Articles Written By: MedTech Editor

According to the 2022 Internet Crime Report released by the FBI, losses due to cybercrime have surged by 49% to $10.3 billion in the current year, despite a 5% decline in the number of complaints received. In the past five years, the total loss due to cybercrime has exceeded $27.6 billion, with more than 3.26 million complaints received by the FBI’s Internet Crime Complaint Center (IC3). Established in 2000, the IC3 serves as a crucial component of the FBI’s mission to combat cybercrime, which poses a growing threat in our interconnected world. It serves as a platform to receive and…

The SEC has announced that Blackbaud, a software provider catering to non-profit organizations, will be paying out a $3 million settlement for its inadequate disclosure about a ransomware attack in 2020 that affected more than 13,000 customers. Further investigation revealed that the firm had not accurately conveyed the extent of the incident even after it became aware of the inaccuracy of its original public announcements. This attack was the largest healthcare data breach reported in 2020, affecting over 10 million patients and more than two dozen provider organizations. The attackers went undetected for over three months and were able to…

Cerebral, a telehealth company, recently notified its 3.1 million users of a data breach that occurred on January 3, 2023. The company revealed protected health information (PHI) to unaffiliated third-party platforms and subcontractors without satisfying the stipulations mandated by the Health Insurance Portability and Accountability Act (HIPAA).The company used “pixels” and other tracking technologies provided by Facebook, TikTok, and Google since 2019. During a review of its data sharing practices involving subcontractors, Cerebral discovered the breach. The company took prompt action by disabling, reconfiguring, and/or removing the tracking technologies on its platforms. Cerebral also stopped exchanging data with any subcontractors…

The healthcare industry continues to be a prime target for cybercriminals, with data exfiltration posing a significant threat to patient privacy and security. According to a recent report published by the HC3, a cybersecurity agency that collaborates with the Department of Health and Human Services, data exfiltration is becoming increasingly prevalent in healthcare cyberattacks, and the implications can be severe. Data exfiltration is a security breach where malware or a malicious actor transfer data from a device without permission. It is one of the last stages in the cyber kill-chain and is the target of advanced persistent threats (APTs). Ransomware…

A recent report has found that cybercriminals are adopting professional business strategies and diversifying their portfolios in response to declining revenues, as the world faces economic recession, inflation, and supply chain disruptions in 2022. Trend Micro’s Annual Cybersecurity Roundup for 2022 sheds light on the major security concerns that surfaced and prevailed last year, including the decline in profits for cybercriminal groups, the adaptation of cybercriminals to mirror legitimate businesses, and the top vulnerabilities exploited by malicious actors. According to the report, cybercriminal groups have experienced declining profits, mirroring legitimate businesses when faced with falling revenue. Ransomware groups, in particular,…

Police from Germany and Ukraine have apprehended individuals suspected of working with the DoppelPaymer ransomware group, and took out a warrant to arrest the three suspected head criminals behind the global extortion operation. By using a double-extortion technique, the crew would steal sensitive data from the computers of their victims and threaten to make it public on their data leak website unless the ransom was paid. According to local sources, the Doppelpaymer ransomware gang was responsible for the cyber-attack on a German hospital that resulted in the death of a patient. The attack was carried out through a vulnerable Citrix…

Clop, the notorious ransomware group, is reportedly targeting the healthcare industry in a new data breach, according to an HC3 Sector alert. The group claims to have stolen personal and protected health information data over a 10-day period and has the ability to encrypt affected healthcare systems using ransomware payloads. While the claims are unverified, Clop has a history of employing trend-setting techniques across multiple operations and has become one of the most successful ransomware groups in recent years. HC3’s previous Clop Analyst Note revealed that the ransomware group primarily targets Windows systems, but a new Linux variant was observed…

A warning has been issued by a group of leading cybersecurity organizations in the United States and the Republic of Korea about a growing threat of ransomware attacks targeting healthcare organizations. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and the Republic of Korea’s Defense Security Agency and National Intelligence Service have come together to alert the public of these dangerous state-sponsored attacks carried out by North Korean (DPRK) actors. These attacks are aimed at obtaining ransom payments to support the…

A new report has revealed that nearly half of all ransomware attacks have compromised healthcare delivery in the United States. Published in JAMA, the research conducted by the University of Minnesota Public Health researchers investigated the patterns of ransomware attacks in U.S. hospitals, clinics, and other healthcare delivery organizations. As healthcare organizations have become more reliant on health information technology, they have also become more vulnerable to cyber threats such as ransomware. This malicious software prevents access to electronic systems until a ransom is paid, causing major disruptions to healthcare operations. Ransomware attacks are becoming a major cause of healthcare…

The Health Sector Cybersecurity Coordination Center (HC3) has released an analyst note informing the HPH sector of Killnet, a pro-Russian hacking group. Since January 2022, KillNet has been an active pro-Russian hacktivist group and has carried out DDoS campaigns against countries backing Ukraine, especially those in NATO. These assaults began shortly after the United States and other nations decided to provide tanks to Ukraine in order to assist them in their struggle against Russian forces.  A DDoS attack is an act of flooding a target server or website with thousands of connection requests and packets per minute, leading to a…

Today, the United States Department of Justice has delivered a powerful blow to the malicious ransomware group known as Hive with the successful disruption of its operations. Since June 2021, Hive has launched cyberattacks against over 1,500 victims worldwide, many in the healthcare sector. This prompted alerts from agencies such as the U.S. Department of Health and Human Services, the Federal Bureau of Investigation, and the Cybersecurity and Infrastructure Security Agency.  Hive used a subscription-based business model called ransomware-as-a-service (RaaS) in which administrators or developers would produce a ransomware strain and offer it to affiliates. Affiliates would then use the…

A joint Cybersecurity Advisory has been issued by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) to alert network defenders of the potential malicious use of legitimate remote monitoring and management (RMM) software. In October 2022, CISA used its trusted third-party reporting to conduct retrospective analysis of a federal civilian executive branch-wide intrusion detection system (EINSTEIN) and identified a widespread, financially motivated phishing campaign related to malicious typosquatting activity. The investigation uncovered that since June 2022, cybercriminals have been sending phishing emails to email addresses of FCEB federal staff,…

Twenty security and risk executives from top healthcare provider organizations have joined forces to help less equipped healthcare organizations with their information risk management. This includes combating one of the most pressing healthcare cybersecurity concerns: third-party risk management. Cyberattacks against vendors have risen alarmingly, and many healthcare organizations have been affected as a result. In 2023, the majority of the top ten data breaches were at vendors. Cybercriminals are able to infiltrate numerous healthcare organizations’ networks and data through a single breach of a vendor, which is often due to inadequate security measures. The HSCC recently conducted a survey that…

The Health Sector Cybersecurity Coordination Center (HC3) has identified two advanced and hostile ransomware operations, Blackcat and Royal, that pose a major risk to the healthcare and public health (HPH) sector. They have shared this threat intelligence to help protect the sector. In 2021 and early 2022, Conti, a large and highly organized ransomware-as-a-service (RaaS) operation, was a major player in the ransomware threat landscape. However, the group disbanded in 2022. Although the Conti RaaS is no longer active, its members still are, just in smaller, semi-autonomous and autonomous ransomware operations. These operations are more difficult to trace and draw…

Delinea has recently released the 2022 State of Ransomware Report. Delinea is an innovative provider of privilege access management (PAM) solutions that helps organizations secure critical data and infrastructure, comply with regulations, and reduce risk. They offer their services to a vast global customer base ranging from small businesses to large organizations. Results of the report showed that strategies put in place to combat ransomware have achieved success, as cyber-attacks using this compromise approach were observed to have significantly declined over the past year as compared to earlier statistics. Additionally, fewer companies were seen to be paying the required ransom….

Consulate Health Care, a Florida-based chain of 140 U.S. nursing homes, has been targeted in an attack by the Hive ransomware-as-a-service (RaasS) operation. On January 6, 2023, the group posted on their leak site about the breach, claiming to have stolen 550 GB of data and encrypted files on December 3, 2022. Furthermore, some of the data allegedly taken in the attack has already been leaked, including contracts, company information, employee details, and patient information such as medical records, Social Security numbers, contact information, and insurance information. Consulate Health Care released a replacement breach announcement on their website when details…

According to data released by Check Point, a cybersecurity solutions provider, there was a 38% increase in global cyberattacks in 2022, making it an especially difficult year for cybersecurity. Moreover, healthcare organizations experienced the greatest surge in attacks, with 74% more weekly occurrences than in 2021. This pushed the healthcare industry to third place in terms of the most targeted sectors, with 1,463 attacks per week. In the USA, healthcare was the second most attacked sector, registering 1,410 weekly attacks – an 86% increase compared to the previous year. Across all industry sectors, the US registered a 57% year-over-year increase…

A recent analysis published in the JAMA Health Forum has revealed that healthcare ransomware attacks have grown exponentially in the past 5 years, causing a decline in data recovery from backups. Furthermore, it found that it is now commonplace for stolen data to be made public after a successful attack. To conduct their analysis, the researchers used data collected from the Tracking Healthcare Ransomware Events and Traits (THREAT) database. This database gathers information from a multitude of sources, including the HHS’ Office for Civil Rights breach portal, HackNotice, press releases from victims, media reports, and dark web monitoring. The analysis…

Users of the Citrix Application Delivery Controller (ADC) and Citrix Gateway are strongly encouraged to verify that their systems are not exposed to a dangerous unauthenticated remote code execution vulnerability that is currently being targeted by a highly skilled Chinese advanced persistent threat (APT) actors, as well as potentially other state-sponsored hacking groups. Healthcare organizations that use Citrix ADC and Gateway are vulnerable to CVE-2022-27518, a critical authentication bypass vulnerability with a CVSS v3 severity rating of 9.8 out of 10. Exploitation of this flaw could allow an unauthenticated actor to remotely execute code and completely compromise the system, making…

The HC3 has released a security advisory concerning Royal ransomware. The human-operated ransomware was first discovered in September 2022. Following infection, the ransomware organization is known to demand payment of up to $2 million USD from victims in order to prevent the publication of their sensitive data.There have been reports that Royal ransomware that looks to be made up of skilled actors from other organizations, as the techniques deployed appear to be the same. While the majority of known ransomware operators have engaged in ransomware-as-a-service, Royal ransomware seems to be a private group without any apparent affiliations while maintaining financial…

Multiple class action lawsuits have been filed against Empress EMS, the New York ambulance service, following a ransomware attack discovered on July 14, 2022. The HIVE ransomware gang has claimed responsibility for the attack.  According to the breach notification issued by Empress EMS, hackers from HIVE gained access to the network, stole files containing sensitive patient information, and then encrypted the files to prevent access. The information collected by the threat actors included full names, birth dates, demographic information, diagnoses, treatment information, medical record numbers, dates of service, prescription information, insurance information, and even Social Security numbers for an unlucky…

Community Health Network, the indiana-based healthcare provider, has acknowledged that the use of Meta and Google’s tracking codes has resulted in an unauthorized disclosure of sensitive patient healthcare information. Community Health Network is another addition to the ever-growing list of healthcare organizations who experienced data breaches following the implementation of third-party tracking codes. Affected healthcare organizations include Advocate Aurora Health, WakeMed Health and Hospitals, Novant Health, Medstar Health System, UCSF Medical Center, Dignity Health Medical Foundation, and Northwestern Memorial Hospital. The Department of Health and Human Services’ Office for Civil Rights received a breach report from Community Health Network, confirming…

The Department of Health and Human Services’ Health Sector Cybersecurity Coordinator (HC3) has issued a warning to the public healthcare and public health sector (HPH) to raise awareness of the Lorenz threat group. The cybercriminal gang has conducted numerous threat campaigns in the United States across the last two years.  The human-operated Lorenz ransomware is used after threat actors have broken into networks and stolen data. The gang is known to modify its executable code and personalize it for each targeted organization after access to the network has been obtained. Before spreading ransomware to encrypt files, the Lorenz actors remain…

Ten people have been charged by the U.S. Department of Justice in connection with corporate email breach frauds that resulted in the theft of more than $11.1 million from Medicaid, Medicare, and private health insurance programs. Hospitals were to receive the funds in exchange for delivering certain medical services. Business email compromise (BEC) schemes, which are the main source of losses from cybercrime, entail obtaining access to genuine email accounts and utilizing them to deceive those in charge of wire transfers into sending fraudulent money to attacker-controlled accounts. Between June 2016 and December 2021, over $43 billion was lost as…

The Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Cybersecurity and Infrastructure Security Agency (CISA) have recently released guidelines for federal and private agencies on the mitigation and prevention of Distributed Denial of Service (DDoS) attacks.  In a DDoS attack, a host connected to a network is temporarily or permanently denied access to its services in an effort to render a computer or network resource inaccessible to its intended users. The typical method for committing a DDoS attack is to overload the targeted machine or resource with excessive requests in an effort to…

An analyst note has been released by the Health Sector Cybersecurity Coordination Center (HC3) to raise health organizations’ awareness of the Venus ransomware. In the note, the HC3 shares information about the strategies, tactics, and procedures used in Venus ransomware attacks and a number of measures that organizations within the health sector can take to improve their cybersecurity.  According to the HC3, Venus ransomware was first detected in August 2022. However, since then, organizations worldwide have been subject to Venus ransomware attacks. When activated, the Venus ransomware attempts to erase 39 processes linked to Microsoft Office and database servers. For…

A recent survey conducted by LastPass has found that while respondents reported a high level of confidence with their password practices for personal and work accounts, the level of security for the passwords remained low for several instances. The survey is conducted annually by LastPass in an effort to better understand the current cybersecurity landscape. This year, the survey included 3,750 professionals.  According to the survey, Generation Z (7-26) reported the highest level of confidence in their password management practices. However, the age group accounted for the worst password hygiene scores. While Gen Z respondents reused passwords 69 percent of…

According to Check Point’s 2022 Mid-Year Report, of all industry sectors, the healthcare sector experienced the largest percentage increase in cyberattacks, rising by 69 percent in 1H 2022 compared to 2021. In terms of the amount of weekly attacks, healthcare is currently ranked fifth, behind communications, ISP/MSP, government/military, and education. In the report, Check Point explains that 2022 has shown that cyberattacks has been firmly established as a state-level weapon, with the first half of the year witnessing an unprecedented rise in state-sponsored attacks due to the ongoing war in Ukraine, as well as a significant increase in hacktivism –…

Microsoft has recently notified its users that two-day vulnerabilities in its Exchange Server are being exploited by Chinese threat actors and have recommended a number of mitigations users can take to secure their data while the company develops patches to rectify the vulnerabilities. While the attacks made by the threat actors have been restricted, Microsoft does advise that the attackers may soon target the health sector. In several of the attacks, the attackers used the China Chopper web shell for permanent access, which indicates that a Chinese hacker outfit with governmental backing is making use of the security vulnerabilities. The…

The United States Health Sector Cybersecurity Coordination Center (HC3) has warned the healthcare industry of a new monkeypox-themed malspam campaign targeting healthcare providers. According to the HC3, the campaign has a subject line of “Data from (Victim Organization Abbreviation): “Important read about -Monkey Pox– (Victim Organization) (Reference Number)” and utilizes an “Important read about Monkey Pox” theme. A PDF attachment to the email contains a malicious link that takes the user to a Lark Docs site. The website has a cloud-themed adobe doc and provides a secure Moneky Pox PDF download. The victim’s Outlook, O365, or Other Mail login credentials…