Marin civil grand jury calls for cybersecurity authority | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

A new Marin County Civil Grand Jury report recommends that county supervisors consider forming a cybersecurity joint powers authority.

The report — titled “Cyber Preparedness: Are We There Yet?” — is a follow-up to the panel’s 2020 report “Cyberattacks: A Growing Threat to Marin Government.”

The 2020 report revealed that from July 2017 through August 2018, the county had at least five cyberattacks. The first four, mostly the result of phishing — fraudulent enticements to disclose sensitive information — resulted in security breaches but no actual theft of data.

The fifth attack, however, concluded with the hacker conning the county’s finance office into wiring $309,000 to the hacker’s bank accounts. After detecting the fraud, the county was able to recover approximately $63,000, leaving a loss of $246,000.

The report also stated that during the preceding three years, six Marin municipalities had been the target of various cyberattacks.

According to the new report, Marin’s 11 municipalities have implemented or are in the process of implementing more than 90% of the cybersecurity best practices recommended in the 2020 report. These included management of mobile devices, automated malware detection, monitoring systems, use of expert resources and firewalls.

“Since the 2019-2020 grand jury report, none of the municipalities reported any material cyberattacks that would have been at the level of severity requiring public disclosure,” the new report says.

The federal government’s Office of Civil Rights requires the reporting of any breach that involves the health information of 500 or more people.

“The grand jury discovered that there were two cyberattacks reported by two other public agencies, but neither resulted in any material loss of data or money,” the report said.

Liza Massey, Marin County’s chief information officer, said there has been one breach since 2020.

“It was caused by an employee’s action, and it did not rise to the level of posting publicly,” Massey said. “Most breaches are caused by people, by human error.”

Massey declined to comment on the recommendations in the new report.

According to the grand jury, a watchdog investigative panel empowered by the local judiciary, cyberattacks on a global scale have become more sophisticated since its 2020 report.

It notes that the Center for Internet Security’s Nationwide Cybersecurity Review found that malware attacks increased by 148% in the first eight months of 2023, compared to the same period the year before, while ransomware incidents rose 51% during the same period.

The grand jury also quotes the security awareness company SoSafe as stating that cybercriminals are attracted to public sector websites due to their outdated technology and security measures.

After the 2020 report, Marin County created what is now known as the Marin Security and Privacy Council (MSPC). Originally formed to provide cybersecurity information and best practices to Marin’s municipalities, the council has been expanded to include nonprofits and other private organizations.

The MSPC, in cooperation with the county’s Department of Information Services and Technology, dispatches a monthly security awareness newsletter to Marin agencies and MSPC members, as well as alert notifications regarding active cyber threats.

“We also have a newsletter that’s available just to Marin residents, not only to business,” said Jason Balderama, the county’s chief information security officer.

The grand jury reported, however, that during its interviews with Marin’s municipalities and agencies, it found that many were unaware of the security newsletter, and “there seemed to be an overall lack of awareness of the existence of the MSPC.”

The grand jury says county supervisors should consider creating a cybersecurity joint powers authority “to raise cyber preparedness among its members, and to acquire and maintain perimeter defense protection systems for preventing and eliminating ransomware and more sophisticated cyberattacks.”

The grand jury also calls for supervisors to hire three new county employees to bolster cybersecurity. One would work within the county’s IT department and assist other county agencies with cybersecurity awareness, training, implementation and monitoring of cybersecurity systems.

The other two new hires would be “system-engineering” positions responsible for conducting security risk assessments, providing recommendations and implementing cybersecurity solutions for public agencies in Marin.

The grand jury’s list of 10 recommendations, some of which are fairly technical in nature, includes a suggestion that Marin agencies mandate that a business continuity plan be part of any contract they enter into with a third party for information technology services. Business continuity plans attempt to ensure that personnel and assets are protected and are able to function quickly in the event of a cyberattack or natural disaster.

The grand jury found that many, if not all, of the county’s municipalities and special districts contract out their information technology and cybersecurity services to third parties because of a lack of in-house expertise or budget. However, in reviewing the contracts, the grand jury found no language related to business continuity plans.

The report comes as MarinHealth Medical Center is recovering from the fallout of a February ransomware attack on one of its vendors, Change Healthcare.

“This disruption affected more than 5,700 U.S. hospitals, including MarinHealth. As a result, MarinHealth was forced to hold bills for payers for approximately 30 days,” Jennifer Churchill, a spokesperson for the hospital, wrote in an email. “While patient care was not compromised, the attack did disrupt cash flow.”

Change Healthcare is a part of Optum and owned by UnitedHealth Group. Churchill said Optum offered Change Healthcare’s clients interest-free loans to help bridge the gap for short-term cash flow needs for hospitals and providers affected by the attack.

“MarinHealth got approval from the Marin Healthcare District Board to have the option to use the interest-free loan with a cap of $32 million if needed,” Churchill wrote. “We are not at liberty to publicly share the details of the transaction. As of this date, we have not been informed of any patient information that was compromised. ”


Click Here For The Original Source.

National Cyber Security