Hospitals push device makers to improve security following cyberattacks 

Hospitals push device makers to improve security following cyberattacks 

As the kinds of cyber attacks companies and other businesses are experiencing expand, we are seeing the actual victims, as well as potential ones of these attacks, step up their efforts to protect themselves. In hospitals, one of the areas of focus is internet connected equipment, but we can see how this will quickly spill over to the burgeoning Internet of Things and larger 5G markets, igniting a new round of demand for companies that fall within the parameters of our Safety & Security investing theme.

Hospitals are pushing medical-device makers to improve cyber defenses of their internet-connected infusion pumps, biopsy imaging tables and other health-care products as reports of attacks rise.

Rattled by recent global cyberattacks, U.S. hospitals are conducting tests to detect weaknesses in specific devices, and asking manufacturers to reveal the proprietary software running the products in order to identify vulnerabilities. In some cases, hospitals have canceled orders and rejected bids for devices that lacked safety features.

Hospitals, after a decade of racing to wire up their medical records and an explosion of internet-connected medical devices, are growing more aggressive with technology suppliers amid pressure to better defend against incursions that could threaten patients and cause costly disruptions. Credit-rating agency Moody’s Investors Service in February ranked hospitals as one of the sectors most vulnerable to cyberattacks.

In stepping up their efforts, hospitals have gone beyond building firewalls and taking other actions to shield their own networks—they have moved into demanding information like the software running devices that manufacturers have long considered proprietary. The requests have generated tensions between the sides.

Source: Rattled by Cyberattacks, Hospitals Push Device Makers to Improve Security – WSJ

New cyber attacks aim to steal corporate funds

New cyber attacks aim to steal corporate funds

It comes as no surprise cyber attacks are continuing. As we’ve shared in the past when discussing our Safety & Security investing theme, cyber is the new war front. Now we are seeing is a more pronounced change in the types of attacks (ransomware) and the targets (healthcare and small businesses). Perhaps the thinking is those new targets are more vulnerable or they lack adequate security measures that have been put in place by larger organizations.

From our Safety & Security perspective, it says the under protected will need to step up their cybersecurity spending to thwart the growing threat, creating demand along the way.

The threat of cyberattacks continues to grow, and small businesses (SMBs) are caught in the crosshairs.

The latest research in small business cybersecurity has revealed the relentless nature of the threat, with new strategies emerging and new strains of ransomware rearing their ugly heads. As a result, 71 percent of ransomware attacks are now targeting small businesses, according to a report released by Beazley Breach Response (BBR).

Its most recent Beazley Breach Briefing, released last month, analyzed 3,300 data incidents in 2018, and found that small businesses face a higher risk of being targeted by a ransomware attack than larger enterprises.

“The threat posed by cybercriminals continues to grow in complexity as they devise new techniques to breach IT security and trick unsuspecting employees into allowing them access to systems,” said Beazley Global Head of BBR Services Katherine Keefe in a statement. “Unfortunately, we see these threats globally across all sectors, and we strongly believe that education about the risks and preparedness are as important as IT security measures for protecting individuals and assets from cyberattacks.”

Beazley researchers found that the mean for ransomware attack demands was $10,310, though one incident saw a demand for $8.5 million. Healthcare emerged as the largest target for ransomware attacks, followed by financial service providers and professional services. Meanwhile, instances of the Business Email Compromise (BEC) are also on the rise: About 47 percent of all incidents examined last year were the result of a hack or malware — and, of those, about half were BEC scams.

Source: New Cyberattacks Rise To Steal Corporate Funds |

The SEC is calling for better controls as cyber scams grow

The SEC is calling for better controls as cyber scams grow

We’re not one to make lite of any fines assessed by the Securities Exchange Commission (SEC) or any corporate losses, but among the pain identified from an SEC investigation showed there is much room for improvement when it comes to identifying malicious cyber attacks even ones as simple as those found in an email. Should the SEC get its collective back up over cyber attacks given that investors rely on a company’s internal controls, and find companies are being lax in their security, we could see the SEC step in and issue fines to foster better corporate behavior. That would add another catalyst for cybersecurity spending, bolstering our Safety & Security investing theme in the process.

Another proof point that threats to one’s safety and security are being had in a variety of new and different ways.

Public companies that are easy targets of cyber scams could be in violation of accounting rules that call for firms to safeguard assets, the Securities and Exchange Commission said.

The SEC said in an investigative report that nine public companies wired nearly $100 million to hackers who impersonated corporate executives or vendors using emails. One company made 14 wire payments to a hacker, resulting in more than $45 million in losses, the SEC said.

“Cyber frauds are a pervasive, significant, and growing threat to all companies, including our public companies,” SEC Chairman Jay Clayton said in a statement. “Investors rely on our public issuers to put in place, monitor, and update internal accounting controls that appropriately address these threats.”

The type of scam the companies faced, known as business email compromises, have been responsible for more than $5 billion in losses since 2013 and ranked last year as the top cause of estimated losses linked to any cybercrime, the SEC said, citing data from the Federal Bureau of Investigation.

The investigation signaled regulators’ increased scrutiny of companies’ efforts to protect against cyber scams and whether intrusions are made easier due to poor compliance.

Company executives and boards have been grappling with cybersecurity issues long before the latest prodding from the SEC, said Charles Elson, director of the Weinberg Center for Corporate Governance at the University of Delaware. “Can anyone at this point figure out how to appropriately deal with this issue? That’s the difficulty of this whole area,” he said. “You are dealing with criminals. This is something that boards are dealing with,” he said.

Not all companies that fall for cyber scams are guilty of having lax safeguards, the report said. “What is clear, however, is that internal accounting controls may need to be reassessed in light of emerging risk.”

Source: SEC Calls for Better Accounting Controls as Cyber Scams Increase – WSJ

Axon’s new body cameras add greater law enforcement connectivity to the security equation

Axon’s new body cameras add greater law enforcement connectivity to the security equation

If we were only to read the headlines, one might think that cybersecurity is the only form of protection one needs these days. I’ll grant you that as we venture deeper into our Digital Lifestyle and Digital Infrastructure themes, odds are cybersecurity will play an increasing role, but there will still be other forms of security and protection needed. Those along with cyber-security give rise to our Safety & Security investing theme, which is poised to benefit from increasing military spending as well as new products with new capabilities that will aid law enforcement and help improve personal security.

Axon, the preeminent manufacturer of body-worn cameras for law enforcement, has launched the latest version of its devices, known as the Axon Body 3.

The new version features gunshot detection, livestreaming, and wireless uploads.The current version of the cameras, which are typically worn in the mid-chest region, must be physically docked before investigators can access the footage. These also lack detection and livestreaming capabilities.

Since May 2018, when Axon acquired its next-largest rival, VieVu, it has had a near-monopoly in the United States on body-worn cameras. A tiny Silicon Valley startup rival, Visual Labs, has been selling its Android-based cameras, which have had livestreaming and similar wireless features for at least two years.

Axon made the announcement Saturday evening at a law enforcement conference held in Orlando, Florida. The company, formerly known as Taser, also said that it has improved the camera’s ability to capture low-light situations in the new version.

Beyond the camera, Axon promoted a new version of its previous flagship product, the Taser 7, at the event. That device is now integrated with the company’s cloud-based storage system.

Source: Next generation of body cams for cops can livestream, detect gunshots | Ars Technica

BMO and CIBC attacks are reminders of the growing cyber threat

BMO and CIBC attacks are reminders of the growing cyber threat

Another reminder that cybersecurity, a key aspect of our Safety & Security investing theme and our Safety & Security Index, is the 21st century version of insuance – one needs to have for when something does go wrong. With $445 billion lost last year to cybercrime, I see that making cybersecurity a must have for companies as well as elevating it past the C-suite and into the Boardroom.

Similar to insurance, people tend to become complacent as the cyber attack headlines die down. As these two attacks show, however, the hackers are not taking a breather and that means cybersecurity growth prospects remain vibrant.



Bank of Montreal and Canadian Imperial Bank of Commerce (CIBC) announced Monday (May 28) that hackers stole data on close to 90,000 customers.

According to a report in Reuters, Bank of Montreal said it was contacted by hackers who claimed to have personal and financial data on its customers — the bank thinks it’s less than 50,000 of its 8 million customers. The spokesman wouldn’t tell Reuters if customers’ money was stolen in the hack, but did say that the hackers said they would make the data public. The bank is working with authorities and has launched an investigation.

Reuters noted that the Bank of Montreal thinks the attack happened from outside the country and is confident it has shut off the exposure that led to the data breach. Meanwhile, CIBC said fraudsters also contacted it, claiming to have stolen personal and account information on 40,000 customers. Both banks said they have notified customers and urged them to monitor their credit reports.

Source: Bank of Montreal, CIBC Announce Cyberattacks |

Pacemaker Security Update Needed to Protect Hearts From Being Hacked

Pacemaker Security Update Needed to Protect Hearts From Being Hacked

If you need more evidence that we are living in an increasingly internet-connected world, look no further than a recent software update aimed at making sure 465,000 people with pacemakers don’t have hearts that are vulnerable to hackers.

The U.S. Food and Drug Administration announced this week that medical device company Abbott has issued a corrective action for implantable cardiac pacemakers made under the St. Jude’s Medical brand. According to the company, there is a “risk of patient harm due to potential exploitation of cybersecurity vulnerabilities.”To address this heart-hacking vulnerability, Abbott is issuing a firmware update to the pacemakers.

Source: 465K People Need A Pacemaker Security Update To Protect Their Hearts From Hacking – Consumerist