing the cybersecurity landscape in Healthcare and Education industries
Cyber Markets Roundup | Weekly cybersecurity investment highlights
*Stock data as of the market close, cryptocurrency data as of 4:00 AM ET.
WHAT’S NEW
US Healthcare Service Provider Fined US$350K over 2018 Data Breach
Following what it calls a “singular human error”, a US healthcare service provider has been fined US$350,000 following a data breach that saw the records of nearly 231,000 people revealed on an unsecured FTP server.
The company, MedEvolve, has agreed to pay the fine and has confirmed that it will “implement a corrective action plan” to ensure such an incident does not happen again and will work harder to secure patient health information held in its systems.
The initial incident saw the patient data of two of MedEvolve’s clients, the office of Dr. Beverly Held and Premier Immediate Medical Care. The affected data included names and addresses, telephone numbers and email addresses, health insurance details, doctor account numbers, and in some cases, Social Security numbers. [Cyber Security Connect]
K-12 Tech Leaders Don’t Feel Prepared for Cyberattacks
A decade ago, cybersecurity was a low priority, ranking 13th out of 16 options, according to CoSN’s annual State of EdTech Leadership report, which surveyed more than 1,200 U.S. school district technology leaders between Jan. 10 and Feb. 28.
Though cyberattacks on schools are increasing, district technology leaders don’t feel adequately prepared to defend their networks. From the study, less than a third of respondents (32 percent) said their district has sufficient cybersecurity resources to combat risks, while 46 percent said their section didn’t have sufficient resources.
The report found that because of inadequate funding, most districts do not have full-time cybersecurity positions. Thirty-four percent of districts distribute that responsibility across several jobs. [Education Week]
Bipartisan Legislation Introduced to Address Rural Hospital Cybersecurity Skill Gaps
New bipartisan legislation has recently been introduced to help address the current shortage of cybersecurity skills at rural hospitals.
At a recent Senate Homeland Security and Governmental Affairs Committee hearing, cybersecurity experts testified about the current healthcare cybersecurity challenges. Kate Pierce, former CIO and CISO at North County Hospital in Vermont and executive at Fortified Health Security said cybercriminals have shifted their focus and are now actively targeting small and rural hospitals.
Large health systems have implemented advanced cybersecurity measures and employ large cybersecurity teams to manage their sophisticated defenses. Still, there is a significant disparity in cybersecurity spending at small and rural hospitals, which tend to have much weaker defenses. [The HIPAA Journal]
Security experts weigh in on Snake malware operation
The U.S. Justice Department announced the National Security Agency (NSA), along with other agencies, had successfully identified infrastructure for Snake malware, which had been used by the Federal Security Service of the Russian Federation (FSB) to victimize organizations throughout the United States and around the world for nearly 20 years.
For nearly 20 years, versions of the Snake malware were used to steal sensitive documents from hundreds of computer systems in at least 50 countries, which have belonged to North Atlantic Treaty Organization (NATO) member governments, journalists, and other targets of interest to the Russian Federation. [Security Magazine]
If you enjoyed this edition of the Cyber Markets Roundup, we are inviting you to connect with us on LinkedIn for FREE and let us build a community of like-minded individuals who are interested in cybersecurity, stocks, and financial markets.