National Nurses Week 2018 – Nurses: Inspire. Innovate. Influence

Third Rock would like to take this chance to salute the nation's Nurses for their role in patient safety - clinical safety, physical safety, and cyber safety. It's nurses of all types who are on the front lines of protecting patients from cyber threats - such as identity theft. ransomware, and device hacking -  by practicing good "cyber hygiene."  Good job, nurses - THANKS for all you do to keep all of us cyber safe! ...

Cloud or Not-to-Cloud; The Allscripts Breach

Allscripts’ Electronic Health Records service was the first major cloud-based EHR to be significantly disrupted by a ransomware attack.  Close to 1,500 practices were affected by the EHR outage for about a week; essentially shutting down those practices.  Allscripts was hit by the SamSam virus which was launched in December 2016, crippling two of their North Carolina data centers.  Angry customers voiced their displeasure on social media and a class-action lawsuit has been filed. Hackers have been r ...

Practical Steps to Protect Your Data!

Being in the business of helping our customers protect their data, my email inbox is filled with news of cyber breaches and the latest, state of the art, machine learning artificial intelligence cybersecurity systems!  I think there is an “arms race” between the security products firms and the cyber criminals.  Feels like the criminals are winning, but they have a target rich environment.  Those defending against the hackers have to be correct 100% of the time while the criminals only have to fin ...

The Most Common Mistakes in Cybersecurity are Preventable

Many of the issues we see in cybersecurity, whether you are in healthcare, retail, finance, etc., are by and large preventable. It is not about having a big budget or a large team of experts. No, some of it is just common sense. It is not unlike driving a car. When driving a car you take several basic, yet important, steps to try and lower your risk of an accident. You look both ways at a stop sign, you drive safely to avoid losing control, you keep your car in working condition, and just in case you are in ...

Don’t Click the Download Button!

I thought about naming this blog "Would the Real Download Link Expose Yourself."  But, a few people said that wasn't a great title.  Go figure! I'm sure you've visited a website to download something, maybe an image or install software or maybe some template to design a cool new flyer.  You've probably also clicked on a large green or teal or blue or some other lovely color button that said, "Download", only to find out it was an ad to some trash item you're not interested in nor do you want.  It ...

Congress Addresses Medical Device Vulnerabilities

The Medical Device Cybersecurity Act of 2017 was introduced on August 1, 2017 by Senator Richard Blumenthal (D-CT).  The new bill is intended to improve the security of medical devices and increase transparency. If passed, it would make healthcare organizations aware of the cyber capabilities of devices and the extent to which those devices have been tested.  Is this another law adding burden to a strained healthcare industry or a vital piece of legislation designed to protect the public?  Let’s se ...

Phishing with Ransomware – Don’t take the bait!

Phishing is a hacking technique that uses phony emails to trick users into revealing sensitive account information (e.g., account password) and/or installing malicious software (“malware”). With ransomware hogging the headlines, non-technical staff may have gotten the impression that the phishing threat is over. News flash – 97% of phishing messages now act as carriers for ransomware!  (Barkly Stats & Trends) Aaghh! So now, it’s more important than ever that staff be trained to anticipa ...

What to do if you are a Ransomware victim – latest guidance from HHS

In an earlier post, Clint Eschberger explained that the Best Defense Against Ransomware is a Good Backup. So hopefully your backups are in order - multiple, off-site, and tested. In addition to your internal processes for getting your organization back online, the HHS just issued the following guidance for reporting ransomware incidents and obtaining guidance. If  your organization is the victim of a ransomware attack, HHS recommends the following steps: Please contact your FBI Field Office ...

Buckle Up, It’s Going to be a Wild Cyber Ride!

Breathing a sigh of relief that the WannaCry ransomware attack didn’t hit your organization?  Thinking you’ve dodged that bullet?  Well, think again!  If trends are any indication, and they typically are, I think it’s going to get a lot bumpier.  Below are some incidents that lead me to to this conclusion.  So, buckle up and hold on tight! January 2015 – Largest Single Healthcare Breach - Anthem Insurance breach affecting over 80 million people.  Investigations point to state sponsored cybe ...

Drug Lords versus Cyber Criminals

While sipping my morning coffee and watching the news, CBS reported that the cyber crime industry annual revenues now exceed that of the illicit drug industry.  The estimate provided was ONE TRILLION dollars! Wow! I don’t get to use the “trillion” number very often in my work.  In fact, I don’t ever remember using it before, but we are a small business.  The drug lords (even their nick name means rich) seem to have an endless supply of money.  These guys can afford to fabricate a fleet of ...

1 2