Phishing and medical device exploits

Social engineering is a cyber threat we could discuss week after week…so that’s exactly what I’m going to do this time.  More phishing campaigns have made headlines thanks to a breach of the AP Stylebook, which is used by news and other organizations as a guide to on such relevant topics as grammar, writing style and punctuation.  At the start of September, AP Stylebook sent out notifications to affected individuals, including 224 journalists, about a data breach in which hackers breached a database and accessed a range of information from names and email to physical addresses, phone numbers, Social Security numbers and taxpayer ID numbers.  The AP has not expounded on the methods by which the hackers were able to accomplish their scheme.

No surprise that phishing emails were soon to follow, attempting to coax affected AP customers to a legit-looking website that asked them to update their credit card information.  Luckily, the fake site was shortly removed, along with the old, real website that the cyber criminals had accessed.  We can only hope nobody fell for what sounds like a pretty clear ruse.

Media organizations are no different than any other industry in their appeal to bad actors after their troves of personal data.  Medical device manufacturers are another, perhaps even more attractive target, for the prices that health data can fetch on the black market.  As medical technology has evolved, greatly expanding the attack surface, companies and lawmakers have tried to keep pace with sophisticated cyber crime that exploits any new weakness it finds.  To this end, the FDA has most recently ended the grace period, starting October 1, for medical device manufacturers to implement data security into their devices during the design and validation phases. 

According to the Food and Drug Omnibus Reform Act of 2022 (FDORA), manufacturers are required to “monitor, identify and address” data security vulnerabilities and report them to FDA as part of every new product application for an internet-connected cyber device.  Proper management of cybersecurity in their devices and attention to the FDA guidelines will help organizations stay on top of the requirements and avoid penalties.  Knowing where the vulnerabilities in the devices are – and cyber criminals discover new ones every day – is critical for medical device manufacturers to bolster their security posture.

When it comes to sensitive data, it is the responsibility of every individual to monitor their own information, as well as that of the organizations that collect them.  NetLib Security’s powerful Encryptionizer product offers the solution to protect this stored data against social engineering.  By encrypting the data, even when bad actors break in, the cache is rendered illegible and useless to them and any potential buyers. 

Against phishing schemes or any type of cyber attack, don’t let holes persist in your armor for the cyber thieves to break through.


By: Jonathan Weicher, post on September 21, 2023
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security