If the SolarWinds hack taught us anything, it’s that the security of a company’s infrastructure is dependent on the resilience of their vendors. A breached vendor is a trojan horse that bypasses normal defenses and accesses the trusted areas of the network. Threat actors have cunningly discovered that a trusted vendor is often the easier […]
One would think that most data breaches were caused by hacking as those are the breaches that are always mentioned in the news. However, up until the end of 2019, Theft was still the top cause of breaches in healthcare according to data compiled from the U.S. Department of Health and Human Services (HHS) Office […]
2019 Academic Medical Center Conference Healthcare Security Project StrategiesPresenters: Kirk Davis & Jerry Hare (Vidant Health), Jon Sternstein (Stern Security) June 4th, 2019Washington Duke Inn, Durham, NC
The September 2017 (Volume 15 Issue 9) edition of the ISSA Journal features an article by our founder and principal, Jon Sternstein. The title of the story is “Healthcare Security Ailments and Treatments the World Needs to Know” and provides valuable insight into healthcare data breaches. All of the graphs shown can be recreated on […]
2016 NCHICA Annual Conference The Rise of Ransomware in Healthcare – New Threats, Old Solutions Presenters: Chuck Kesler (CISO, Duke Health) & Jon Sternstein (Principal, Stern Security) August, 2016
Stern Security Labs analyzed a Locky ransomware sample. The following video shows an actual Locky ransomware attack on a Windows 7 machine. Watch how fast the ransomware encrypts the files on the computer. The computer is encrypted within one minute of clicking on the malicious “invoice.pdf” file! Ransomware attack demonstration from Stern Security on Vimeo.
We have recently received two samples of Locky maldoc (malicious document) ransomware from a healthcare institution. Ransomware is a devastating piece of malware that encrypts important files on an infected computer and demands ransom to decrypt the files. We will examine two samples. Both samples arrived via email and were not detected by spam filters […]
Background On January 22nd, 2016, the Food and Drug Administration released a draft guidance document titled “Postmarket Management of Cybersecurity in Medical Devices”. (Food and Drug Administration). This important document addresses the need for security throughout the lifecycle of several medical devices. Improving medical device security is a subset of President Obama’s February 19th, 2013 […]