Security Central: Sweden Springs a Leak, Healthcare Suffers Security Woes
Sweden’s government is reeling from a huge breach of confidential data that happened this week. The kicker? It was the Swedish government’s fault. The personal data of millions of Swedish citizens along with classified military information may have been leaked to other countries.
On Monday, Swedish prime minister Stefan Löfven divulged that private individual information had been exposed to serious security risks after the government outsourced IT services for the Swedish Transport Agency to IBM back in 2015, according to NYMag.
Unfortunately, adequate safeguards weren’t put in place at the time. As a result, unauthorized personnel at IBM subsidiaries across Eastern Europe had access to a huge amount of sensitive data, including details about bridges, roads, ports, the subway network in Stockholm and other systems. In addition, the identities of people working undercover for the Swedish police, the Swedish security service and the special intelligence unit of the Swedish armed forces may have been revealed.
Most cases like this, particularly regarding government leaks, can be attributed to unsavory characters carrying out malicious hacks. This one, however, is just a good old-fashioned case of the ‘oversights.’
“Unlike breaches where malicious users target vulnerable systems, this leak of personally identifiable information was the result of carelessness,” said Rich Campagna, CEO of Bitglass. “Unrestricted access to personally identifiable information and limited recourse in terms of recovering that data are both serious gaps in security.”
Bengt Erik Angerfelt, a retired cybersecurity expert who was involved with IT security and internet crime for the Swedish police, Sapo and Interpol, told The New York Times that he’s hardly shocked by the news, considering pressures to cut costs and the ever-increasing complexity of a connected world. “One is trying to do things as cheaply as possible and it’s expensive to hire your own personnel,” he said in a phone interview. “To do security checks on personnel in other countries is difficult.” Difficult? Yes. Necessary? Yes. The proof is in the (lack of) protection.
Our second story takes a look at the powerful, crippling computer attack that hit transcription service company Nuance Communications Inc. three weeks ago. Many doctors still can’t use the service eScription, which allows physicians to dictate notes from a telephone. The outage obliterated doctors’ instructions to patients, forcing some to write them out longhand (as reported by Bloomberg).
It appears that the culprit of the attack was none other than the lovely Petya virus, the computer bug that has sent shock waves through the healthcare industry. It’s a well-known fact that healthcare has been one of the last industries to make the switch to digital record keeping, making it a prime target for hackers.
“Health care has been late to respond to the need for protected information, and the information is worth more,” said Michael Ebert, a partner with KPMG who advises health and life-science companies on cybersecurity.“It’s amazing how far behind we are, and we know we have to do something.”
Yes indeed. When it comes to cybersecurity, most hospitals are flatlining. Dr. John Halamka, chief information officer of Beth Israel Deaconess Medical Center in Boston, states that “health care has traditionally underinvested in information technology.”
It’s true. The transition of paper health records to electronic records and digital health data apparently happened too quickly for cybersecurity, which has been playing an agonizingly slow game of catch-up ever since. Other sectors, such as the financial services industry and the federal government, have devoted more than 12 percent of their IT budgets to cybersecurity (according to NPR). Guess what healthcare averages? Half that. Sigh…
Hospital CIOs certainly have their work cut out for them. Hopefully the number of attacks happening because of subpar security measures will be a wakeup call for budget decision makers. Someone should really let them know that the average breach costs $355 per stolen record for health care organizations. In the meantime, it’s up to CIOs or their channel partners to be familiar with complicated medical devices and comfortable with software and tricky regulations, and to keep hospital staffs well-educated on the latest threats.
Our last story takes a peek inside Accenture Security’s newly released 2017 Cyber Threatscape Report on large-scale cyber-attacks. The report reveals how threat actors are continuing to avoid detection, and anticipates growth in the number of threat actors who are rapidly expanding their capabilities due to factors such as the proliferation of affordable, customizable and accessible tools and exploits.
According to Accenture’s official press release announcing the report, the findings focus on key trends identified during the first half of 2017, and how cyber incidents may evolve over the next six months.
“The first six months of 2017 have seen an evolution of ransomware producing more viral variants unleashed by state-sponsored actors and cybercriminals,” said Josh Ray, managing director at Accenture Security. “Our findings confirm that a new bar has been set for cybersecurity teams across all industries to defend their assets in the coming months.”
Ray goes on to say that while the occurrence of new cyber attack methods shows no sign of slowing down, there are immediate actions companies can take to better protect themselves against malicious ransomware and reduce the impact of security breaches.
A few other notable observations from the report include:
- Reverse Deception Tactics – Increasing cybercriminal use of deception tactics including anti-analysis code, steganography, and expendable command-and-control servers used for concealment of stolen data.
- Sophisticated Phishing Campaigns – Cybercriminals continue to craft familiar lures—subject lines mentioning invoices, wire transfers, missed payments— but ransomware is displacing banking trojans as one of the most prevalent types of malware delivered via phishing techniques.
- Alternative Crypto-Currencies – Bitcoin continues to be the currency of choice among cybercriminals, however, the need to better conceal transactions is forcing cybercriminals to either develop and leverage bitcoin laundering techniques or adopt alternative cryptocurrencies.
- DDoS-for-Hire Services – Distributed denial of service (DDoS)-for-hire services have given way to a thriving DDoS-for-hire botnet ecosystem leading to threat actors gaining greater access to increasingly potent and affordable DDoS-for-hire tools and services.
The views expressed in this column do not necessarily reflect the views of Penton Media or The VAR Guy editorial staff.