To support and protect healthcare and education facilities during this critical time, BSI’s US Cybersecurity Information Resilience (CSIR) team announced a new initiative today, BSI Cares, a program that provides a no-cost review of the internet footprint of qualified schools and medical facilities for a high-level report on their vulnerabilities.
“Many organizations critical to the health and wellbeing of the country have given access to technologies that allow for work from home programs, telemedicine, and home schooling. Yet, not all these organizations have the staff or budget to validate the security of these new internet facing assets, leaving them at risk of compromise or denial of service,” said Brian Bertacini, US CSIR Managing Principal at BSI. “Unfortunately, these vulnerabilities, if not identified and addressed, can have repercussions now and in the future.”
The criteria for the BSI Cares program is focused on the organizations needing help the most; the recipient must be a regional or independent medical center, a state or county school district, or recognized charter school, and have no more than 128 IP addresses. Once the organization’s information is verified, one of BSI’s pen testers will perform a port and service fingerprint of the target systems and produce a report of potential vulnerabilities. This initial vulnerability assessment isn’t meant to replace the need for a fully scoped penetration test; it is designed to identify the most critical, easily exploited issues and have actionable results back into the organizations’ hands in a matter of days, not weeks, to help shore up their cybersecurity.
The increased risk of cyber-attack has become a serious problem around the world as governments and organizations – including healthcare, and education institutions – have found themselves in relatively new territories as a result of their response to the COVID-19 pandemic. Officials have reported that cybercriminals are actively targeting and attempting to take advantage of any weaknesses that may be a result of the rapid expansion of technology resources.
Interpol recently reported that critical healthcare facilities across the US and Europe have been targeted because of the wealth of sensitive patient information that can be gleaned. Additionally, last month the US Health and Human Services Department suffered a significant cyber-attack on its computer system aimed at undermining the department’s response to the pandemic. The attack was an aggressive effort to scan the department’s networks for vulnerabilities, and perhaps even to try to break into its email system.
As school systems across the country have closed facilities and embraced online learning, the education system has also become vulnerable. Students are now engaging with online education technology, eLearning environments, and video conferencing, at levels previously unseen and unexpected, that were deployed very rapidly in most cases. On April 1 the FBI sent a warning that malicious third parties were taking advantage of the COVID-19 pandemic to launch attacks against these education technology services and platforms.
“We created BSI Cares to help the healthcare and education communities as they care for our most critical populations; those who are sick from the coronavirus disease, and the children who need to continue their studies while practicing social distancing away from their teachers and peers,” said Joseph Pierini, US CSIR Head of Testing at BSI, “This is our way of supporting organizations that are limited in terms of resources.”
Interested organizations should contact BSI at BSI_Cares@bsigroup.com.
BSI is the business improvement company that enables organizations to turn standards of best practice into habits of excellence. For over a century BSI has championed what good looks like and driven best practice in organizations around the world. Working with 84,000 clients across 195 countries, it is a truly international business with skills and experience across a number of sectors including aerospace, automotive, built environment, food, and healthcare. Through its expertise in Standards Development and Knowledge Solutions, Assurance, Regulatory Services and Consulting Services, BSI improves business performance to help clients grow sustainably, manage risk and ultimately be more resilient and trusted. To learn more, please visit: www.bsigroup.com
About BSI’s Consulting Services
BSI’s Consulting Services for Cybersecurity and Information Resilience headquarters are based in Sandyford, Dublin, where it manages and secures corporate information for BSI’s global clients. The company provides expertise to clients on the identification, protection, compliance and management of their information assets through a combination of consultancy, technology, research and training. Its mission is to help clients achieve Information Resilience - an environment where infrastructure is protected and secure, regulatory and compliance obligations are met, people are safe, and reputation and trust is maintained. The company’s highly qualified consultants’ experience and expertise cover the entire Information Governance landscape.
The company’s credentials are enhanced by adherence to internationally recognized accreditations and certifications (CREST / Cyber Essentials / Payment Card Industry Data Security Standard Qualified Security Assessor). BSI is the originator of the ISO/IEC 27000 series of Information Security Standards and the global leader in providing training and certification to ISO/IEC 27001, the established best practice in Information Security Management Systems (ISMS). For more information visit: bsigroup.com/cyber-us.