'Shields up' say feds in response to potential Russian escalation

The Cybersecurity and Infrastructure Security Agency released a bulletin this week warning organizations to keep “shields up” to defend against cyber threats.  

The agency drew particular attention to Russia, whose government has relied on cyber as a key part of their toolbox over the past decade.

Its government, said CISA, understands that targeting critical infrastructure can ramp up pressure on another country to concede to its objectives.  

This is particularly important given the escalating situation between Russia and Ukraine over the past month.  

“While there are not currently any specific credible threats to the U.S. homeland, we are mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine,” said CISA officials in the notice.  

The feds outlined several strategies for protecting assets, including multi-factor authentication; software updates; the ability to quickly spot unusual network behavior; designating a crisis response team; and maximizing resilience; among others.  

“CISA has been working closely with our critical infrastructure partners over the past several months to ensure awareness of potential threats – part of a paradigm shift from being reactive to being proactive,” said agency officials.  

Ukraine hit by DDoS attacks  

On Tuesday, Ukraine’s Ministry of Defense, as well as two state-owned banks, reported being hit with Distributed Denial-of-Service Attacks. The as-yet-unknown bad actors flooded the sites with traffic, taking them temporarily offline.  

At the same time, Ukraine’s Cyber Police reported an “information attack,” in which individuals received spam text messages saying ATMs were down.  

On Wednesday, the Facebook page for the Center for Strategic Communications and Information Security said that it, too, had suffered a cyberattack.  

The same day, the Ukrainian government released a statement saying that all resources “work stably.”

“There were no defeats, losses, damages or abductions. Financial, energy and other spheres work in a steady mode, uninterruptedly. We have shown that we are united, stable in our common work,” said Deputy Secretary of the National Security and Defense Council of Ukraine Serhii Demediuk.

$1.13M for a data breach  

Meanwhile, Inmediata Health Group, a Puerto Rico-headquartered EHR and practice management system company, agreed to pay $1.13 million in a class-action settlement regarding a data breach that took place in 2019.  

As outlined in court documents, in January 2019, the company became aware that some electronic health information was “potentially viewable online” due to a webpage setting allowing search engines to index internal webpages.  

About 1.5 million patients were potentially affected, said the complaint.  

The plaintiffs in the case claim that Inmediata – which has not admitted any wrongdoing – failed to adequately protect their personal information and that they were injured as a result.  

Class members have until March 22 to submit a claim; the final approval hearing is scheduled for April 21.

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: [email protected]
Healthcare IT News is a HIMSS Media publication.

Source: Read Full Article