The Wall Street Journal reports on its interview with FBI Director Christopher Wray

FBI Director Christopher Wray said the agency was investigating about 100 different types of ransomware, many tracing back to hackers in Russia, and compared the current spate of cyberattacks with the challenge posed by the Sept. 11, 2001, terrorist attacks.

“There are a lot of parallels, there’s a lot of importance, and a lot of focus by us on disruption and prevention,” Mr. Wray said in an interview Thursday. “There’s a shared responsibility, not just across government agencies but across the private sector and even the average American.”

Mr. Wray’s comments—among his first publicly since two recent ransomware attacks gripped the U.S. meat and oil-and-gas industries—come as senior Biden administration officials have characterized ransomware as an urgent national-security threat and said they are looking at ways to disrupt the criminal ecosystem that supports the booming industry. Each of the 100 different malicious software variants are responsible for multiple ransomware attacks in the U.S., Mr. Wray said.

In that regard, Cyberscoop informs us about the latest moves in a long dance between the feds and private sector over cybersecurity, with a tempo that has hastened considerably since the Colonial Pipeline ransomware attack, and Bleeping Computer offers its latest week in ransomware report.

Earlier this week, Scripps Health, the San Diego health system, accounted for the protected health information losses, totally 147,000 patient records, that it incurred in its early May ransomware attack.

The FEHBlog shares the American Hospital Association’s sentiments

White House issues memo urging vigilance against ransomware threats. The White House today released a memo from Anne Neuberger, Deputy Assistant to President Biden, and Deputy National Security Advisor for Cyber and Emerging Technology, urging business executives to immediately convene their leadership teams to discuss ransomware threats and review corporate security posture and business continuity plans. The memo reiterates high-impact best practices for organizations to adopt: adoption of multi-factor authentication, endpoint detection and response, encryption and deploying skilled, empowered security teams. In addition, the AHA also recommends as high impact having network segmentation in place; tested, offline secure backups; incident response planning; and staff trained to recognize and report phishing emails.
“We are pleased to see the memo from the White House stressing the importance of some fundamental-but-essential cybersecurity measures which most hospitals and health systems already have in place ” said John Riggi, AHA’s senior advisor for cybersecurity and risk. “From AHA’s perspective, equally important to stopping ransomware attacks is the tangible actions the government will take to, as they stated, ‘hold ransomware actors and the countries who harbor them accountable.’ We agree that neither the private sector nor the government can fight this battle alone. We also reiterate, as we did in our testimony before the Senate and our public statements, that defense is only half of the equation which provides the solution to this national security threat.”

ISACA discusses the importance of security risk assessments and risk-informed decision making to cybersecurity protection.

Over the past two weeks, HHS’s Office for Civil Rights, which enforces the HIPAA Privacy and Security Rules announced its 19th patient right to access records settlement and a Security Rule related settlement.