Armand here, RPost’s product evangelist armadillo. I’ve been chatting with various CIOs and business owners of large and small firms. One question keeps arising. CIOs wonder why (and of course how) they and/or their peers are still being breached, considering all their current security.
Recently reported, Ascension Health Systems, with its 140 hospitals (the top five largest system in the USA) had 5.6 million health records exfiltrated.
Now, since these records reportedly contained private patient health information, presumably including lab test results and health diagnoses since they were extracted from their health records system, these cybercriminals reportedly should be able to sell each record for $350 on the dark web (if fully sold, that would be almost $2 billion in value).
Who would buy a record for $350? Another category of cybercriminal who wants to extract far more than $350 of value out of that record. Contrast the bounty for health records ($350 per record) versus credit card info and payment records ($10 per record). No wonder healthcare organizations are such hot targets!.
I digress. But my point is:
(a) We know from comps that Ascension, with more than $25 billion in revenue, would likely have an IT budget of approximately 3% of revenue,
(b) and perhaps with its IT budget of at least several hundred million dollars, it would effectively have all the money in the world to buy all the IT security tools thinkable and staff to operate them
Then, why would they NOT have been able to pre-empt this cybercrime – this data exfiltration presumably for ransom?
What was the cost to Ascension? Reportedly, Ascension posted a $1.1B net loss for 2024 after this cyberattack.
The cyberattack reportedly had far-reaching effects, forcing the health system to shut down pharmacies, divert ambulances, switch to manual record keeping, and close critical systems. In its securities filing, Ascension attributed much of its loss to the cyberattack, stating, “a significant portion of Ascension’s year over year financial improvements were reduced” by the incident.
Big IT budget. Big cybercriminal-designed business disruption. Big compliance issue due to the patient data exfiltration. Big overall financial impact.
My humble armadillo opinion?
These are very sophisticated insider threats (in this case, reportedly, insider human error) resulting from cybercriminals’ eavesdropping tactics (understanding who communicates with whom about what to provide contextual and GenAI powered up perfected lures) causing leaks (structured and unstructured data exfiltration).
The organization is surely spending on IT security in the right places. But it is NOT spending in ALL of the right places.
What I mean by this is they are missing the ability to SEE THE UNSEEN™ – see where the cybercriminals first compromise often smaller, less security-sophisticated supplier email accounts to then gather intel to formulate their successful attack.
What Ascension should be spending on is RPost’s PRE-Crime services. Had they deployed these, I would argue, Ascension would have seen this crime building outside their networks --- BEFORE the tricky lures were deployed on their staff --- AND would have been able to pre-empt the crime from occurring.
Now, for most, you might not be as big a target as Ascension from a cybercriminal perspective. But you can bet other criminals are purchasing these or other millions of breach records to cause pain to perhaps your company or others you do business with.
Large or small businesses and government, regardless of industry sector, hear this: RPost has UNIQUE tech to counter today’s most sophisticated insider threats, leaks, & cybercriminal eavesdropping tactics.
You may think you’ve got this covered. You’ve got it covered, ONLY if RPost is part of your security stack.
December 27, 2024
December 19, 2024
December 13, 2024
December 09, 2024
December 03, 2024
Blog