Healthcare Sector Ransomware

Healthcare Sector RansomwareA recent ransomware claim in the healthcare sector is a reminder of ransomware tactics used by criminals. Hackers associated with BlackCat ransomware added NextGen Healthcare Information Systems to their list of compromised businesses last week. The attack is another example of hackers’ focus on the healthcare sector, the highest category to experience attacks over the past few years.

A spokesperson from NextGen responded, “NextGen Healthcare is aware of this claim and we have been working with leading cybersecurity experts to investigate and remediate. We immediately contained the threat, secured our network, and have returned to normal operations. Our forensic review is ongoing and, to date, we have not uncovered any evidence of access to or exfiltration of client data. The privacy and security of our client information is of the utmost importance to us.” The company did not comment on employee or patent data.

BlackCat is a prolific ransomware that focuses primarily on the healthcare sector. The group uses triple-extortion tactics to convince victims to pay ransoms by threatening to leak the data if they refuse. The group also utilizes DDoS attacks to knock victims’ websites offline.

The healthcare sector is a particularly enticing target for hackers because of the personal patient data they store, and the inconsistency of security tools employed by healthcare companies. However, early data shows ransomware payments were down nearly 40% in 2022 across all business sectors. Researchers speculate businesses are investing in security and backup tools and are able to recover from an attack without paying the ransom. Another factor in the decline is that paying a ransom may not be legal in the business’s home country. The US government has imposed sanctions on some foreign countries, restricting the export of money and products. If the ransomware group has ties to one of those countries, the company could find itself in legal trouble after recovering its data.

Experts predict the recent decline in payment will prompt ransomware groups may forgo medium-sized businesses with more security measures in place. Instead, they believe hacker groups will get more aggressive with very large and small companies to make up for the difference in revenue loss over the coming year.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Physical Security

Ohio Cybersecurity Court Ruling

The Ohio Supreme Court reversed a lower court ruling and ruled against a local business in a ransomware attack case. EMOI Services, a medical billing company in Kettering, Ohio, was the victim of a ransomware attack in September 2019. The attacker encrypted the company’s data and demanded a ransom of $35,000 for the encryption key. EMOI Services paid the ransom, updated their systems, and were able to get their services back online. After the incident, EMOI filed a claim against their business owner’s insurance policy which included a data compromise endorsement. The insurance company denied the claim responding the policy did not cover “extortion, blackmail, or ransom payments.” Additionally, the insurance provider claimed the policy did not apply to the incident because there was no physical damage to equipment or media.

EMOI sued their insurance provider, Owners Insurance Co., claiming software was damaged in the attack and should be covered by the insurance policy. The Ohio trial court sided with the insurance company, saying EMOI was not entitled to coverage over the attack. EMOI appealed, and the appellate court sided with the medical billing company. The Ohio Second District Court of Appeals ruled that software should be included in the damage of media and should be covered by the policy.

Owners Insurance Co. appealed to the Ohio Supreme Court, and the court overruled the lower court ruling in favor of the insurance company. The Ohio Supreme Court ruled, “Since software is an intangible item that cannot experience direct physical loss or direct physical damage, the endorsement does not apply in this case.” Even though the electronic-equipment endorsement covered media such as disks or cards, the Ohio Supreme Court ruled the information stored on that media was not covered.

Comments from Jack Gerbs, CIO Quanexus, Inc.

I have read the Ohio Supreme Court’s ruling and a few things stood out. First, the policy is defined as a business owners insurance policy. I don’t know if this language would be different if it was a cyber insurance policy. The court made their ruling on the fact that there was no physical damage. This case points out the importance of dealing with a company that understands this new cyber insurance market and why we recommend having an attorney with experience in this area, review cyber policies. As I have mentioned in previous newsletters and blogs, the cyber insurance market is growing very fast and while you are trying to insure against responsible risks it is important to understand the language in your cyber insurance policy.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Small Business

AI and Cybersecurity

AI and CybersecurityAI Cybersecurity Opportunities and Threats

Artificial intelligence (AI) is a growing resource utilized in cybersecurity to help detect and prioritize attacks. Watch our latest video blog to see how AI makes enterprise-level security tools more accessible in SIEM solutions. However, concerns are growing about how cybercriminals may also use AI in the near future.

ChatGPT is a new AI chatbot introduced by OpenAI in November of 2022. The chatbot went viral shortly after its release, and users have raised alarms that the software may be able to write malicious code. The chatbot is unique because of its ability to write and debug software in various programming languages. The chatbot can also explain complex topics, compose music, answer test questions, and write student essays. Unlike most chatbots, ChatGPT is conversational and remembers and builds on previous prompts in the same conversation.

Because of the new tool’s ability to write and debug software, there is growing concern criminals will use the chatbot to write malicious software and compose phishing campaigns. ChatGPT has security controls to keep it from writing malware if a user asks. However, developers have successfully bypassed the security controls and recently got the chatbot to write malware code. One concern is that less experienced attackers can use AI-generated code to launch previously impossible malware attacks.

Another concern is chatbots could be used to compose more realistic and convincing phishing attacks. Users are mostly aware that poorly written emails with grammar and punctuation mistakes are malicious. AI presents an opportunity for criminals to create more effective phishing campaigns in any language. A chatbot could also be used to get around email filtering by varying each phishing email sent instead of creating a single template and sending out thousands of malicious emails.

Artificial intelligence presents new opportunities and threats in the cybersecurity landscape. ChatGPT received greater attention in the cybersecurity community because of its immediate popularity and the capabilities developers and journalists have been able to demonstrate in just over a month of use.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

SIEM Solutions

Jack talks through SIEM Solutions for small and medium sized businesses, how they are currently impacting the cybersecurity market, and why your business may need one in the near future.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business