This is a monthly newsletter I put together for our executive team with a lean towards healthcare. Created with help from ChatGPT.

Ransomware Threats Surge Globally in 2023 

Summary: The 2023 Global Ransomware Incident Map highlights a 73% rise in ransomware attacks, targeting sectors like healthcare and finance. Cybercriminals are increasingly using "big game hunting" tactics, exploiting vulnerabilities such as the MOVEit flaw. This trend underscores the urgent need for businesses to bolster cybersecurity defenses and improve incident response strategies. 

Further reading: Institute for Security and Technology. 

AI Risks in the Workplace 

A recent study by CybSafe revealed that 38% of workers are sharing sensitive information with AI tools, often without their employer's knowledge. This raises significant security concerns, especially since over half of employees have not received training on safe AI use. With the growing reliance on AI, it's crucial for executives to implement clear guidelines and provide training on secure AI practices to mitigate the risk of data breaches and protect intellectual property. 

Further reading: CybSafe - AI Security Risks. 

North Korean IT Worker Incident Highlights Hiring Risks 

A recent cyberattack on a company underscores the dangers of unknowingly hiring North Korean operatives. The organization accidentally hired a North Korean IT worker who accessed sensitive data and demanded a ransom. This highlights the need for stringent vetting in remote hiring practices, especially as North Korea increasingly infiltrates global companies. 

Recommended Protections: 

• Implement strict identity verification for remote workers. 

• Conduct thorough background checks with global databases. 

• Regularly monitor employee network activity for unusual behavior. 

Further reading: GBHackers - North Korean IT Worker Incident. 

Healthcare Supply Chain Attacks on the Rise 

A recent Proofpoint report reveals that 68% of healthcare workers have faced a supply chain cyberattack, with 82% of these incidents affecting patient care. 

Key Insights: 

• 68% of healthcare workers report supply chain cyberattacks. 

• 82% of incidents resulted in disruptions to patient care. 

• Attacks cause delays in procedures and increase patient risks. 

• Ransomware and business email compromise are growing threats. 

Further reading: Security Magazine - Supply Chain Attacks. 

Change Healthcare Breach – Key Insights and Implications 

In February 2024, Change Healthcare experienced a substantial ransomware attack, compromising the personal, financial, and medical information of approximately 100 million Americans. This incident highlights critical vulnerabilities within the healthcare sector and raises concerns about protecting patient data. 

Key Insights: 

• Breach Scope: Sensitive data, including Social Security numbers, medical records, and billing information, was exposed, impacting millions of patients. 

• Financial Impact: UnitedHealth Group, Change Healthcare’s parent company, incurred breach-related costs totaling $2.457 billion, including $1.521 billion in direct response expenses. 

• Ransom Payment: Change Healthcare paid a $22 million ransom to the BlackCat ransomware group in an attempt to prevent further data exposure. 

Further Reading: Change Healthcare Breach Hits 100M Americans – Krebs on Security