Hospitals see cyber security investment as low priority | The evolution of digital transformation | Top 5 breaches of all time

16th August

Each week, Rela8 Insights will bring you the top stories hitting the headlines in the world of IT, security and data. We've summarised the latest stories below, with links through to the full articles to read at your leisure.  Scroll down to find out more...


Hospitals see Cyber Security investment as low priority

The first story this week focusses on cyber security in the healthcare sector. ComputerWeekly has published an article discussing how hospitals have been rating investment in cyber security as a low priority.

In the past six months, almost half of hospitals experienced an IT shutdown because of a cyber-attack. However, only one in ten hospitals executives see investment in cyber security as a high priority.

Hospitals now account for 30% of all large data breaches
Computer Weekly

Hospitals now account for 30% of all large data breaches, equalling a total cost of $21 billion in 2020. 48% of hospital executives reported a forced or proactive shutdown within the last six months because of an external attack.

Even though attacks on the healthcare sector have grown by 45% between November 2020 and January 2021, more than 60% of hospital IT teams say that they have other spending priorities. Less than 11% of them said that cyber security is high on their priority list. Even though for small hospitals, an average shutdown due to a cyberattack lasted 6.2 hours at a cost of $21,500 per hour, and medium-sized hospitals experienced an average of 10 hours per shutdown at a cost of $45,700 per hour.

Source - Healthcare Cyber Security Low Priority - ComputerWeekly

Healthcare

The Evolution of Digital Transformation

The second story this week is an article by Forbes which looks back at where digital transformation first began and has evolved over the years, as well as looking at what will be important as we move into the future.

The article looks at how digital transformation first began with early adopters creating systems of record (SOR) such as a CRM or an electronic health record (EHR) for healthcare organisations.

The next stage involved Systems of Engagement which were used to compile and digest information collected from previous systems, before moving to the final stage of the evolution -Systems of Productivity.

By linking digitisation to productivity and outcomes, you can ensure that the other systems you use are working together to create efficiencies for your team, your company, and your customers.

Read the full article below for more detail on each step of the digital transformation journey.

Source - Evolution of Digital Transformation - Forbes

Top 5 Breaches of All Time

Last up is a short read from InfoSec Magazine which has produced a list of the top five breaches in history. One interesting statistic in this article is that there are five-times more data breach victims than there are cat owners in the United States.

Last year in the United States, more than 37 billion records were exposed in the nearly 4000 data breaches that were reported. Statistics like these would be shocking if we hadn’t all reached ‘breach fatigue’ years ago.

Here are some of the biggest, strangest or most embarrassing breaches in history:

  • LifeLock 

LifeLock cofounder and former CEO Todd Davis was the victim of identity theft 13 times between 2007 and 2008. If that makes you want to say “Aww, poor guy,” you must have missed the company’s 2007 ad campaign that was featured online and on TV, billboards and trucks across the United States.

The campaign depicts Davis wearing an earnest expression and a suit and tie and holding up his social security card. Printed alongside this image are Davis’ name and social security number. In the ad, the company promised to protect its customers against identity theft.

Taking the ad as an invitation, cyber-criminals posing as Davis obtained a loan and opened accounts with AT&T, Verizon and a Texas utility, leaving Davis with the bills. The Federal Trade Commission later fined LifeLock $12m for deceptive advertising.


  • FriendFinder Networks

More than just data was exposed when adult dating and entertainment company FriendFinder Networks sustained the most significant breach of 2016.

Hackers got their dirty mitts on 20 years of historical customer data after compromising 412,214,295 records stored in databases belonging to Adultfriendfinder.com, Cams.com, Penthouse.com, Stripshow.com and iCams.com.

Former users who had deleted their accounts must have been gutted to realize that their email addresses were exposed along with those linked to active accounts. Hackers were hardly the ‘friends’ they had in mind when they signed up.


  • Yahoo

The once-popular search engine and webmail makes the list for suffering the biggest data breach ever recorded (among other breaches).

Yahoo said no data was taken during two data breaches in 2012, but the company eventually admitted that cyber-attackers had gained access to an eye-watering 3 billion Yahoo accounts in 2013.

The following year, another breach at the internet service company impacted over 500 million user accounts. Hackers swiped names, email addresses, birth dates, telephones numbers and answers to users’ security questions — data which later turned up for sale on the dark web.


  • Boeing

Data worth $2bn was swiped from aerospace company Boeing in what could be the longest-running data breach in US history.

Between 1976 and 2006, Greg Chung stole around 250,000 pages of sensitive aerospace documents related to the US space shuttle and military aircraft, including the B-1 bomber. 

Chinese-born Chung, who changed his first name to Greg when he became a US citizen, stored the stolen documents on makeshift shelves he had installed in crawlspace underneath his home in Orange, California.

In 2009, Chung became the first American to be convicted of economic espionage and was sentenced to 15 years and nine months behind bars. He died in prison in 2020 from Covid-19. 


  • Swedish Transport System

The personal data of nearly every Swedish citizen was leaked in one of the worst government information security disasters of all time. What made this gargantuan exposure worse is that the T Swedish Transport System essentially did it to themselves.

In 2015, the Transportstyrelsen hired IBM to manage its networks and databases. Then the agency uploaded onto cloud servers an IBM database containing details of every vehicle in the country.

Next, the agency emailed the whole database to subscribed marketers in messages written in clear text. After discovering their error, the agency tried to fix the mistake by emailing a new list to the subscribers and asking them to delete the earlier one.

Swedish IT entrepreneur Rick Falkvinge said the incident “exposed and leaked every conceivable top-secret database: fighter pilots, SEAL team operators, police suspects, people under witness relocation.”

It then came out that the agency’s director general, Maria Ågren, had put her ink on a deal that allowed IBM staff in Czechoslovakia and Romania with no security clearance to access the database. She was later fired and fined.

Source - Top 5 Data Breaches - InfoSec Magazine

If you want to get in touch then give us a shout