Russia and Ransomware Payments | Four Day Breach Notification Requirement | Top 5 Healthcare Cyber Security Threats
Article by Christopher Lauder, Delegate Relationship Executive, Rela8 Group
Russia and Ransomware Payments
According to the Financial Crimes Enforcement Network (FinCEN), Russia may increase ransomware attacks against the United States to try and ease the financial pressure it is under owing to the sanctions placed upon it by the international community following the invasion of Ukraine.
In an alert posted by FinCEN, they advised all financial institutions to remain vigilant against potential efforts to evade sanctions and other imposed restrictions relating to the current conflict. One way this may be done is to move cryptocurrency funds through ransomware payments collected after Russian state-sponsored actors carry out cyber attacks.
Because of this warning, FinCEN is urging all financial institutions, including those with visibility into cryptocurrency or convertible virtual currency (CVC) flows, to identify and report any suspicious or unusual activity and investigate where appropriate. It is hoped that prompt reporting of these incidents will mean that an increase in attacks such as this will be avoided.
This comes on top of an increase in Russian state-sponsored actors conducting cyber attacks since the start of the war in Ukraine. We have discussed this increase over the past two weeks, however this week Google’s Threat Analysis Group observed advanced persistent threat (APT) groups affiliated with or backing Vladimir Putin’s government stepping up phishing attacks against Ukrainian and European targets, as well as distributed denial-of-service (DDoS) attacks against key government and service-oriented Ukrainian websites.
Four Day Breach Notification Requirement
Last Wednesday the US Securities and Exchange Commission (SEC) proposed legal changes that would require publicly traded companies to report data breaches and other cyber security incidents within four days of them being determined as having been a material incident (which means an incident which shareholders would consider important).
The SEC also wants to require "periodic disclosures" of the impact of ongoing cyber security threats in regularly scheduled quarterly 10-Q and annual 10-K reports filed by publicly traded firms. This would further increase the mandate for transparency on cyber security issues. According to the SEC, the idea is to protect investors by improving their ability to inform themselves about the risks involved in investing in each company. This is because a breach could have a huge impact on a company's stock value and line of business.
The new regulations (linked below) would require disclosing the following information about breaches:
- When the incident was discovered and whether it is ongoing.
- A brief description of the nature and scope of the incident.
- Whether any data was stolen, altered, accessed, or used for any other unauthorized purpose.
- The effect of the incident on the registrant's operations.
- Whether the registrant has remediated or is currently remediating the incident.
However, companies affected by a breach are not expected to reveal technical information regarding their planned incident response or details on potential vulnerabilities to impact their response or remediation of the incident.
The SEC is seeking public comment about this amendment for the next 60 days.
Top 5 Healthcare Cyber Security Threats
Last Friday, Security Magazine published an article discussing the top five healthcare cyber security threats and how to mitigate them. They reference the 2021 Healthcare Data Breach Trend Report from Protected Harbor whose CEO, Richard Lunda, said that: “Due to the financial value of patient health information, electronic health records stored in healthcare organisations are a major target for cyber criminals.”
The report has identified the following as the top five cyber security threats for healthcare security leaders to watch:
- IoT-connected medical devices.
- Mobile health & telehealth technologies.
- The Cures Act & remote patient access.
- Understaffed & underfunded IT departments.
- Lack of employee security training.
Improving healthcare cyber security and network architecture will harden healthcare infrastructure, increase application durability, decrease overall costs, and increase public trust. The report also identified the following data protection suggestions for healthcare cyber security teams:
- Fast healthcare interoperability resource standards.
- Multi-factor authentication.
- Mobile device security strategy.
- Isolated and validated backups.
- Integration of managed service teams.
Source - Healthcare Data Breach Trend Report