As new cyber risks emerge, strategies evolving – but basic principles still apply

BlueKeep? Dridex? A state of emergency in Louisiana? Healthcare security pros find themselves living in interesting times. But with new threats emerging each day – and old ones, like phishing, not going away – some tried and true lessons are still useful. In news that will surprise precisely no one, the list of lurking cyber threats putting healthcare data in peril continues to lengthen.

Healthcare, you may have heard by now, has developed a reputation among hackers, cyberattackers and assorted other bad actors as an industry that’s both “target-rich and easy pickings.” As such, it finds itself in the crosshairs of innumerable hackers and bad actors hoping to harvest mission-critical data or otherwise wreak havoc on healthcare IT systems.

Just look at the most recent HIMSS Healthcare and Cross-Sector Cybersecurity Report for a snapshot of where we are. The report offers a menagerie of creatively-named new species of malware of which to beware:

Agent Smith (it infects Android devices and surreptitiously replaces their applications with malicious mobile apps); WannaHydra (an updated version of WannaLocker, which can harvest text information, call logs, phone numbers); The Astaroth Trojan spam campaign (an information-stealing malware that can swipe sensitive data such as credentials, keystrokes, and more); Sodin ransomware (it exploits a vulnerability in the Oracle WebLogic platform; unlike other ransomware, it doesn’t require any user involvement). And, of course, new breeds and mutations are discovered in the wild nearly each and every day.