Cybersecurity roundup: U.S. to ban Kaspersky antivirus; Heed of healthcare breaches plan up

The White House this previous week announced its plans to ban new gross sales of antivirus instrument from Kaspersky Lab, after years of pushback against the Russia-based mostly totally firm and fears that its instruments themselves pose a security menace to serious U.S. infrastructure, including healthcare.

The Biden Administration alleges that Kaspersky’s privileged entry to American IT programs – it’s keep in on computer programs feeble by healthcare organizations, voice authorities agencies and in other places – may well maybe well enable it to exfiltrate predominant recordsdata or to stealthily deploy malware.

“Russia has confirmed it has the potential and … the intent to exploit Russian firms be pleased Kaspersky to earn and weaponize the non-public records of People and for this reason we are compelled to know the action that we are taking nowadays,” mentioned U.S. Commerce Secretary Gina Raimondo on June 20, in accordance with Reuters.

For its section, Kaspersky – which maintains that it is a non-public firm with no authorities ties, and plans to fight the ban in court docket – countered that the resolution used to be based mostly totally on present tensions between the U.S. and Russia, and on “theoretical considerations, in preference to on a comprehensive analysis of the integrity of Kaspersky’s companies.”

The new regs limit downloads of Kaspersky instrument – including updates, licensing and white-labeled variations of the product – starting Sept. 29.

Kaspersky has been a discipline for federal regulators’ since 2017, when the U.S. Division of Exclaim of starting place Safety first banned its antivirus instruments on federal networks, citing considerations that Russian intelligence agencies may well maybe well compel the firm to earn recordsdata and intercept communications from the agencies the usage of the instrument.

Common breach tag nears $11M

Meanwhile, a new epic this week from phishing prevention firm KnowBe4 shines a harsh spotlight – for somebody who may well maybe well no longer yet get seen – on the “extreme cybersecurity crisis” affecting the healthcare alternate.

The firm’s new Global Healthcare File shows hospitals and various health organizations going by a extreme uptick in ransomware worldwide – however especially within the U.S., with a 73% earn greater in assaults affecting U.S. facilities.

Among assorted findings from the new research:

• Over the last three years, the healthcare alternate has seen a significant surge in cyberattack charges, with the common tag of a breach now almost $11 million – making healthcare by a ways perchance the most costly sector for cyberattacks.
• Healthcare organizations worldwide seen a median of 1,613 cyberattacks per week in perchance the significant three quarters of 2023, a mountainous earn greater from the an identical length the earlier three hundred and sixty five days.
• Ransomware assaults accounted for added than 70% of winning cyberattacks within the previous two years.
• Between seventy nine% and 91% of cyberattacks, reckoning on the sector, began with phishing or social engineering solutions, which allow dreadful actors to reach unauthorized entry to accounts or servers.

“The healthcare sector stays a top target for cybercriminals taking a ogle to capitalize on the existence-or-death eventualities hospitals face,” mentioned KnowBe4 CEO Stu Sjouwerman, CEO of KnowBe4. “With affected person recordsdata and serious programs held hostage, many hospitals in actuality feel be pleased they’re left with no decision however to pay exorbitant ransoms.

“This vicious cycle will even be broken by prioritizing comprehensive security consciousness coaching to empower workers and domesticate a definite security tradition as a solid protection against phishing and social engineering assaults.”

HIMSS candidate for ISC2 board

In assorted recordsdata, our colleague Lee Kim, who serves as senior significant of cybersecurity and privateness at HIMSS (HIMSS is the parent firm of Healthcare IT Knowledge), has announced her candidacy for the board of directors of ISC2, one the supreme cybersecurity-centered membership organizations.

She hopes any ISC2 members who are studying this may well maybe imagine supporting her on this endeavor by casting a vote for her campaign. Balloting is originate by July 2nd on the ISC2 member portal. 

Lee in actuality is conscious of her stuff, and is the motive drive within the support of the functional HIMSS Cybersecurity Seek each three hundred and sixty five days. She notes that she’s perchance the most traditional ISC2 board candidate from the nonprofit location, and perchance the most traditional one with a healthcare focal level.

“I’m totally ecstatic to be a candidate for the ISC2 board of directors,” Kim tells HITN. “This comes on the staunch time as we get to prepare for an AI, digital, meta and quantum future.

“Or no longer it is predominant that folk vote for a particular person from a non-income that is centered on the healthcare sector,” she provides. “All individuals is conscious of convene, collaborate, and effectuate trade for the upper staunch.”

Mike Miliard is govt editor of Healthcare IT Knowledge
E mail the creator: mike.miliard@himssmedia.com

Healthcare IT Knowledge is a HIMSS publication.