tw-Security

02/12/2024

tw-Security is #1 in "2024 Best in KLAS® – Security & Privacy Consulting Services!"

With a score of 95.8, tw-Security’s engagements helped organizations assess, enhance, and develop security and privacy programs through technical or advisory work that resulted in a more secure and private environment.

02/01/2024

Who's Watching the Watchdog?

It's not a good look when U.S. Department of Health and Human Services --the agency charged with being a watchdog agency over cybersecurity and privacy in the healthcare sector--is itself hacked. Scammers targeting HHS got away with $7.5 million dollars last year!

HHS will now have to answer to its boss, the Office of the Inspector General (OIG), and most likely, Congress.

Was it the latest in AI-enhanced spear-phishing? Or a well-worn social-engineering financial fraud?

Our expert Keith Fricke says, "There's no question that AI-augmented phishing and social engineering attacks will make fake emails seem even more realistic", and goes on to describe cutting-edge techniques such as "deepfake" audio recordings that sound identical to the real person but say whatever the operator wishes.

Or it could be any number of classic scams.

In any case, "This means the healthcare sector must step up its game, including training, to raise awareness of how AI is part of the phishing equation," Fricke said.

And ironically, AI tools are also proving very useful in fighting the threat, as well.

Have you been targeted? We'd love to hear how, and what you did in response.

This story is full of twists and turns!

Read more here:

Tight-Lipped Agency’s Next Move in Wake of $7.5M Scam Could Be Telling   … There’s no question that AI-augmented phishing and social engineering attacks will make fake emails seem even more realistic, said Keith Fricke, a partner at privacy and security firm tw-Security. Cybercriminal groups ...

12/15/2023

Hacking for the Holidays!?

You may have seen the news reports about the ransomware attack which disrupted the operations of Ardent Health Services around Thanksgiving

Tom Walsh wrote a feature for Health Data Management about a growing trend: hashtag spiking during the holiday seasons.

Tom warns us that we can expect a repeat during the winter holidays when security may be light and preoccupied with other matters.

Read more:

by Tom Walsh. Expect to see a spike in ransomware attacks in December. Holiday time means organizations need to be even more vigilant ...

11/22/2023

Here's the latest By the Numbers Report--Just in time for the holidays!

Q3 2023 - And We Thought LAST Quarter was Bad!

Key Takeaways:

Over 45 million records were impacted, which is nearly double the number in the previous quarter. And an attack on a Business Associate led to a very bad outcome for a major healthcare system.

The last two quarters’ combined totals rise to a level we haven’t seen since 2015.

If this is making you feel like a turkey on Thanksgiving, don't be discouraged. We can help!

Contact us for more information.

To read this report in your browser, follow the link in comments or click the image below.

Read in browser: https://www.tw-security.com/by-the-numbers-current-report/

Download a PDF copy to print and share: https://www.tw-security.com/home/by-the-numbers-current-report-2/

And have a happy Thanksgiving!

11/09/2023

We're proud to announce that this book, an important information privacy management resource for administrators and executives, is now available for presale.

Our own founder Tom Walsh contributed a feature article.

Read more about this publication and its significance at https://www.linkedin.com/posts/franhunter1_privacy-activity-7128130608924397568-2gAt

Congratulations, Tom!

10/31/2023

Firm Notifies Patients in 55 Health Practices Across Several States of MOVEit Hack

Anesthesiology, Pain Management, Gastro Practices Affected

While other sectors—including government, banking and education—have also been affected, MOVEit hacks appear to be hitting the healthcare sector particularly hard, perhaps due to high numbers of patients collectively treated or serviced by victim organizations, said Bobst, senior security consultant at -Security (www.tw-security.com).

"Those two incidents exploiting file transfer software provide important security considerations for healthcare sector entities .... organizations should begin migration to more sophisticated solutions for file transfers," Mr. Bobst. said in a recent article in Healthcare Infosecurity News.

For more information and what to do if you're vulnerable, see the link in the comments.

For more information or to schedule a FREE initial consultation – contact tw-Security.

Read more here: https://www.tw-security.com/news/firm-notifies-patients-of-55-health-practices-of-moveit-hack/

Anesthesiology, Pain Management, Gastro Practices Affected Across Several States   … While other sectors, including government, banking and education also have been affected, MOVEit hacks appear to be hitting the healthcare sector particularly hard, perhaps due to high numbers of patients collect...

08/04/2023

Here's our latest By The Numbers Report on the state of .

Wish the news were better!

Read more:

Here's the latest By the Numbers Report for some light summer reading! 😁 Key takeaways: There was a huge upsurge in the number of records compromised--almost…

07/28/2023

Feature article by tw-Security President Tom Walsh.

In a threatening digital landscape, healthcare CIOs need to to uphold patient safety by implementing cybersecurity measures.

Healthcare cybersecurity can feel like a life-or-death issue with regards to patient safety, which can keep CIOs awake at night.

Some hospitals have been offline for days after a cybersecurity event, which raises serious patient safety concerns. And sometimes such an interruption may have dire consequences and trigger lawsuits.

For example, an Alabama woman whose 9-month-old daughter died filed suit against the hospital where she was born, claiming the facility did not disclose that its computer systems had been crippled by a ransomware attack, which resulted in diminished care that led to the baby’s death.

Thankfully, CIOs and other senior executives are becoming far more open to implementing cybersecurity controls as a result of the heightened awareness of patient safety issues.

Read more: https://www.tw-security.com/news/cybersecurity-in-healthcare/

07/18/2023

📢 Excited to share an important article from HealthcareInfoSecurity!

The recent inspection by the Virginia Office of the Inspector-General (VA OIG) highlighted unresolved vulnerabilities in the Northern Arizona VA Health Care System.

“The report rightly called out configuration management and security management,” said tw-Security Senior Security Consultant Wendell Bobst.

Is your data environment vulnerable? Read more here:

https://www.tw-security.com/news/va-oig-audit-uncovers-vulnerability-management-weaknesses/

Agency Details Security Review Findings in an Arizona VA Healthcare System   … Some experts say the OIG’s audit not only highlights important security risk management issues at the VA, but also in the healthcare sector overall. “The report rightly called out configuration management and secur...

07/18/2023

You're probably used to getting a code on your phone to use when you log into sensitive sites.

It's called multi-factor authentication (MFA), or 2FA for simple double-checks on your identity.

Everyone is doing it. We're all used to it.

So why is healthcare the last to get on board?

Tom's takeaway:

HIPAA-Covered Entities, Third Parties Reminded to Avoid Authentication Mistakes   … “Healthcare is lagging when it comes to fully adopting multifactor authentication,” said Tom Walsh, president of privacy and security consultancy tw-Security. “Some of this could be because of legacy applica...

06/14/2023

By the Numbers Q1 2023 is out!

Highlights:

Breach Impacts Setting a Record Pace

"Phishing" attacks net the biggest catches.

The first quarter of 2023 saw the highest number of large breaches since 2020. In 145 incidents, nearly 13 million records were exposed

Don't let Business Associates off the hook for liability.

View the latest issue in your browser: click on the image below.

Or download your own copy to read and share. Link in comments.

Stay safe!

By the Numbers Q1 2023 is out! Highlights: Breach Impacts Setting a Record Pace "Phishing" attacks net the biggest catches. The first quarter of 2023 saw…

06/12/2023

Iowa Reports Third Big Vendor This Year

The tw-Security takeaway:

Keith Fricke, principal consultant at and consultancy tw-Security, focuses on the challenges that state agencies face.

And tw-Security privacy and security consultant Susan Lucci suggested that covered entities pause before signing any business associate agreement.

We expect a record-setting pace of breaches and affected individuals in 2023, and this article outlines concrete steps to take.

Read more here:

Latest Breach Affects 234,000 Individuals; Involves Recent MCNA Insurance Co. Hack   … Three large breaches within weeks of each other illustrates vendor risk challenges that many state agencies face, said Keith Fricke, principal consultant at healthcare security and privacy consultancy tw-Securi...