GovInfoSecurity
Compliance
Compliance
HealthInfoSec) • April 20, 2021 Get Permission
Given the surge in the use of telehealth during the COVID-19 pandemic - and expectations for continued growth - the Healthcare and Public Health Sector Coordinating Council has unveiled guidance on safeguarding patient data during remote care encounters.
The recommendations include implementing encryption, enhancing monitoring capabilities and using privileged account management tools.
FAIR Health, a nonprofit organization that tracks health insurance claims data, found that telehealth claims to private insurers grew 4,347% from 2019 to 2020 as a result of remote care during the pandemic, HSCC notes.
And the research firm Frost & Sullivan projects a sevenfold growth of telehealth by 2025.
Alert from CERT-FR, which is the French government s computer emergency readiness team
French cybersecurity authorities are warning that widely used, open-source IT monitoring software called Centreon appears to have been targeted by Russian hackers. But unlike the SolarWinds supply chain attack, in this campaign, attackers appear to have hacked outdated, unpatched versions of the software.
The Centreon open-source IT network monitoring tool is developed by the Paris-based company of the same name.
The National Cybersecurity Agency of France, known as ANSSI, says that the campaign has resulted in the breach of at least several French organizations for a period of up to three years.
Get Permission
Data breaches often turn out to be worse than they first appear, as investigators begin probing exactly what happened and when.
The massive SolarWinds supply chain attack, which was identified by FireEye in December 2020 after it traced back a breach of its systems that resulted in the theft of penetration testing tools, has already fit that mold in spades. Now, it appears that attackers had backdoored SolarWinds Orion network monitoring software by last March, which was used by 18,000 customers.
Incident responders have been racing to identify exactly who then got hit with second-stage attacks via the Orion backdoor, dubbed Sunburst, as well as what types of information they may have stolen. Victims are suspected to number in the hundreds, and are known to include Microsoft and Cisco, as well as the U.S. government s Commerce, Energy, Homeland Security, Justice, Labor, State and Treasury departments.