Digital Health’s latest cyber security round-up covers a ransomware attack that affected three hospitals in Alabama, and calls for more CISO involvement in vendor procurement.

Ransomware strikes US hospitals

Three hospitals in the US were forced to turn away patients after being targeted in a ransomware attack.

The DCH Regional Medical Center in Tuscaloosa, Fayette Medical Center and Northport Medical Center, all located in Alabama, first reported the incident on 1 October.

In response, IT systems were shut down and emergency medical teams were asked to “divert all but the most critical patients to other hospitals”.

These measures remained in place until 10 October, at which point DCH was still working to restore its systems.

Cyber security investigators determined a ransomware variant labelled Ryuk was used to encrypt the files in the attack, which was launched by an “unknown individual”.

DCH Heath System said in a statement: “It is still early in our investigation; however, from everything our security experts have told us, the attackers are usually not interested in obtaining data.

“At this point, we have no indication that any patient or employee data has been misused or removed from our system.  We are committed to completing a full forensic investigation and taking all appropriate action in response to our findings.”

CISOs call for greater say in supply chain

Chief Information Security Officers (CISOs) should provide specialist support to reduce risks of cyber-attacks in the supply chain by becoming a “critical component” in vendor procurement, according to new research from the Cyber Security Connect UK (CSCUK) forum.

The report, titled CISO and vendor relationships in the supply chain, suggests there is a “fragmented approach” to cyber security in supply chains, where a high level of risks exist.

These risks need to be closely monitored and reviewed, yet business managers are less aware of the threats of cyber-attacks, the report states. As such, CISOs need to have a greater level of influence in the procurement process to reduce risks.

Mark Walmsley, the chair of the Cyber Security Connect UK steering committee and CISO at Freshfields Bruckhaus Deringer, said: “CISOs believe that businesses need to take stronger steps to establish robust procedures that minimise cyber security risks within the supply chain.

“We found that 97% of CISOs see the supply chain as a source of risk, so there is an urgent commitment needed to mitigate risk exposure when undertaking a procurement exercise.

“CISOs expect vendors to adopt policies and procedures that provide stronger security controls. While system and network administrators can be guilty of system misconfigurations, poor patch management practices and the use of weak passwords, ongoing auditing and due diligence can guard against potential threats.”

“Fragmented standards and cross-border working expose some sectors to greater risk. Ultimately international agreement will be necessary to tighten up on protecting against cyber-attacks and theft of data assets and intellectual property.”

F-Secure’s cyber security consultancy goes global

Cyber security provider F-Secure has launched a new consultancy unit to bring its services to organisations worldwide.

Services will be provided from 11 locations across four continents, ensuring that offerings such as cyber defence, security assurance, and incident response services are available where and when organisations need them the most.

F-Secure executive vice president, Ian Shaw, said the unit would bring together the best of F-Secure’s existing cyber security services.

“We worked hard building a global cyber security consultancy that retains a strong focus on research, and contributing to the industry’s progress,” said Shaw.

“F-Secure Consulting has a proud and respected heritage. MWR InfoSecurity, nSense, InversePath, and F-Secure, have all pushed the industry forward with ground-breaking research and a commitment to addressing the technical challenges faced by our clients.

“As a global team we are able to invest even more on growing our people and working closely with our clients on the challenges they face on a daily basis.”