Cybersecurity roundup: U.S. to ban Kaspersky antivirus; Cost of healthcare breaches way up
Photo: zf L/Getty Images
The White House this past week announced its plans to ban new sales of antivirus software from Kaspersky Lab, after years of pushback against the Russia-based company and fears that its tools themselves pose a security risk to critical U.S. infrastructure, including healthcare.
The Biden Administration alleges that Kaspersky's privileged access to American IT systems – it's installed on computers used by healthcare organizations, state government agencies and elsewhere – could enable it to exfiltrate important data or to stealthily deploy malware.
"Russia has shown it has the capacity and ... the intent to exploit Russian companies like Kaspersky to collect and weaponize the personal information of Americans and that is why we are compelled to take the action that we are taking today," said U.S. Commerce Secretary Gina Raimondo on June 20, according to Reuters.
For its part, Kaspersky – which maintains that it is a private company with no government ties, and plans to fight the ban in court – countered that the decision was based on current tensions between the U.S. and Russia, and on "theoretical concerns, rather than on a comprehensive evaluation of the integrity of Kaspersky's products and services."
The new regs prohibit downloads of Kaspersky software – including updates, licensing and white-labeled versions of the product – starting Sept. 29.
Kaspersky has been a concern for federal regulators' since 2017, when the U.S. Department of Homeland Security first banned its antivirus tools on federal networks, citing concerns that Russian intelligence agencies could compel the company to gather data and intercept communications from the agencies using the software.
Average breach cost nears $11M
Meanwhile, a new report this week from phishing prevention company KnowBe4 shines a harsh spotlight – for anyone who may not yet have noticed – on the "severe cybersecurity crisis" affecting the healthcare industry.
The company's new International Healthcare Report shows hospitals and other health organizations facing a severe uptick in ransomware worldwide – but especially in the U.S., with a 73% increase in attacks affecting U.S. facilities.
Among other findings from the new research:
- Over the past three years, the healthcare industry has seen a significant surge in cyberattack costs, with the average cost of a breach now nearly $11 million – making healthcare by far the costliest sector for cyberattacks.
- Healthcare organizations worldwide saw an average of 1,613 cyberattacks per week in the first three quarters of 2023, a big increase from the same period the previous year.
- Ransomware attacks accounted for more than 70% of successful cyberattacks in the past two years.
- Between 79% and 91% of cyberattacks, depending on the sector, began with phishing or social engineering tactics, which allow bad actors to gain unauthorized access to accounts or servers.
"The healthcare sector remains a prime target for cybercriminals looking to capitalize on the life-or-death situations hospitals face," said KnowBe4 CEO Stu Sjouwerman, CEO of KnowBe4. "With patient data and critical systems held hostage, many hospitals feel like they are left with no choice but to pay exorbitant ransoms.
"This vicious cycle can be broken by prioritizing comprehensive security awareness training to empower employees and cultivate a positive security culture as a strong defense against phishing and social engineering attacks."
HIMSS candidate for ISC2 board
In other news, our colleague Lee Kim, who serves as senior principal of cybersecurity and privacy at HIMSS (HIMSS is the parent company of Healthcare IT News), has announced her candidacy for the board of directors of ISC2, one the biggest cybersecurity-focused membership organizations.
She hopes any ISC2 members who are reading this will consider supporting her in this endeavor by casting a vote for her campaign. Voting is open through July 2nd at the ISC2 member portal.
Lee really knows her stuff, and is the driving force behind the invaluable HIMSS Cybersecurity Survey each year. She notes that she's the only ISC2 board candidate from the nonprofit space, and the only one with a healthcare focus.
"I'm happy to be a candidate for the ISC2 board of directors," Kim tells HITN. "This comes at the right time as we need to prepare for an AI, virtual, meta and quantum future.
"It's important that people vote for a person from a non-profit that is focused on the healthcare sector," she adds. "We know how to convene, collaborate, and effectuate change for the greater good."
Mike Miliard is executive editor of Healthcare IT News
Email the writer: mike.miliard@himssmedia.com
Healthcare IT News is a HIMSS publication.