HEAL Security Healthcare Cybersecurity Roundup: October 4, 2023

Don’t miss this week’s healthcare cybersecurity roundup from HEAL Security Dispatch.

In this edition:

Report: Data breaches from voice phishing and OTP theft on the rise

The website Hi Tech reports that cybersecurity researchers have discovered an alarming trend of cyber criminals increasingly using voice phishing, or vishing, combined with one-time password (OTP) snatching services for their malicious activities.

They employ sophisticated techniques such as interactive voice response systems or authentic voice recordings to trick victims into disclosing their OTPs, according to a report by CloudSEK.

Online platforms enabling these tactics have emerged, leading to substantial financial loss and data breaches.

?

Experts caution against AI, deepfakes in healthcare cyber attacks

Cyber attacks targeting healthcare organizations, including ransomware and data breaches, have reached record-setting levels in 2023, according to Chief Healthcare Executive.

More than 400 private health data breaches have impacted 40 million Americans to date.

Experts warn of more sophisticated attacks utilizing artificial intelligence and deepfakes. Criminals are also shifting focus to target electronic health records and healthcare vendors over hospitals and medical groups.

?

HC3 alerts healthcare sector to North Korean, Chinese cyber threats

The HHS Health Sector Cybersecurity Coordination Center (HC3) warns that Chinese and North Korean state-sponsored cyber threat actors pose unique risks to U.S. healthcare due to their substantial resources and advanced capabilities, rivaling prominent cyber criminal entities, according to Health IT Security.

Persistent threat actors APT41 from China and APT43 and Lazarus Group from North Korea frequently target healthcare data through espionage, IP theft, and malware attacks.

To mitigate these threats, healthcare organizations should leverage government resources and employ robust technical safeguards.

?

FDA begins enforcing new medical device security law

Starting October 1, the FDA began enforcing new cybersecurity requirements for medical device manufacturers, as mandated by the Omnibus law signed in December 2022, according to Health IT Security. This law amended the Federal Food, Drug, and Cosmetic Act to include key medical device security provisions.

These requirements include providing a plan for post-market monitoring and patching, demonstrating reasonable cybersecurity assurances, and submitting a software bill of materials.

To avoid delays and ensure device security, manufacturers should follow existing FDA guidance and best practices throughout the device lifecycle.

?

To receive daily updates on global healthcare cybersecurity, subscribe to our information and insights service at healsecurity.com/subscribe.

Also visit the HEAL Security YouTube Channel: https://lnkd.in/gqaqKZae