Connect with us

Infosecurity

How MSSPs Are Solving the Cybersecurity Workforce Crisis in Healthcare

Published

on

How MSSPs Are Solving the Cybersecurity Workforce Crisis in Healthcare

The cybersecurity workforce shortage has become a defining challenge for industries worldwide, but healthcare faces an especially acute crisis. According to the (ISC)² Global Information Security Workforce Study, the global cybersecurity workforce gap is projected to reach 1.8 million by 2022. In healthcare, employers plan to expand their security staff by 20% or more—the highest rate among all sectors surveyed. However, hiring qualified professionals remains a steep uphill battle. This is where MSSPs healthcare workforce shortage solutions come into play, offering a lifeline to organizations struggling to protect sensitive patient data.

Managed Security Service Providers (MSSPs) are emerging as a strategic answer to both the technical and human-capital deficits plaguing healthcare security. By outsourcing critical security functions, healthcare organizations can bridge the talent gap without sacrificing protection against sophisticated cyber threats.

The Growing Threat Landscape in Healthcare

Healthcare organizations are prime targets for cybercriminals. Their systems contain a wealth of personally identifiable information—social security numbers, credit card details, and sensitive medical records—that can be exploited for identity theft, blackmail, or sold on the Dark Web. In 2016, ransomware accounted for 72% of all malware attacks on the healthcare industry, as reported by the Verizon Data Breach Investigations Report. Yet many hospitals and clinics lack the internal resources to manage these constant threats. The cybersecurity workforce gap only amplifies this vulnerability.

Small-to-medium sized healthcare businesses (SMBs) are particularly hard-hit. Without dedicated security teams, they may resort to paying ransoms out of desperation. However, the FBI warns that 70% of organizations that paid were attacked again, and payment does not guarantee data recovery. This reality underscores the need for external expertise.

How MSSPs Address the Cybersecurity Workforce Gap

A reliable MSSP can handle most security operations, from monitoring internal networks to proactive threat hunting using external intelligence sources. This approach helps healthcare providers stay ahead of emerging attack vectors. Crucially, MSSPs also alleviate the human-capital burden. The cybersecurity workforce shortage makes recruiting and retaining skilled professionals exceptionally difficult, especially for SMBs without generous training budgets. According to the (ISC)² study, paying for certifications and training is the top method to attract and retain talent—something many healthcare organizations cannot afford.

MSSPs, by contrast, invest heavily in their own workforce development. They employ qualified staff with specialized expertise, offering a cost-effective alternative to building an in-house team. This model allows healthcare providers to focus on patient care while leaving security to the experts.

Key Benefits of MSSPs for Healthcare Security

Beyond filling the cybersecurity workforce gap, MSSPs offer several practical advantages:

  • Cost efficiency: Outsourcing security is often more affordable than hiring a full team, especially for SMBs.
  • Access to advanced tools: MSSPs use cutting-edge technologies like SIEM systems and threat intelligence platforms.
  • 24/7 monitoring: Continuous surveillance ensures rapid response to incidents like ransomware attacks.

However, not all MSSPs are equal. Choosing the right partner requires careful evaluation.

Selecting the Right MSSP for Your Healthcare Organization

Finding an MSSP that aligns with your needs can be daunting, but it is less challenging than constantly recruiting cybersecurity professionals. Here are four criteria to consider:

Define Your Business Needs

Start by listing your must-haves. Do you need SIEM management, threat hunting, or ransomware protection? Prioritize these requirements. If unsure, a good MSSP will conduct an initial assessment and provide recommendations. Begin with one or two services, then expand as trust builds.

Assess Talent Retention Capabilities

Ensure the MSSP has a proven track record of attracting and retaining skilled staff. Ask about their training programs and certification reimbursement policies—these are key indicators of workforce stability.

Evaluate Customer Focus

The right MSSP should understand your business intimately. Look for providers with established healthcare client bases or staff experienced in the medical field. Mega-sized MSSPs may lack the personal touch needed for responsive service.

Verify Proven Expertise

Request references and examples of past performance. Be cautious of vendors claiming to do everything without evidence. Check management backgrounds and ask about their experience with healthcare-specific threats, such as ransomware.

For more insights on building a resilient security strategy, see our guide on healthcare cybersecurity best practices. Additionally, understanding the latest ransomware protection methods can further strengthen your defenses.

Conclusion: A Strategic Solution for a Persistent Problem

The cybersecurity workforce shortage is not going away overnight. For healthcare organizations, especially SMBs, MSSPs offer a practical path forward. They provide the technical expertise and human capital needed to combat sophisticated attacks without draining internal resources. By choosing the right partner, healthcare providers can reduce their risk exposure and focus on what matters most—delivering quality care to patients.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Infosecurity

Progress Restores ShareFile Storage Zones Access After Vulnerability Exploit Concerns

Published

on

ShareFile Storage Zones

ShareFile Storage Zones Back Online After Security Scare

Progress Software has restored access to its ShareFile Storage Zones Controller after a four-day security suspension. The company pulled the plug on July 10 after detecting what it called a credible external threat. By July 14, service was back up.

ShareFile is Progress’s flagship enterprise file-sharing platform. The Storage Zones Controller is the component that gives corporate customers their own private data storage — a critical feature for organizations that need to keep files on-premises or in a controlled cloud environment.

The incident stemmed from a high-severity path traversal vulnerability. Progress confirmed to Infosecurity that attackers exploited the flaw, which affects Storage Zones Controller versions 5.x and 6.x.

“We developed and released patched versions to customers and once patched, these customers’ Storage Zones Controllers will be operational,” the company said.

The patched builds are version 5.12.5 and version 6.0.2.

No CVE Yet — And Here’s Why

Progress hasn’t published a CVE identifier for the vulnerability. The company told BleepingComputer it’s deliberately holding back the details to give customers time to apply the patches before the information goes public. That’s a standard responsible-disclosure playbook move, but it also means security teams can’t look up the flaw in public databases yet.

“At this time, we have no evidence of unauthorized access to any ShareFile customer account or data, and we have not identified any active threat,” Progress told Infosecurity.

That’s good news for the companies that rely on ShareFile for sensitive document sharing. Still, the four-day outage and the need for emergency patching are reminders of how quickly things can go sideways.

A Familiar Pattern for Progress

This isn’t Progress’s first run-in with a serious security incident. In 2023, the company’s MOVEit Transfer product was exploited in a massive ransomware campaign that hit hundreds of organizations worldwide. The Clop ransomware group used a SQL injection vulnerability to steal data from MOVEit servers, and the fallout dragged on for months.

Then in April 2026, a critical vulnerability in MOVEit Automation resurfaced, causing further disruptions.

Each time, Progress has scrambled to issue patches and reassure customers. The ShareFile incident follows the same script: detect, suspend, patch, restore. But for IT teams managing these systems, the pattern is exhausting — and costly.

What Path Traversal Means for Your Data

A path traversal vulnerability lets an attacker read files outside the intended directory. In the context of Storage Zones, that could mean accessing configuration files, credentials, or other sensitive data stored on the server. The severity rating was high, not critical, but the fact that it was actively exploited made the shutdown necessary.

Progress hasn’t shared details on who exploited the flaw or how they found it. The company’s security team is likely still investigating the incident’s scope.

What ShareFile Customers Should Do Now

If you’re running Storage Zones Controller, the fix is straightforward:

  • Upgrade to version 5.12.5 or 6.0.2 immediately.
  • Check your logs for any unusual activity between July 10 and July 14.
  • Review access controls on your storage zones.

Progress says patched controllers will operate normally. Unpatched ones won’t be supported and could remain exposed if the vulnerability details leak before you update.

For organizations that use WhatsApp HD photo sending or other consumer-grade file sharing, this incident is a good reminder that enterprise tools come with their own risks — and responsibilities.

The Bigger Picture: Enterprise File Sharing Under Pressure

Enterprise file-sharing services like ShareFile, Egnyte, and Box have become essential for remote work. They handle contracts, financial data, HR records — the kind of material that keeps compliance officers up at night.

But every feature that adds convenience also adds attack surface. Storage Zones, for example, gives customers control over where their data lives. That’s great for compliance. It also means a vulnerability in that component can expose data that’s supposed to be locked down.

Progress’s decision to suspend the service was aggressive but probably wise. A four-day outage beats a data breach. Still, customers are left wondering: how many more of these incidents are coming?

For now, patch your systems, verify your backups, and keep an eye on Progress’s security advisories. The CVE will drop eventually — and when it does, you’ll want to already be on a fixed version.

Continue Reading

Infosecurity

Eight Greeks file lawsuit against Intellexa over Predator spyware surveillance

Published

on

Predator spyware lawsuit

Eight Greeks sue Intellexa over Predator spyware surveillance

Eight Greek citizens whose phones were infected with Predator spyware have filed a civil lawsuit against the surveillance technology company Intellexa and 13 individuals linked to the firm. The lawsuit, filed Tuesday, seeks roughly €7.6 million ($8.7 million) in total damages.

The plaintiffs include a former Meta security manager, financial journalist Thanassis Koukakis, two lawyers, a former director of the Hellenic Police’s Forensic Laboratories, the ex-head of a Greek intelligence agency, journalist Spyridon Sideris, and a former intelligence and law enforcement official. Their lawyer, Zacharias Kesses, told Greek outlet Ekathimerini that the compensation is meant to address “the moral damage suffered by the victims from the illegal violation of their privacy, the confidentiality of their communications and their personal data.”

How the Predator spyware scandal unfolded

The scandal erupted in 2022 when forensic investigators found traces of Predator spyware on dozens of phones belonging to journalists, politicians, and business figures. The revelations triggered a political crisis. Greece’s intelligence service chief resigned, and so did the prime minister’s chief of staff. In February, a Greek court sentenced Intellexa’s founder, Tal Dilian, and three associates to more than 126 years in prison. Under Greek law, however, they will serve only eight years. They remain free while the appeals process plays out.

The lawsuit details “the structure, operation and division of roles of the network of companies and individuals associated with the development, distribution and use of Predator,” Kesses said. He called the legal action “the next institutional step towards full accountability of all those involved and redress for victims, both at national and European level.” A trial is scheduled to begin in April 2027.

Tal Dilian blames Greek government

In March, weeks after the prison sentences were handed down, Dilian gave an interview to a local news outlet claiming he was being made a scapegoat for the Greek government’s own wrongdoing. He insisted Intellexa sold Predator exclusively to government customers — in this case, the Greek government and its national intelligence agency. Dilian accused the government and intelligence agency of committing a “conspiratorial criminal act” designed to cover up their own malfeasance. He maintains Intellexa provides the spyware to government clients and has no role in selecting targets.

That defense hasn’t swayed the victims. The plaintiffs argue Intellexa and its associates bear direct responsibility for the illegal surveillance that invaded their private lives. The case is one of the first major civil lawsuits in Europe targeting a spyware manufacturer, and it could set a precedent for how courts handle privacy violations enabled by commercial surveillance tools.

What the victims are seeking

Each victim is claiming compensation for specific harms: invasion of privacy, breach of confidential communications, and misuse of personal data. The total €7.6 million demand reflects the severity of the violations, according to Kesses. The lawsuit also names 13 individuals tied to Intellexa, though Kesses did not specify their roles. The legal filings reportedly lay out the corporate structure and operational links between the companies and people involved in the Predator supply chain.

The case has drawn attention from privacy advocates across Europe. It highlights the growing tension between governments that buy spyware for law enforcement and the companies that manufacture it. Critics argue that once spyware is sold, vendors lose control over how it’s used — and that governments often target journalists, lawyers, and political opponents rather than criminals.

For the eight Greek plaintiffs, the lawsuit is about more than money. It’s about holding Intellexa accountable for building and selling a tool that was used to spy on them. The trial in 2027 will be a key test of whether spyware makers can be held liable for the actions of their government customers.

Continue Reading

Infosecurity

Compromised Logins Surge as the Most Common Entry Point for Ransomware Attacks

Published

on

compromised logins ransomware

Stolen Credentials Now Drive the Majority of Ransomware Incidents

Cybercriminals have shifted tactics. A new analysis from Sophos shows that compromised logins are now the primary way ransomware gets inside a network. The report, based on real-world incidents, found that 79% of ransomware attacks trace back to an initial intrusion that exploited legitimate user credentials or abused identity systems.

That’s a major jump. It means the front door — a stolen password or a phished login — is now far more dangerous than a software bug.

“Over the last 12 months across the ransomware landscape we’ve seen attackers rely on ‘easier’ attacks, using compromised identities as the primary initial access vector,” said Ross McKerchar, CISO at Sophos, in a statement to Infosecurity. He pointed to advances in social engineering, including AI-polished phishing emails and sophisticated ClickFix campaigns designed to trick even trained users into bypassing multi-factor authentication (MFA).

How Attackers Get In: Phishing, Brute Force, and Old Vulnerabilities

The report breaks down the initial entry points. Malicious emails accounted for 26% of ransomware incidents, up from 19% in 2025. Phishing attacks — often used to steal credentials — were the root cause in 24% of cases, rising from 18% the previous year.

Brute force attacks came in third at 23%, a slight dip from 22% in 2025. That method relies on automation to guess weak or common passwords.

What’s falling out of favor? Exploiting known security vulnerabilities. That approach dropped from 32% in 2025 to just 18% in 2026. Attackers are choosing the path of least resistance — and that path leads straight to human error and weak identity controls.

Where Stolen Logins Are Used: VPNs, Firewalls, and IoT Devices

Once attackers have a valid login, they don’t stop at one system. The report details how exploited identities are used to move laterally. In 38% of cases, attackers accessed exposed applications or systems. Remote device logins accounted for 30%, firewalls for 21%, and exposed VPNs for 8%. Even IoT devices served as an initial point of entry in 3% of incidents.

That breadth of access points means a single compromised password can open multiple doors. No wonder identity-based attacks are surging.

Why Organizations Are Still Getting Caught Off Guard

Sophos surveyed 2,158 cybersecurity leaders. Their answers reveal persistent gaps. 62% cited security gaps in the network — both known and unknown — as a reason attacks went undetected. Over half (58%) said their organization was held back by a lack of people or expertise. And 57% felt they hadn’t implemented the right level of cybersecurity protections.

The message is clear: tools alone aren’t enough. Teams need the right skills and the right configurations to make identity-based defenses work.

Ransom Payments: Smaller Demands, But More Victims Paying

The report also tracks ransom demands. The median demand has fallen to $698,000, down from $2 million just two years ago. But that doesn’t mean attackers are getting softer. They’re tailoring demands to each victim. Smaller organizations get smaller asks. If the ransom seems “reasonable,” victims are more likely to pay — especially if they fear downtime will cost more than the ransom itself.

Among organizations that had data encrypted, 48% paid the ransom. Meanwhile, 66% used their own backups to restore some data, up from 54% in 2025. That’s progress, but it’s not a silver bullet.

How to Defend Against Identity-Based Ransomware Attacks

The Sophos report offers clear guidance: treat identity as a foundational security layer, not an afterthought. “Organizations should prioritize identity threat detection and response (ITDR), enforce multi-factor authentication across all access points, and regularly audit both human and non-human identity credentials,” the report recommends.

That means ransomware protection strategies must start with identity hygiene. Enforce MFA everywhere. Monitor for unusual login patterns. Audit credentials regularly. And don’t forget non-human identities — service accounts and API keys are often overlooked.

For readers looking to strengthen their defenses, a good place to start is understanding common phishing attack techniques and how to spot them. Training alone won’t stop every attack, but combined with strong identity controls, it raises the bar.

The bottom line? Attackers are going where the defenses are weakest — straight at the login screen. Organizations that lock that door first will have the best chance of keeping ransomware out.

Continue Reading

Trending