Pinar Ormeci’s Post

🚨 Healthcare giant hacked using stolen Citrix account with no MFA Healthcare provider Change Healthcare was compromised by the BlackCat ransomware gang earlier this year. The gang used stolen credentials to log into the company's Citrix remote access service, which didn't enable multi-factor authentication. 🤔 Top 3 takeaways: ▶️ The late February 2024 attack caused significant disruptions to healthcare services in the U.S., with estimated financial damages of $872 million. ▶️ UnitedHealth admitted to paying a ransom to protect data, with an additional ransom possibly paid after the affiliate responsible for the attack stole the initial $22 million in an exit scam. ▶️ Post-attack, UnitedHealth took swift action to secure its systems, including replacing laptops, rotating credentials, and rebuilding its data center network. #cybersecurity #news #kraven #KravenSecurity #adamgoss #cti #threatintelligence

The testimony of Change Healthcare's CEO is an interesting read. It's a sobering incident for healthcare indeed. Before you point the finger, though, remember it could happen to any of us. Hopefully this will drive positive changes. https://lnkd.in/ev48A6XZ #changehealthcare #cyberattack #breach #ransomware #databreach

Cyber-Kill-Chain: As we build our applications. It is our duty to oppose any success of the Cyber-Kill-Chain phases. This is because if one can break a client app then they can also get into the backend application. With AI in the mix we should be expecting more of these kinds of attacks. Whatever you build as long as it is on the internet. You already know the facts. #Why? A drastic change is not yet effected to demystify the cyber-kill-chain security traces with regards to how we inadvertently build threats in applications. #1. The cyber kill chain starts with #Reconnaissance. Yes! Why then should you reveal any information assuming that you do not want to be attacked? #2 You cannot couple exploit with backdoor into payload as part of #Weaponization when #1 fails. There is no need to take your weapons and ammunition out because you have no target. #3 This means that the attacker cannot initiate #Delivery of any weaponized bundle. You cannot shoot what you cannot see. #4 The #Exploitation will not succeed because it has nowhere to go right because there is nothing to exploit! Failure to weaponize, brings it all back to #1. #5 This is the state where the threat actor introduces the malware to persist the attack by #Installation. This could not be possible since attacker failed #1-4, as a result we return back to #1 again. #6 #Command and Control allows for remote manipulation of the target or victim. - This fails in principle for the same reason why #5 failed. Now that #1-5 is a no go area we are back to #1. #7 #Action on Objectives: The actual purpose of the attack according to cyber-kill-chain is completed here, with hands on keyboard. It could be extraction/exfiltration, destruction files, device/data lock, and device/data hostage for ransom. Aaron Lax Malak Trabelsi Loeb Dr Eileen CO Chief Anyanwụ Ụtụtụ Mirabell Mayack Phillip G. Eaglin, PhD /The first phase takes care of all the weaknesses traced by cyber-kill-chain./ Do we continue to build our application to align with the cyber-kill-chain success on the attackers side or against it? #cisa #nist #cybersecurity #Regie Middleton #Gartner #Moodys

Yet another cybersecurity breach in the healthcare sector! On the heels of the recent Change Healthcare attack, and the subsequent high profile congressional hearings, can legislation be far behind? The Department of Health and Human Services reports a 264% increase in healthcare ransomware attacks in the last five years alone. Health facilities and providers need to be prepared for more legislating and regulating from Washington – and to make sure their concerns are fully considered and prioritized. #healthcare #lobbying #cybersecurity #congress #legislation #regulation https://lnkd.in/eR8EHV8q

Ascension Faces Suspected Cyberattack, Disrupting Clinical Operations Hospital operator Ascension has reported a suspected cyberattack leading to significant disruptions in its clinical operations. In a precautionary move, Ascension has advised its business partners to temporarily disconnect from its network to prevent further spread of the incident. This cyber incident comes on the heels of a major attack earlier this year on UnitedHealth's technology unit, highlighting an ongoing vulnerability within the U.S. healthcare sector to cybersecurity threats. Ascension detected unusual activity in its technology network systems and has temporarily interrupted access to some systems while assessing the impact. To manage the situation, Ascension is working with cybersecurity firm Mandiant and has notified relevant authorities to ensure a comprehensive response to the incident. The nonprofit, which operates 140 hospitals and serves 19 states and the District of Columbia, is taking steps to ensure that patient care delivery remains safe and minimally impacted during this critical time. Source: https://lnkd.in/dGVxfVfT #Cybersecurity #Healthcare #DataBreach #Ascension #PatientCare #CyberAttack #InformationSecurity

Heads up healthcare providers, pharmacies, and patients across the country! A cyber attack on a lesser-known organization is causing havoc. The breach of #changehealthcare is a stark reminder that securing an organization's infrastructure is everyone's responsibility (employees and vendors), not just #secops. Before dismissing your company's security policies as overburdensome, read this story in the #nytimes. Stay safe, everyone! #unitedhealthgroup #healthcareindustry #hospital #pharma #ransomware #cyberattack

Investing in cybersecurity tools is not just important, it's strategic. Safeguarding your digital assets isn't just a trend; it's a necessity in today's landscape of evolving cyber threats. At CodexIT we know how overwhelming it can be to keep your technology functioning properly, and how frustrating and expensive it can be when it’s not! Ensuring streamlined workflows and proper security measures is imperative. If you need any assistance, we are here to help. Feel free to reach out to us anytime. Don't wait until it's too late.

The recent cyber attack on UnitedHealth has significantly affected healthcare providers catering to underserved communities, leading to payment disruptions and operational challenges. Smaller health centers, in particular, are struggling, with some unable to afford payroll. This incident highlights the critical importance of enhanced cybersecurity measures to protect sensitive data and maintain care for those most in need of support. For more details, refer to the full article. https://lnkd.in/ehiRppvS

Estimated that providers are losing 100 million dollars a day because of this Cyberattack, even more concerning is the impact its having on patient care- something that has not been quantified. The good news- there is an emergence of cybersecurity systems and programs that are leveraging AI to test and train your teams- the catch, you have to engage companies that are providing this. I am passionate about patient care and as a result, cybersecurity. DM me if you want to chat about the emerging challenges that hospitals are facing. #healthcare #cybersecurity Reveal HealthTech #hospitals