The first half of the year 2019 has not been very favourable for the healthcare and banking industry. A recent report revealed that 66% of the healthcare organizations had experienced a ransomware attack in the past year while 45% of the organizations have experienced an attack in which data destruction was the primary motivation behind an attack. April 2019 was the worst month in the history of the healthcare sector with 46 major reported breaches with more than 500 leaked records.
Some Of The Most Recent Cyberattacks
The Nova Scotia Health Authority (NSHA) Privacy Breach
On May 13th, 2019, the IT team of the Nova Scotia Health Authority (NSHA) notified about a privacy breach that involved personal health information of nearly 3,000 people. The IT team came to know about the breach after an employee’s email account was compromised due to the phishing attack that occurred on May 8, 2019.
The employee used the username and password of Karen Hornberger, director of privacy at the NSHA, derived from a malicious link that was sent to her email, allowing access to the victim employee’s email inbox. The director of privacy informed that the breach was related to either scheduled surgical procedures or one that was going scheduled at the Colchester East Hants Health Centre in Truro, Canada.
Kingman Regional Medical Centre’s Website Faces Security Issues
On April 8th, 2019, Kingman Regional Medical Centre notified about a security issue with its website. The medical centre took down the website and conducted a comprehensive investigation. It was revealed that there was a misconfiguration in the website that allowed unauthorized individuals to take advantage of the security vulnerability.
This vulnerability affected only those customers who had entered information on the website for booking an appointment. The leaked data information included the names of the customers, their birthdates as well as other medical information. Information including social security numbers, medical records, as well as the financial information, were not leaked. The incident did not affect every customer of KRMC; only a
OTP Bank Data Leak
A database dated back to 2013 allegedly belonging to OTP Bank was publicly available with the personal data of approximately 800,000 clients including names, addresses, phone numbers, approved credit limit, work notes on client’s contract. According to the bank, there was no evidence on information leakage recorded in our bank, and the origin of this database remained unknown to the bank.
HCF Bank Data Leak
Another database with the data of the HCF bank was found lying unsecured on the internet containing the personal information of bank’s 24,400 customers including their names, passport details, phone numbers, addresses, and credit limit. As per the database, most of the customers lived in Volgograd city. The origin of the database remained unknown to the bank.
Alfa Bank Data Leak
Two databases containing Alfa Bank’s customer data was found lying on the internet. The first database, dated back to 2014-2015, held the personal data of more than 55,000 customers, including their names, contact information, addresses as well as their workplace. The addresses of customers contained the information of all the customers that lived in the Northwestern Federal District, and these customers were either working in private companies, the Federal Security Service, or in the Ministry of Internal Affairs. It has been speculated that the database might have leaked in 2014 during the time of mass layoffs of bank’s IT staff.
Why Are Cyber Actors Targeting The Healthcare And Banking Sectors?
CISOs belonging to different sectors find Compliance as the most concerning reason at 33%. This points at the fact that healthcare organizations believe in becoming compliant in order to enhance their cybersecurity. The second most concerning factor is budget restrictions at 22% while the
According to a report by Hubspot, banks and financial organizations were targeted in 25.7 percent of all malware attacks last year. The main reason behind targeting the banking sector is to get access to valuable data including customer information, records and credentials that allow them to intensify the cyber-attacks.
Human error and social engineering are also one of the primary reasons for data compromise. Hence, this may include the accidental posting of patient’s information to the website or inadvertent data leak that can seriously harm the security of the organization.
What Has Been The Most Effective Strategy Against Such Attacks?
As per some reports, organizations are becoming aware of the benefits of cyber awareness training among employees. 84% of organizations are engaging in cybersecurity awareness training annually. The involvement of employees necessitates the need for cybersecurity awareness training. They start learning about the latest cyber threats and the pattern of these threats.
The majority of the organizations engaging in cybersecurity awareness training for their employees notice a significant improvement in employees’ awareness regarding various cyber threats. Employees that are involved in information security operations and management must receive insightful tools and cybersecurity awareness training for understanding the pattern of the latest cyber threats and the security measures that help in mitigating these attacks.