Cybersecurity overview: US bans Kaspersky antivirus; The costs of healthcare breaches have risen sharply

The White House last week announced its plans to ban new sales of antivirus software from Kaspersky Lab, following years of opposition to the Russia-based company and fears that its tools themselves pose a security risk to critical U.S. infrastructure, including the health care system.

The Biden administration claims that Kaspersky’s privileged access to US IT systems – it is installed on computers used by healthcare organizations, government agencies and elsewhere – could allow it to exfiltrate important data or covertly deploy malware.

“Russia has demonstrated that it has the capacity and intent to exploit Russian companies like Kaspersky to collect and weaponize Americans’ personal information, which is why we are compelled to take the actions we are taking today.” , US Commerce Secretary Gina Raimondo said on June 20. according to Reuters.

For its part, Kaspersky – which insists it is a private company with no ties to the government and plans to challenge the ban in court – countered that the decision was based on current tensions between the US and Russia, and on “theoretical concerns, rather than a comprehensive evaluation of the integrity of Kaspersky’s products and services.”

The new regulations ban the downloading of Kaspersky software – including updates, licenses and white-labeled versions of the product – from September 29.

Kaspersky has been a concern for federal regulators since 2017, when the U.S. Department of Homeland Security first banned its antivirus programs on federal networks, citing concerns that Russian intelligence agencies could force the company to collect data and intercept communications from the authorities that use the software. .

The average breach cost approaches $11 million

Meanwhile, a new report this week from phishing prevention company KnowBe4 puts a bright spotlight — for anyone who may not have noticed — on the “severe cybersecurity crisis” hitting the healthcare industry.

The company is new International Healthcare Report shows that hospitals and other healthcare organizations are experiencing a serious increase in ransomware worldwide – but especially so in the US, with a 73% increase in attacks hitting US facilities.

Among other findings from the new research:

  • Over the past three years, the healthcare industry has seen a significant increase in the cost of cyber attacks, with the average cost of a breach now approaching $11 million, making healthcare by far the most expensive sector for cyber attacks.
  • Globally, healthcare institutions faced an average of 1,613 cyber attacks per week in the first three quarters of 2023. That is a significant increase compared to the same period last year.
  • Ransomware attacks accounted for more than 70% of successful cyberattacks over the past two years.
  • Between 79% and 91% of cyber attacks, depending on the sector, started with phishing or social engineering tactics, allowing attackers to gain unauthorized access to accounts or servers.

“The healthcare industry remains a prime target for cybercriminals looking to take advantage of the life-or-death situations hospitals face,” said Stu Sjouwerman, CEO of KnowBe4, CEO of KnowBe4. “With patient data and critical systems held hostage, many hospitals feel they have no choice but to pay exorbitant ransoms.

“This vicious cycle can be broken by prioritizing comprehensive security awareness training to empower employees and cultivate a positive security culture as a strong defense against phishing and social engineering attacks.”

HIMSS candidate for ISC2 board

In other news, our colleague Lee Kim, who serves as senior director of cybersecurity and privacy at HIMSS (HIMSS is the parent company of Healthcare IT news), has announced her candidacy for the ISC2 Board of Directorsone of the largest membership organizations in the field of cybersecurity.

She hopes that all ISC2 members reading this will consider supporting her in this endeavor to vote for her campaign. Voting is possible until July 2 at the ISC2 member portal.

Lee really knows her craft and is the driving force behind the priceless HIMSS Cybersecurity Survey every year. She notes that she is the only ISC2 board candidate from the nonprofit sector, and the only one with a focus on healthcare.

“I am pleased to be a candidate for the ISC2 board of directors,” Kim told HITN. “This is timely as we need to prepare for an AI, virtual, meta and quantum future.

“It is important that people vote for a person from a non-profit organization that focuses on the healthcare sector,” she adds. “We know how to come together, work together and create change for the greater good.”

Mike Miliard is editor-in-chief of Healthcare IT News
Email the writer: mike.miliard@himssmedia.com
Healthcare IT News is a HIMSS publication.

Related Post