fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

German Woman Dies in First Known Death From a Cyber Attack on a Hospital

German Woman Dies in First Known Death From a Cyber Attack on a Hospital

The first known death from a cyberattack was reported on Thursday (Sept 17) after cybercriminals hit a hospital in Dusseldorf, Germany, with so-called ransomware, in which hackers encrypt data and hold it hostage until the victim pays a ransom.

The ransomware invaded 30 servers at University Hospital Dusseldorf last week, crashing systems and forcing the hospital to turn away emergency patients.

As a result, German authorities said, a woman in life-threatening condition was sent to a hospital 32km away in Wuppertal and died from treatment delays.

Hospitals have been a frequent target of cybercrime, particularly ransomware attacks, because the need to access health records and computer systems creates urgency that increases the likelihood that victims will pay their extortionists.

Also Read: New Data Protection Laws Australia: How Implementation Works

“Hospitals can’t afford downtime, which means they may be more likely to pay – and quickly with minimal negotiation – to restore their services,” Brett Callow, a threat analyst at Emsisoft, a New Zealand security firm, said on Friday. “That makes them a prime target.”

The most aggressive reported attacks on health care facilities to date were North Korea’s 2017 “WannaCry” ransomware attack, which froze British hospitals and forced doctors to cancel surgeries and turn patients away. Another was the Russian “NotPetya” attack one month later, which forced hospitals in rural Virginia and across Pennsylvania to turn away patients whose records they could no longer access.

The WannaCry attacks were eventually mitigated by a hacker who found a way to neutralise them, but much of the data seized in NotPetya was never recovered.

No deaths were reported from either attack, but security experts said it was only a matter of time.

“This was absolutely inevitable,” said Mr Callow. “We are fortunate it hasn’t happened sooner.”

Ransomware has become a scourge in the United States, and hospitals are among the softest targets.

In 2019, 764 American health care providers – a record – were hit by ransomware.

Emergency patients were turned away from hospitals, medical records were inaccessible and in some cases permanently lost, surgical procedures were canceled, tests were postponed and 911 services were interrupted.

Also Read: Overview of the Personal Data Protection Act – SG

But little has been done to deter the attacks, and the responses of targeted institutions are often shrouded in secrecy.

Despite FBI advisories warning victims not to pay their extortionists, cyber insurers have advised victims to pay ransoms, calculating that the payments are still cheaper than the cost to clean up and recover data.

The attacks cost organisations more than US$7.5 billion (S$10.2 billion) in 2019, according to IBM’s X-Force security division.

An increasing number of victims are choosing to pay, as many as 3 of 4, according to one recent survey of 500 senior executives conducted by Infrascale, a security company.

The payouts have emboldened cybercriminals, who have increased their ransom demands to as much as US$14 million worth of bitcoins in an attack that affected 110 nursing homes across the United States.

While there was a slight dip in attacks in the first six months of 2020, amid the pandemic, the onslaught has resumed pace.

Just last week, University Hospital in New Jersey was hit with ransomware and subsequently saw patient medical records published on the internet.

Other major American health centres hit with ransomware this year were Boston’s Children’s Hospital, which saw more than 500 affiliate pediatric offices hit last February, and, in June, Arkansas Children’s Hospital in Little Rock, among the largest children’s hospitals in the US.

It is not clear whether cybercriminals intended to take University Hospital Dusseldorf’s systems hostage, or if the hospital was collateral damage in an attack on a university.

The ransom note was addressed to Heinrich Heine University, which is affiliated with the hospital, not to the hospital itself.

Police in Dusseldorf contacted attackers via the ransom note to explain that the hospital, not the university, had been impacted, putting patients’ health at risk.

Attackers stopped the attack and turned over the encryption key to unlock the data – a development that also appears to be the first of its kind – before dropping correspondence.

German prosecutors are now investigating possible manslaughter charges against the cybercriminals.

This news first appeared here.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us