By Thom Davidson
These vendors work diligently to address security. Security is of the highest priority and they work to meet the requirements of software vendors using their cloud services. So, what is the problem? It is quite simple – this is a very target rich environment and it is too attractive to ignore by those that have bad intentions. It reminds me of what is called the Willie Sutton Law. The law is named after the bank robber Willie Sutton, who reputedly replied to a reporter's inquiry as to why he robbed banks by saying "because that's where the money is."
“A new report from Unit 42, the threat intelligence team at Palo Alto Networks Inc. has uncovered 34 million vulnerabilities across leading cloud service providers, highlighting that organizations are struggling with securing cloud installations.”
- Duncan Riley, siliconANGLE, July 24, 2019
In the article, he writes that hackers are well aware of the situation. According to the report, some 65% of all cloud-related incidents between February 2018 and June 2019 resulted from misconfiguration, the researchers said, with data leakage being the most common outcome of the attacks on cloud infrastructure.
One surprising finding in the report was the widespread detection of possible cryptomining malware. The spread of cryptomining malware has been documented in various reports in the past, but the report found 28% of organizations communicating with domains were operated by the Rocke threat group, a Chinese group known for its cryptomining operations. 100 Amazon Merchants Hacked In 'Serious' Six-Month Campaign:
There are number of recent incidents that should raise a level of concern for your healthcare contracts:
100 Amazon Merchants Hacked In 'Serious' Six-Month Campaign: Report by Michael Novinson, CRN
Tesla Hackers Hijacked Amazon Cloud Account to Mine Cryptocurrency by Robert Hackett, Fortune Magazine
The most common security risks that your contract management software must address are data breaches, hijacking of accounts, insider threat, malware injection, abuse of cloud services, insecure APIs, denial of service attacks and basic insufficient due diligence.
The healthcare industry requires adherence to some of the most stringent regulatory requirements. Contract Guardian leverages the expertise of UCG Technologies, an IT infrastructure company with 30 years of experience in data protection and business continuity, to ensure these requirements are met.
The Contract Guardian Security team shared some of the server compliance and infrastructure security that is included with the healthcare contract management services.
If you would like to learn more about Healthcare Contract Management Security, please contact us at Contract Guardian.