Ransomware Incidents Among Largest Breaches on Federal Tally
Analysis of Latest Health Data Breaches on the HHS OCR ‘Wall of Shame’
… While many organizations are improving their practices to be better prepared for potential ransomware attacks involving encryption of data, “it doesn’t matter how good your data backup and recovery procedures are. That doesn’t help in a data exfiltration,” says Tom Walsh, president of privacy and security consultancy tw-Security.
Walsh suggests that organizations implement multifactor authentication “on as many applications and systems as possible.”
At a minimum, MFA should be applied to email, system administrator or “super user” elevated privileges access, and remote access users, he says.
“While MFA is not required by HIPAA, the cyber insurance industry is driving MFA – taking it from a best practice to a reasonable expectation,” he adds.
Walsh also says that entities should conduct penetration tests and address the “high findings” as quickly as possible, and they should conduct a cyberattack tabletop exercise. “You need to be ready,” he says.
Organizations should instruct users not to save their user credentials when prompted to do so on the screen, Walsh adds.
“Rule of thumb: If it is easier for the users, it’s easier for the hackers too.”