Predictions for 2018

The new year kicked off with leading institutions weighing in with their cybersecurity predictions for 2018. MIT predicts we will see more large-scale data breaches in the year ahead. Companies that hold sensitive information, especially related to personal web browsing habits, will be popular targets. Ransomware attacks, such as Wannacry, will continue to remain a popular tactic among hackers as they will likely focus their attention on cloud computing businesses, with smaller companies among the most vulnerable. MIT predicts that hacks targeting electrical grids, transportation systems as well as other critical infrastructure can be expected in 2018. Hackers will look to AI to drive more phishing attacks and design more sophisticated malware. The rise of cryptocurrency will encourage hackers to hijack computer networks to increase the computing capacity necessary to assist in theft of Bitcoin and other digital currencies. There is cause for alarm that hackers may choose to breach the networks of hospital chains, airports or other sensitive locations and entities should prepare accordingly. As companies ratchet up their security to address hacking risks, companies with EU locations or selling goods or services to EU residents also must act to meet the rigorous requirements of the EU General Data Protection Regulation (GDPR), effective May 25, 2018, or face major penalties.

Chip Flaws

The world’s computer-chip and software makers scrambled to respond to the disclosure of two widespread hardware vulnerabilities found by cybersecurity experts that could affect most of the world’s modern computing devices. Tech manufacturers and researchers described the two vulnerabilities as design flaws, long present in most modern chips. The bugs, dubbed Spectre and Meltdown, make data stored in the working memory of shared servers and individual devices—including personal computers, tablets and smartphones—vulnerable.

Email was the biggest source of data breaches in 2017, with 73 breaches between Jan. 1 and the end of November reported to HHS, affecting 573,698 people. Hospital staff seem to understand this, citing email as the most likely medium for a breach, according to a new survey from security firm Mimecast and HIMSS Analytics. They're not wrong: 4 in 5 U.S. physicians have had cyberattacks in their practices, according to an Accenture survey, and about 78% of respondents to the Mimecast survey said they'd had either a malware and/or ransomware attack in the last 12 months.

A survey conducted by Accenture in association with American Medical Association (AMA) reveals that every 8 in 10 doctors in the United States have experienced cyberattacks in their clinical practices. Additionally, the survey discovered that nearly two-thirds of all the surveyed physicians who experienced an attack have gone through a downtime of more than 4 hours causing equivalent loss to patients as well as doctors & staff.

Perhaps it's not surprising, given the extensive compliance guidance provided by the EU Article 29 Data Protection Working Party (WP29), but the WP29 recently expressed concern about the lack of “clear guidance” provided by the Department of Commerce and the Federal Trade Commission to U.S. companies adhering to the Privacy Shield. Essentially, the WP29 is of the opinion that “any data concerning an employee in the context of an employer-employee relationship” should only be transferred under the Privacy Shield if the receiving company has an active certification that contains the required commitments for transferring HR data.