The New Jersey State Bar Association recently met to discuss, among other things, our favorite topic: Cybersecurity. (Perhaps our esteemed Privacy, e-Communication and Data Security Practice Group chair was there….) We wanted to briefly mention two critical points discussed:
Oh, one more thing….Rapid7 issued its Quarterly Threat Report earlier this week. While health care has always been among the top threat sectors, this Quarterly Threat Report indicates that health care is now bumping up to the top spot, eclipsing the financial industry as a cybersecurity target. This is due to both the rich nature of the data that health care entities maintain, and to the vulnerable nature of their systems. The Report notes that “healthcare organizations often have a complex, distributed IT infrastructure with difficult-to-patch legacy systems and proprietary medical devices, making them challenging to secure quickly. They also rely on system availability to keep operations running when lives are on the line, and adversaries have frequently targeted that availability using tactics such as ransomware or telephonic denial of service attacks (TDoS) to overwhelm critical phone lines.