Cyber security news round-up

  • 18 October 2019
Cyber security news round-up

Digital Health’s latest cyber security round-up covers a ransomware attack that affected three hospitals in Alabama, and calls for more CISO involvement in vendor procurement.

Ransomware strikes US hospitals

Three hospitals in the US were forced to turn away patients after being targeted in a ransomware attack.

The DCH Regional Medical Center in Tuscaloosa, Fayette Medical Center and Northport Medical Center, all located in Alabama, first reported the incident on 1 October.

In response, IT systems were shut down and emergency medical teams were asked to ā€œdivert all but the most critical patients to other hospitalsā€.

These measures remained in place until 10 October, at which point DCH was still working to restore its systems.

Cyber security investigatorsĀ determined a ransomware variantĀ labelled RyukĀ was used toĀ encrypt the files in the attack, which was launched by an ā€œunknown individualā€.

DCH Heath System said in a statement: ā€œIt is still early in our investigation; however, from everything our security experts have told us, the attackers are usually not interested in obtaining data.

ā€œAt this point, we have no indication that any patient or employee data has been misused or removed from our system.Ā  We are committed to completing a full forensic investigation and taking all appropriate action in response to our findings.ā€

CISOs call for greater say in supply chain

Chief Information Security Officers (CISOs) should provide specialist support to reduce risks of cyber-attacks in the supply chain by becoming a ā€œcritical componentā€ in vendor procurement, according to new research from the Cyber Security Connect UK (CSCUK) forum.

The report, titled CISO and vendor relationships in the supply chain, suggests there is a ā€œfragmented approachā€ to cyber security in supply chains, where a high level of risks exist.

These risks need to be closely monitored and reviewed, yet business managers are less aware of the threats of cyber-attacks, the report states. As such, CISOs need to have a greater level of influence in the procurement process to reduce risks.

Mark Walmsley, the chair of the Cyber Security Connect UK steering committee and CISO at Freshfields Bruckhaus Deringer, said: ā€œCISOs believe that businesses need to take stronger steps to establish robust procedures that minimise cyber security risks within the supply chain.

ā€œWe found that 97% of CISOs see the supply chain as a source of risk, so there is an urgent commitment needed to mitigate risk exposure when undertaking a procurement exercise.

ā€œCISOs expect vendors to adopt policies and procedures that provide stronger security controls. While system and network administrators can be guilty of system misconfigurations, poor patch management practices and the use of weak passwords, ongoing auditing and due diligence can guard against potential threats.ā€

ā€œFragmented standards and cross-border working expose some sectors to greater risk. Ultimately international agreement will be necessary to tighten up on protecting against cyber-attacks and theft of data assets and intellectual property.ā€

F-Secure’s cyber security consultancy goes global

Cyber security provider F-Secure has launched a new consultancy unit to bring its services to organisations worldwide.

Services will be provided from 11 locations across four continents, ensuring that offerings such as cyber defence, security assurance, and incident response services are available where and when organisations need them the most.

F-Secure executive vice president, Ian Shaw, said the unit would bring together the best of F-Secure’s existing cyber security services.

ā€œWe worked hard building a global cyber security consultancy that retains a strong focus on research, and contributing to the industry’s progress,ā€ said Shaw.

ā€œF-Secure Consulting has a proud and respected heritage. MWR InfoSecurity, nSense, InversePath, and F-Secure, have all pushed the industry forward with ground-breaking research and a commitment to addressing the technical challenges faced by our clients.

ā€œAs a global team we are able to invest even more on growing our people and working closely with our clients on the challenges they face on a daily basis.ā€

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

ā€˜Lessons can be learned’ from DHSC cyber progress, says PAC

ā€˜Lessons can be learned’ from DHSC cyber progress, says PAC

The Public Accounts Committee has said ā€œlessons can be learnedā€ from DHSC’s efforts to improve cyber resilience in public services.
Digital Health Coffee Time Briefing ā˜•

Digital Health Coffee Time Briefing ā˜•

Today's coffee briefing covers a new round of DSIT fellowships and the first real-time 3D "digital twin" of a hospital room in Denmark.
Estimated £21bn over five years needed to digitise health and care

Estimated £21bn over five years needed to digitise health and care

Digitising NHS and adult social care services across the UK will require an estimated £21bn over the next five years, according to research.