Microsoft said it identified several dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure and notified them of the vulnerabilities. (Nawadoln/GettyImages)
Microsoft is warning hospitals that sophisticated ransomware attacks are trying to exploit remote workers to gain access to their networks.
As healthcare organizations move their nonessential employees to work remotely during the COVID-19 pandemic, ransomware operators are trying to find vulnerabilities in network devices like gateway and virtual private network (VPN) appliances.
Through Microsoft’s network of threat intelligence sources, the tech giant identified several dozen hospitals with vulnerable gateway and VPN appliances in their infrastructure, Microsoft’s Threat Protection Intelligence Team wrote in a blog post Wednesday.
Getting Ahead of the Curve: Insights from COVID-19’s Frontlines
How is COVID-19 impacting HCPs and patients? Join Daniel S. Fitzgerald, InCrowd CEO & President and Philip Moyer, InCrowd VP of Crowd Operations, to review the key findings.
The company sent targeted notifications to these hospitals with information about the vulnerabilities, how attackers can take advantage of them and a strong recommendation to apply security updates that will protect them from exploits of these particular vulnerabilities and others.
Microsoft’s warning also comes as videoconferencing platform Zoom tries to address privacy and security problems. Federal and state lawmakers are pressing the company for more answers about its data privacy and security practices amid reports that internet trolls have exploited a Zoom screen-sharing feature to hijack meetings, or what’s called “Zoombombing.”
While cyberattackers have been known to exploit vulnerabilities in network devices, more and more human-operated ransomware campaigns are seeing the opportunity and are jumping on the bandwagon, Microsoft said.
Human-operated ransomware campaigns are a cut above “run-of-the-mill” commodity ransomware campaigns and pose a significant and growing threat to businesses. These hands-on-keyboard attacks, which are different from auto-spreading ransomware like WannaCry or NotPetya, employ credential theft and lateral movement methods traditionally associated with targeted attacks like those from nation-state actors, Microsoft said in a recent blog post.
A ransomware campaign called REvil (also known as Sodinokibi) actively exploits gateway and VPN vulnerabilities to gain a foothold in target organizations. Once attacks breach the network, they steal credentials, elevate their privileges and move laterally across compromised networks to ensure persistence before installing ransomware or other malware payloads, according to Microsoft.
Cybercriminals behind these attacks exhibit “extensive knowledge of systems administration and common network security misconfiguration.”
“They employ human-operated attack methods to target organizations that are most vulnerable to disruption—orgs that haven’t had time or resources to double-check their security hygiene like installing the latest patches, updating firewalls, and checking the health and privilege levels of users and endpoints—therefore increasing probability of payoff,” the Microsoft team wrote.
These attacks also typically persist on networks undetected, sometimes for months on end. This makes the ransomware more difficult to remediate, because it can be challenging for security teams to extensively hunt to find where attackers have established persistence and identify email inboxes, credentials, endpoints or applications that have been compromised.
To immediately reduce the risk of a ransomware attack, Microsoft recommends hospitals take the following actions:
Apply all available security updates for VPN and firewall configurations.
Monitor and pay special attention to remote access infrastructure. Any detections from security products or anomalies found in event logs should be investigated immediately. In the event of a compromise, ensure that any account used on these devices has a password reset, as the credentials could have been exfiltrated.
Turn on attack surface reduction rules, including rules that block credential theft and ransomware activity. To address malicious activity initiated through weaponized Office documents, use rules that block advanced macro activity, executable content, process creation and process injection initiated by Office applications. To assess the impact of these rules, deploy them in audit mode.
After seemingly endless regulatory hurdles at the federal and state levels, T-Mobile announced today that it has completed its merger with Sprint, a deal it says will result in a “transformative 5G network” for consumers and businesses. As previously reported, the merger’s completion marks the end of John Legere’s tenure as T-Mobile’s CEO and the beginning of Mike Sievert’s control over the third-largest U.S. cellular carrier.
For the combined company, the merger critically offers new customer scale and the opportunity for synergies that weren’t available before. The new T-Mobile will now be in the same 100-million-customer ballpark as larger rivals AT&T and Verizon, likely creating additional market pressure with pricing and promotions. On the other hand, T-Mobile is expected to shutter some overlapping Sprint retail locations and has divested some of its network assets and prepaid Boost Mobile customers to Dish Network, which will lead to job changes and some losses — a challenge, given the currently fragile state of the U.S. economy.
Legere’s handoff to Sievert comes a month ahead of the original schedule, which would have seen the famously brash Legere stick around through the end of his contract on April 30. The carrier has promised to maintain the “Un-carrier” spirit and initiatives Legere pioneered as T-Mobile successfully grew from a distant AT&T/Verizon rival to a full-fledged competitor, while “supercharging” them with greater scale.
T-Mobile today said that it will give customers access to “average 5G speeds up to 8 times faster than current LTE in just a few years” and “15 times faster over the next six years,” at which point it will offer 5G to 99% of the U.S. population — with 90% seeing higher than 100Mbps speeds. Additionally, 90% of rural Americans should see average 5G speeds of 50Mbps, faster than current U.S. broadband averages.
The new offerings include HP Pro Security Edition, HP Proactive Security, and HP Sure Click Enterprise. These are aimed at the security threats that evolve and disrupt business every day.
With the recent surge of remote workers — due to work-from-home rules forced upon us by COVID-19 — HP said we must all be aware of the increased risks of working from home. Over 80% of home office routers have been found to be vulnerable to potential cyberattacks.
Emails also pose a significant risk to organizations, with over 90% of PC infections originating from attachments and 96% of security breaches not discovered until months later. There are 5 billion new threats per month, based on HP’s estimates.
“Our HP Pro Security Edition takes Sure Sense and Sure Click and bundles [them] with our system,” said Andy Rhodes, global head of commercial PCs, in a press briefing. “Endpoints are still an enormous risk — 90% of infections originate with emails. Every user is at risk here.”
HP Pro Security for small businesses
Above: HP’s latest security offerings.
Image Credit: HP
HP is expanding its built-in hardware-enforced PC security suite to focus on low-touch, simple, and robust enterprise-level security for SMBs. HP Pro Security Edition is the world’s most advanced application isolation and deep learning endpoint protection on Windows 10 PCs, delivering enterprise-level security designed for SMB customers.
The security suite includes HP Sure Sense Pro, a deep learning AI-based protection solution, and HP Sure Click Pro, which offers isolation protection for browser, files, and applications.
The advanced versions of HP Sure Click and HP Sure Sense are designed to complement each other, powered by a deep-learning cloud that is constantly connected and updating the software, isolating threats and monitoring application health. This provides closed-loop protection for multiple threats coming from different vectors, applied through various kinds of malware.
Managed security service for mid-sized businesses
HP Proactive Security is an endpoint security service that takes a protection-first approach. The managed service helps small and medium-sized businesses defend against cyberattacks without changing user behavior or increasing their IT workload. The service provides advanced protection that is monitored and managed by experienced HP cybersecurity experts. Company data and devices are secured with multiple layers of proactive protection, applying advanced deep learning and isolation technologies to protect endpoints and reduce risk.
This managed service solution provides a holistic view of device protection status and detailed findings on attempted and blocked attacks from HP TechPulse — accessible from a simple dashboard.
Security for enterprises
Designed for enterprise and government entities, HP Sure Click Enterprise is a secure endpoint application isolation and containment solution, protecting enterprise endpoints from sophisticated attackers while providing detailed, real-time threat intelligence to security teams.
The solution allows customers to deliver run-time protection with task-level isolation and non-persistent virtual machines, protecting all on- and off-network users without breach, persistence, lateral movement, or data exfiltration.
HP Sure Click Enterprise supports all Windows 8 and 10 devices, reducing complexity while hardening overall cyber postures in the face of increased targeted and destructive attacks. It also provides additional capabilities, including protecting users’ credentials from phishing attacks and cloud-powered automated threat analytics. The solution supports large-scale deployments with sophisticated policy and threat management, delivered through an on-premise server or an HP cloud-hosted service with ISO 27001/ SOC2 type II accreditation.
HP will offer HP Sure Click Pro free of charge through September 30, 2020 to help protect users from web, email, and document-based security threats. HP Sure Click Pro will enhance the existing HP Sure Click with additional features, such as editing Word and Excel documents within an isolated container. This offer will be available for use on all HP and non-HP Windows 10 PCs.
HP Pro Security Edition is expected to be available on select HP Elite PCs purchased in the summer. HP Proactive Security is available to select customers in pilots now and is expected to be available to customers and partners worldwide in April 2020. HP Sure Click Enterprise is expected to be available in May 2020. HP Sure Click Pro will be offered free of charge for download on HP and non-HP devices through September 30.
How to clean your laptop and other devices
Above: HP is protecting its own employees and talking about how others can protect themselves.
Image Credit: HP
With public health concerns over COVID-19 spreading worldwide, HP wants customers to have the information they need to effectively clean HP devices and maintain a healthy work environment.
The Centers for Disease Control and Prevention (CDC) recommends cleaning surfaces, followed by disinfection, as a best practice for the prevention of COVID-19 and other viral respiratory illnesses in households and community settings.
In fact, HP has issued its own whitepaper for cleaning your devices.
“We get asked [about] this every day,” said Rhodes. “If you use the wrong disinfectant, you can actually damage the product.”
A CDC-recommended disinfectant that is also within HP’s cleaning guidelines is an alcohol solution consisting of 70% isopropyl alcohol and 30% water.
The steps below use the CDC-recommended alcohol solution to clean high-touch, external surfaces on HP products:
Wear disposable gloves made of latex (or nitrile gloves if you are latex-sensitive) when cleaning and disinfecting surfaces.
Turn off the device and disconnect AC power (printers should be unplugged from the outlet). Remove batteries from items like wireless keyboards. Never clean a product while it is powered on or plugged in.
Disconnect any external devices.
Moisten a microfiber cloth with a mixture of 70% isopropyl alcohol and 30% water. Do not use fibrous materials, such as paper towels or toilet paper. The cloth should be moist, but not dripping wet. (Isopropyl alcohol is sold in most stores, usually in a 70% isopropyl alcohol/30% water solution. It may also be marketed as rubbing alcohol.)
Do not spray any liquids directly onto your device.
Gently wipe the moistened cloth on the surfaces to be cleaned. Do not allow any moisture to drip into areas like keyboards, display panels, or USB ports located on the printer control panels, as moisture entering the inside of an electronic product can cause extensive damage to the product.
Start with the display or printer control panel (if applicable) and end with any flexible cables, like power, keyboard, and USB cables.
When cleaning a display screen or printer control panel, carefully wipe in one direction, moving from the top of the display to the bottom.
Ensure surfaces have completely air-dried before turning the device on after cleaning. No moisture should be visible on the surfaces of the product before it is powered on.
After disinfecting, copier/scanner glass should be cleaned again using an office glass cleaner sprayed onto a clean rag to remove streaking. Streaking on the copier/scanner glass from the CDC-recommended cleaning solution could cause copy quality defects.
Gloves should be discarded after each cleaning. Clean hands immediately after gloves are removed.
Digital health startup DarioHealth struck a deal with employee wellness company Vitality Group to expand its foothold in the self-insured market. DarioHealth is one of several digital health companies focused on helping users manage chronic conditions, such as diabetes and hypertension. What sets it apart from its competitors, is that DarioHealth has created a glucometer that plugs directly into users’ smartphones, automatically recording their results.
Vitality offers wellness solutions for self-insured employers, but the company has recently broadened its focus to include digital therapeutics. Self-insured companies have the option to select from curated health and wellness options to include in their health plan. Some of Vitality’s customers include McKesson, Apple, and Aetna.
As part of the agreement, DarioHealth will be offered Vitality’s platform. Next quarter, Vitality will also begin co-marketing DarioHealth’s digital therapeutic to its customers.
“We are excited to partner with Vitality to expand the access of the Dario Digital Therapeutic for chronic conditions to their extensive existing customer base of employers,” DarioHealth President and General Manager of North America Rick Anderson said in an emailed statement. “Digital solutions that can improve member health are becoming an increasingly important part of healthcare delivery to provide real-time or near real-time care, information and coaching for members and extend care into the home. The value of solutions that enable patient support outside of the traditional provider setting are being increasingly recognized as valuable to employees, especially during the current crisis in health care capacity.”
Vitality will also have the option to purchase up to 500,000 shares of DarioHealth’s stock, that will become exercisable dependent on the partnership’s success over the next four years. The exercise price will be $5.94 per share, up slightly from DarioHealth’s price of $5.75 at market close on Tuesday.
With the security threats facing healthcare and increasing data breaches, Apervita executives wanted to build data security that went beyond the status quo and current regulatory requirements. (ranjith ravindran/Shutterstock)
Software startup Apervita has rolled an advanced encryption feature for health plan and provider data that could slow down hackers and prevent data breaches.
The cloud-based software firm said the new security feature, called deep encryption, encrypts healthcare data at the field level for the company’s health plan and provider customers.
The encryption security technology works like end-to-end encrypted messaging, which scrambles data as they move across the internet, revealing the information only to the sender and the recipient.
Michael Oltman, Apervita’s chief technology officer, said the deep encryption security technology is a “game changer” for healthcare organizations.
“This is above and beyond what regulators are requiring and above and beyond what most companies can offer,” he said.
The feature extends the level of security protection beyond what is currently mandated by the Health Insurance Portability and Accountability Act requirements as well as compliance standards set out by HITRUST, a security standards development organization.
“As a healthcare platform that works with over 2,500 U.S. hospitals, security is our top priority. Deep encryption not only protects data far beyond typical data security requirements, but it also returns control of the data to our customers,” Oltman said.
Healthcare security breaches are on the rise, with over 41 million patient records breached in 2019, according to compliance analytics firm Protenus. A single hacking incident in 2019 affected close to 21 million records.
The financial implications of such breaches are enormous, with estimates as high as $429 per breached record.
The current COVID-19 pandemic raises the stakes as cybercriminals target healthcare organizations and seek to capitalize on international concern over the spread of the coronavirus. Hackers have recently tried to break into the World Health Organization and the U.S. Department of Health and Human Services, along with other public health agencies.
Apervita started in 2012 as a developer of a collaboration platform for value-based healthcare. The startup focuses its efforts on helping hospitals and insurers share data and considers data security and privacy to be mission-critical to its business.
The company is led by Kevin Hutchinson, founding CEO and former president of Surescripts, a health IT company that supports electronic prescriptions. Surescripts built an infrastructure connecting pharmaceutical companies, pharmacy benefit managers, physicians’ offices, hospitals, and laboratories.
In the same vein, Apervita has focused on building an infrastructure to enable physician practices, hospitals and health plans to collaboratively track performance measures against value-based contracts.
With the security threats facing healthcare and increasing data breaches, Apervita executives wanted to build data security that went beyond the “status quo” and offers a competitive edge, Oltman said.
The company worked with database company MongoDB to build its security feature based on the company’s field-level encryption technology.
Apervita executives said the technology it built adds multiple layers to MongoDB’s feature and provides customers with a “Bring-Your-Own-Key” capability, which is a cloud encryption tool. That gives customers full control and ownership of their data on a per customer and per data set level, the company said.
The security encrypts each data piece before it enters the database—for example, data fields could be a patient’s first name or city of residence, the company said.
The encryption technology Apervita built adds layers of security that currently doesn’t exist in most healthcare organizations, said healthcare IT consultant Michael Semel, president of Semel Consulting. He compared the security to a safe deposit box.
“The hospital putting data on the Apervita platform maintains the key to their own data. A hacker would have to get both keys—the key from Apervita and the key from the end-user to process and decrypt the data. It creates quicksand for the hackers,” he said.
The technology also helps prevent internal data breaches when employees misuse authorized access to steal or damage patient data.
If organizations use traditional methods to encrypt protected health information, database administrators and third-party partners can still view decrypted patient data such as a patient’s name, date of birth and medical diagnosis.
Apervita’s technology prevents administrators from viewing these data but provides access to the database for authorized users who have a security key.
Additionally, Apervita’s encryption technology meets requirements of the Office of the National Coordinator of Health IT’s recent information blocking final rule, which calls for granular, field-level privacy to support data segmentation while still allowing data to be accessible, the company said.