Hospitals Should Brace For Surge In Ransomware Attacks
Comments Off on Hospitals Should Brace For Surge In Ransomware Attacks
U.S. hospitals should brace for a surge in “ransomware” attacks by cyber criminals who take computer networks hostage, then demand payment in return for unlocking them, a non-profit healthcare group warned on Friday.
The Health Information Trust Alliance conducted a study of some 30 mid-sized U.S. hospitals late last year and found that 52 percent of them were infected with malicious software, HITRUST Chief Executive Daniel Nutkis told Reuters.
The most common type of malware was ransomware, Nutkis said, which was present in 35 percent of the hospitals included in the study of network traffic conducted by security software maker Trend Micro Inc.
Ransomware is malicious software that locks up data in computers and leaves messages demanding payment to recover the data. Last month, Hollywood Presbyterian Hospital in Los Angeles paid a ransom of $17,000 to regain access to its systems.
This week, an attack on MedStar Health forced the largest healthcare provider in Washington, D.C., to shut down much of its computer network. The Baltimore Sun reported a ransom of $18,500 was sought. MedStar declined to comment.
HITRUST said it expects such attacks to become more frequent because ransomware has turned into a profitable business for cyber criminals.
The results of the study, which HITRUST has yet to share with the public, demonstrate that hackers have moved away from focusing on stealing patient data, Nutkis said.
“If stuff isn’t working, they move on. If stuff is working, they keep doing it,” said Nutkis. “Organizations that are paying have considered their options, and unfortunately they don’t have a lot of options.”
Extortion has become more popular with cyber criminals because it is seen as a way to generate fast money, said Larry Whiteside, a healthcare expert with cyber security firm Optiv.
Stealing healthcare data is far more labor intensive, requiring attackers to keep their presence in a victim’s network undetected for months as they steal data, then they need to find buyers, he added.
“With ransomware I’m going to get paid immediately,” Whiteside said.
Courtesy- http://www.thegurureview.net/aroundnet-category/hospitals-should-brace-for-surge-in-ransomware-attacks.html
Bluetooth 4.1 Goes IPV6
The Bluetooth Special Interest Group (SIG) has announced Bluetooth 4.1, the first version of Bluetooth to lay the foundations for IPV6 capability.
The first hints of what the Bluetooth SIG had planned for this new version were revealed to The INQUIRER in October during our exclusive interview with Steve Hegenderfer at Appsworld. There, he revealed his aspirations for the Bluetooth protocol to become integral to the Internet of Things.
At the front end of Bluetooth 4.1, the biggest change for users is that the retry duration for lost devices has been increased to a full three minutes, so if you wander off with your wireless headphones still on, there’s more of a chance of being able to seamlessly carry on listening upon your return.
Behind the scenes, devices fitted with Bluetooth 4.1 will be able to act as both hub and end point. The advantage of this is that multiple devices can share information between them without going via the host device, so your smartwatch can talk to your heart monitor and send the combined data in a single transmission to your smartphone.
This sort of “pooling” of devices represents an “extranet of things”, and the technology can therefore be applied to a wider area in forming the “Internet of Things” too.
The other major additions are better isolation techniques to ensure that Bluetooth, which broadcasts on an unregulated band, doesn’t interfere either with itself or with signals from other protocols broadcasting at similar frequencies, including WiFi.
The Bluetooth protocol has retained complete backwards compatibility, so a new Bluetooth 4.1 enabled device will work seamlessly with a Bluetooth 1.0 dongle bought in a pound shop.
In addition, Bluetooth 4.0 devices can be Bluetooth 4.1 enabled through patches, so we should see some Bluetooth 4.1 enabled hardware arrive early in 2014.
Big Boys Sign Consumer Privacy Pact
Six of the world’s top consumer technology companies have agreed to provide greater privacy disclosures before customers download applications in order to protect the personal data of millions of consumers, California’s attorney general said on Wednesday.
The agreement binds Amazon, Apple, Google, Microsoft, Research In Motion, and Hewlett-Packard — and developers on their platforms — to disclose how they use private data before an app may be downloaded, Attorney General Kamala D. Harris said.
“Your personal privacy should not be the cost of using mobile apps, but all too often it is,” said Harris.
Currently 22 of the 30 most downloaded apps do not have privacy notices, said Harris. Some downloaded apps also download a consumer’s contact book.
Google said in a statement that under the California agreement, Android users will have “even more ways to make informed decisions when it comes to their privacy.”
Apple confirmed the agreement but did not elaborate.
Harris was also among U.S. state lawmakers who on Wednesday signed a letter to Google CEO Larry Page to express “serious concerns” over the web giant’s recent decision to consolidate its privacy policy.
The policy change would give Google access to user information across its products, such as GMail and Google Plus, without the proper ability for consumers to opt out, said the 36 U.S. attorneys general in their letter.
Hackers Attempt To Access AT&T Mobile
November 30, 2011 by admin
Filed under Smartphones
Comments Off on Hackers Attempt To Access AT&T Mobile
AT&T Inc, the No. 2 U.S. wireless carrier, said it is investigating an “organized and systemic attempt” to access mobile customers’ information but that it did not believe any accounts were breached.
The company, which had 100 million subscribers at the end of the third quarter, said it is advising less than 1 percent of its wireless customers that there was an attempt to obtain information about their accounts.
It said that the parties involved appeared to have used “auto script” technology to see if AT&T telephone numbers were linked to online AT&T accounts.
Spokesman Mark Siegel said AT&T’s “investigation is ongoing to determine the source or intent of the attempt to gather this information.”
.
SEC Asks Companies To Disclose Attacks
Comments Off on SEC Asks Companies To Disclose Attacks
U.S. securities regulators formally asked public companies for the first time to disclose cyber attacks against them, following a trend of high-profile cyber crimes.
The Securities and Exchange Commission issued guidelines on Thursday that laid out the kind of information companies should disclose, such as cyber events that could lead to financial losses.
Senator John Rockefeller had asked the SEC to issue guidelines amid concern that it was becoming hard for investors to assess security risks if companies failed to mention data breaches in their public filings.
“Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark. This guidance changes everything,” Rockefeller said in a statement.
“It will allow the market to evaluate companies in part based on their ability to keep their networks secure. We want an informed market and informed consumers, and this is how we do it,” Rockefeller said in a statement.
There is a growing sense of urgency about cyber security following breaches at Google Inc, Lockheed Martin Corp, the Pentagon’s No. 1 supplier, Citigroup, the International Monetary Fund and others.