Community Health Network Website Tracking Code Causes 1.5M Patient Data Breach

Community Health Network, the indiana-based healthcare provider, has acknowledged that the use of Meta and Google’s tracking codes has resulted in an unauthorized disclosure of sensitive patient healthcare information. Community Health Network is another addition to the ever-growing list of healthcare organizations who experienced data breaches following the implementation of third-party tracking codes. Affected healthcare organizations include Advocate Aurora Health, WakeMed Health and Hospitals, Novant Health, Medstar Health System, UCSF Medical Center, Dignity Health Medical Foundation, and Northwestern Memorial Hospital. The Department of Health and Human Services’ Office for Civil Rights received a breach report from Community Health Network, confirming…

HC3 Warns HPH Sector Of Lorenz Ransomware Gang

The Department of Health and Human Services’ Health Sector Cybersecurity Coordinator (HC3) has issued a warning to the public healthcare and public health sector (HPH) to raise awareness of the Lorenz threat group. The cybercriminal gang has conducted numerous threat campaigns in the United States across the last two years.  The human-operated Lorenz ransomware is used after threat actors have broken into networks and stolen data. The gang is known to modify its executable code and personalize it for each targeted organization after access to the network has been obtained. Before spreading ransomware to encrypt files, the Lorenz actors remain…

Guidelines For DDoS Prevention And Mitigation Issued By Feds

The Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Cybersecurity and Infrastructure Security Agency (CISA) have recently released guidelines for federal and private agencies on the mitigation and prevention of Distributed Denial of Service (DDoS) attacks.  In a DDoS attack, a host connected to a network is temporarily or permanently denied access to its services in an effort to render a computer or network resource inaccessible to its intended users. The typical method for committing a DDoS attack is to overload the targeted machine or resource with excessive requests in an effort to…

HC3 Warns Health Sector Of Venus Ransomware

An analyst note has been released by the Health Sector Cybersecurity Coordination Center (HC3) to raise health organizations’ awareness of the Venus ransomware. In the note, the HC3 shares information about the strategies, tactics, and procedures used in Venus ransomware attacks and a number of measures that organizations within the health sector can take to improve their cybersecurity.  According to the HC3, Venus ransomware was first detected in August 2022. However, since then, organizations worldwide have been subject to Venus ransomware attacks. When activated, the Venus ransomware attempts to erase 39 processes linked to Microsoft Office and database servers. For…

Survey Finds Password Security Remains Low After Cybersecurity Training

A recent survey conducted by LastPass has found that while respondents reported a high level of confidence with their password practices for personal and work accounts, the level of security for the passwords remained low for several instances. The survey is conducted annually by LastPass in an effort to better understand the current cybersecurity landscape. This year, the survey included 3,750 professionals.  According to the survey, Generation Z (7-26) reported the highest level of confidence in their password management practices. However, the age group accounted for the worst password hygiene scores. While Gen Z respondents reused passwords 69 percent of…

MDIC Report Urges Medical Device Manufacturers To Improve Device Security

The security of medical devices is a major problem for the healthcare industry. Security of medical devices is still one of the biggest worries in the healthcare industry. There are several challenges facing the industry including potential risks to patient safety due to the existence of legacy devices, the industry’s growing interconnectivity, and the necessity for industry-wide standards in the medical device security space. In order to address these issues and gain a better understanding into the current situation of the medical device industry, the Medical Device Innovation Consortium (MDIC) published its first ever medical device security maturity benchmarking tool…

Report Finds 69 Percent Increase In Healthcare Cyberattacks

According to Check Point’s 2022 Mid-Year Report, of all industry sectors, the healthcare sector experienced the largest percentage increase in cyberattacks, rising by 69 percent in 1H 2022 compared to 2021. In terms of the amount of weekly attacks, healthcare is currently ranked fifth, behind communications, ISP/MSP, government/military, and education. In the report, Check Point explains that 2022 has shown that cyberattacks has been firmly established as a state-level weapon, with the first half of the year witnessing an unprecedented rise in state-sponsored attacks due to the ongoing war in Ukraine, as well as a significant increase in hacktivism –…

Microsoft Announce Two-Day Vulnerabilities In Exchange Servers

Microsoft has recently notified its users that two-day vulnerabilities in its Exchange Server are being exploited by Chinese threat actors and have recommended a number of mitigations users can take to secure their data while the company develops patches to rectify the vulnerabilities. While the attacks made by the threat actors have been restricted, Microsoft does advise that the attackers may soon target the health sector. In several of the attacks, the attackers used the China Chopper web shell for permanent access, which indicates that a Chinese hacker outfit with governmental backing is making use of the security vulnerabilities. The…

HC3 Warns Healthcare Industry Of Monkeypox-Themed Phishing Campaign

The United States Health Sector Cybersecurity Coordination Center (HC3) has warned the healthcare industry of a new monkeypox-themed malspam campaign targeting healthcare providers. According to the HC3, the campaign has a subject line of “Data from (Victim Organization Abbreviation): “Important read about -Monkey Pox– (Victim Organization) (Reference Number)” and utilizes an “Important read about Monkey Pox” theme. A PDF attachment to the email contains a malicious link that takes the user to a Lark Docs site. The website has a cloud-themed adobe doc and provides a secure Moneky Pox PDF download. The victim’s Outlook, O365, or Other Mail login credentials…

Report Finds Health Sector’s Use Of Outdated Systems Poses Significant Security Risks

A penetration risk report released by Global cybersecurity firm Coalfire has found that while the health sector is gradually reducing its dependence on legacy systems, unpatched and out-of-date software continues to pose security risks. The report was composed of results of more than 3,100 penetration tests from approximately 1,600 client engagements in the technology, retail financial services, and healthcare industries. Penetration testing is a tool used by healthcare organizations to identify potential vulnerabilities in their cybersecurity before hackers can. In addition coalfire employed cybersecurity firm NowSecure to examine mobile applications’ cybersecurity.  The report found a number of key findings. Firstly,…

DOJ Charges Iranian Hackers For Cyberattacks Against Critical US Infrastructure Entities

The United States Department of Justice (DOJ) has charged three Iranian nationals for executing several ransomware attacks and other cyberattacks against United States critical infrastructure entities including multiple healthcare organizations. The information of the charges comes from an unsealed indictment filed in the US District Court for the District of New Jersey and a DOJ press release.  According to the press release, the hacking campaign exploited flaws in frequently used network devices and software applications to gain access and remove files from computer systems. The hackers then deny the victims access to their own systems unless a ransom payment is…

Report Finds Health Sector Has Suffered Over 5,000 Breaches Since 2009

A report recently issued by Comparitech has found that almost 5,000 healthcare breaches have been reported to the Department of Health and Human Services’ Office for Civil Rights’ (OCR) data breach portal since 2009. The breaches involved more than 342 million medical records.  The researchers at Comparitech evaluated data from the period between 2009 to June 2022 to determine which states in the United States experience the most medical data breaches and how many medical records are exposed annually. Additionally, the researchers examined from January 2021 to June 2022 in-depth to determine their main causes and the healthcare organizations they…

HC3 Issues Report Highlighting Benefits And Risks Of New Health Technologies

The Health Sector Cybersecurity Coordination Center (HC3) has released a report emphasizing some of the concerns associated with some of the most promising new technologies that have the potential to transform clinical research, the monitoring and delivery of treatment, connectivity, data analysis, and data security. New technologies have the capability to completely transform the healthcare sector. Although these technologies have a lot of potential advantages, they also carry a danger of compromising patient privacy and safety. If vulnerabilities are not adequately fixed, malicious actors may use them to access internal systems or sensitive health information, endangering patient safety. According to…

Report Finds Decline In Patient Outcomes And Increase In Mortality Rate Following Cyberattacks

A report conducted by the Ponemon Institute has found that over 20 percent of healthcare organizations have encountered an increase in mortality rate after a substantial cyberattack and over half of healthcare organizations surveyed stated that they encountered poorer patient outcomes as a result. With delays to procedures and tests being the most frequent consequences of the attacks that resulted in poorer patient outcomes.  On behalf of cybersecurity firm Proofpoint, Ponemon Institute surveyed 641 IT and IT security professionals in healthcare organizations who are responsible for participating in cybersecurity procedures such as setting IT cybersecurity priorities, selecting vendors and contractors…

HHS’ Office Of Inspector General Advises HRSA To Improve Their Oversight Of OPTN Cybersecurity

The Department of Health and Human Services’ (HHS) Office of Inspector General (OIG) has requested the Health Resources and Services Administration (HRSA) to improve their oversight of the cybersecurity of the Organ Procurement and Transplantation Network (OPTN). The OIG was established to ensure the protection of HHS programs through a nationwide network of audits, investigations, and inspections.The latest audit conducted by the OIG was to determine whether the HRSA had complied with federal requirements to implement appropriate and suitable cybersecurity controls over the OPTN to protect transplant information. The OPTN is a component of the HRSA’s nationwide system for allocation…

House Democrats Request Meta Data Privacy Briefing Following Nebraska Abortion Case

On August 31, 2022, the Democrats part of the Committee on Energy and Commerce sent a letter to Mark Zuckerberg, Meta CEO, outlining their concerns about the company’s data-sharing policy and asking for clarity on the dissemination of private messages to law authorities.  The letter comes as a mother and her daughter discussions relating to an illegal abortion on Meta platforms had been obtained by law enforcement. In Nebraska, law enforcement had conducted an investigation into Jessica Burgess and her 18-year old daughter, Celeste, over an alleged illegal abortion. Following the United States’ decision to overturn Roe v. Wade, Nebraska…

CISA Warns Health Sector Of Contec Health’s Vital Signs Patient Monitor Vulnerabilities

The United States Cybersecurity and Infrastructure Security Agency (CISA) has released a security advisory outlining five vulnerabilities found in Contec Health’s CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor. The Agency details how exploitation of the vulnerability could allow a malicious actor to conduct distributed denial of service attacks to alter firmware, make configuration changes, access a root shell, and cause a monitor to display wrong information.  CISA has stated that they have contacted Contec Health about the faults in the Vital Signs Monitors, however, they have not received any response regarding vulnerability mitigations. CISA have found five vulnerabilities within…

CISA Warns Health Sector Of North Korean Maui Ransomware

A joint Cybersecurity Advisory has been issued by the United States Cybersecurity and Infrastructure Agency (CISA) in collaboration the the Federal Bureau of Investigation (FBI), and the Department of the Treasury to advise the health sector about the threat of Maui ransomware, a cyberattack variant which has been utilized by the North Korea state-sponsored cyber attackers.  Since 2021, the FBI have identified and handled several incidents in the health sector involving Maui ransomware. The ransomware is used to encrypt servers that healthcare services operate such as EHR services, diagnostics services, imaging services, and intranet services. Maui ransomware has the ability…

Health-ISAC Publish Zero Trust Implementation Guidance For CISOs

A white paper has recently been published by Health-ISAC intended to assist CISOs to understand and implement a zero trust security architecture. Traditionally, a CISOs approach includes perimeter defenses, which prohibit unauthorized third parties from gaining access to data. However, the traditional cybersecurity approach is no longer viable in the cloud due to the lack of perimeters. Furthermore, the methods malicious actors employ to successfully gain access to data are rapid changing. In the event that access to the data is gained through perimeter defenses, the malicious actor can travel laterally within networks and have the ability to conduct several…

Baton Rouge General Health System Reports Healthcare Data Breach

The General Health System (GHS), located in Baton Rouge, has recently disclosed on its website that it experienced a data breach in June. The GHS is responsible for operating over 20 healthcare institutions in the Baton Rouge area.  The breach was initially announced in June by WAFB, the local news network, who reported that GHS had temporarily transferred its patient records to paper until it was safe to bring its EMR and other patient networks back online. However, GHS has confirmed the incident in a post they have published on their website. The post confirms that the GHS had detected…

Study Finds 66% Of Healthcare Organizations Experienced Ransomware Attacks In 2021

A recent study published by Sophos has revealed that 66 percent of healthcare organizations experienced ransomware attacks in 2021, a 94 percent increase compared to 2020. Sophos employed research agency Vanson Bourne to conduct an independent survey for Sophos’ annual study of ransomware attacks in the healthcare sector. The study consisted of 5,600 IT professionals, including 381 healthcare respondents in organizations residing in 31 different countries during the period of January and February 2022.  The survey discovered that two-thirds of healthcare organizations experienced ransomware attacks last year, revealing that cybercriminals’ capabilities to deliver significant attacks is only improving. The healthcare…

Analysis Finds Half Of Popular Period-Tracking Apps Share User Data For Ads

A recent analysis published by cybersecurity company Surfshark has revealed that almost half of period-tracking applications in the study shared or used user data for third-party advertising. The analysis consisted of the twenty most popular applications on the Apple Application Store and graded each application according to the quantity and sensitivity of the data it collects. Each data point was then added on the company’s point system. One point was awarded to data that is not linked to a user’s identity, two points for data that could be linked to a user’s identity such as name and address,  and finally,…

Report Evaluates Cybersecurity Firm Satisfaction Among Healthcare Clients

The number of cybersecurity attacks on healthcare organizations continue to increase on a yearly basis. The healthcare sector is often targeted by cyber criminals as healthcare providers are more likely to pay ransoms as there is risk to human health. Healthcare organizations are frequently penalized by the HHS’ Office for Civil Rights for cybersecurity vulnerabilities which can result in damaged reputations and the increased risk of patient safety and misuse of patient data. Organizations regularly employ outside consulting firms that specialize in increasing security and data privacy safeguards in order to decrease these risks in healthcare. A report conducted by…

Oklahoma State University Pays $875,000 To OCR After Major Data Breach

The Oklahoma State University Center for Health Sciences (OSUCHS) has recently settled a HIPAA violation case for $875,000. The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) brought the case to the University after an investigation into a major breach of sensitive data found several potential violations of the HIPAA Rules.  The breach of data was detected by the university on November 7, 2017. It was discovered that an unauthorized third party had gained access to sections of the University’s computer network and potentially recovered files relating to the information of Medicaid patients. The information included…

HC3 Warns Healthcare Organations Of Social Engineering and Vishing Attacks

A warning has been issued by the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center to warn healthcare organizations about voice phishing and social engineering attacks.  Social engineering, in the context of cybersecurity, is the exploitation of individuals by malicious attackers for their own benefit. Social engineering is a general term that ecompasses a wide range of cyberattacks such as phishing, spear phishing, business email compromising whaling, scareware, baiting, callback phishing, SMS phishing, and pretexting.  Social engineering techniques are employed in phishing attacks to deceive employees into giving up private information, such as protected health information, login…

Study Finds 58% Of Healthcare Organizations Plan To Implement Zero Trust Initiative

A recent report issued by Okta has found that there has been an increase in the number of healthcare organizations that have implemented zero trust initiatives. The 2022 State of Zero Trust Security report revealed that approximately 58 percent of organizations who were surveyed have confirmed that they have or are beginning to implement zero trust initiatives. In addition, approximately 96 percent of healthcare organizations stated they had implemented a zero trust initiative or intend to do so over the next year to year and a half.  Traditionally, healthcare organizations secure devices and networks through a trusted network perimeter. However,…

HC3 Issues Sector Alert For Apple Zero-Day Device Vulnerability Update

The Department of Health and Human Services’ Cybersecurity Coordination Center (HC3) has issued a security alert notifying healthcare organizations of Apple’s security updates to safeguard against two zero-day vulnerabilities in the macOS Monterey, Safari, iOs, and iPadOS. The devices affected by the software vulnerabilities include all iPad Pro Models, iPad Air 2 and after, iPad 5th generation and after, all Macs operating with macOS Monterey, iPad mini 4 and later, the iPod Touch 7th generation, and finally iPhone 6s and later generations.  A zero-day vulnerability is a flaw in hardware, software, or firmware that the individuals responsible for resolving issues…

FBI and CISA Warns Heathcare Organizations Of Zeppelin Ransomware

The Homeland Security’s Cybersecurity and Infrastructure Agency and the Federal Bureau of Investigation have issued a joint warning regarding the Zeppelin strain of ransomware. The alert, issued on August 11, warns healthcare organizations of the threat the ransomware poses and the steps organizations can take in order to mitigate threats to electronic healthcare data.  The Zeppelin ransomware is a component of  Delphi-based Vega malware and operates as a Ransomware as a Service. Malicious actors have utilized the malware to gain access to the networks of various critical infrastructure organizations and businesses. These include educational institutions, manufacturers, technology companies, and particularly…

HC3 Warns Healthcare Organizations Of IoT Security Risks

A security advisory alert has been issued by the Health Sector Cybersecurity Coordination Center (HC3) warning organizations in the healthcare and public health industry about the dangers posed by Internet of Things (IoT) devices and has offered suggestions for improving the security of the devices.  The Internet of Things describes physical devices with software, sensors and other technologies that connect and exchange information with other devices and systems via the internet. There are currently approximately 7 billion devices that utilize IoT. The number of IoT devices is expected to increase dramatically over the coming years. IoT devices are utilized in…

CBHA Suffers Major Data Breach From Ransomware Attack

A major behavioral health alliance has recently announced a significant breach of data. The Carolina Behavioral Health Alliance (CBHA) operates in the city of Winston-Salem and is the administer of behavioral health benefits for Wake Forest University and Wake Forest Baptist Medical Center. The attack was discovered by the alliance on March 20, 2022. Upon detection, the organization notified law enforcement and immediately conducted a comprehensive forensic investigation and deduced that cybercriminals had gained access to the organization’s computer systems between March 19 and March 20. The malicious actors potentially viewed and recovered the personal information of approximately 130,000 health…

Concerns Raised Over FDA Cybersecurity Draft Guidance

In April 2022, the FDA published a draft guidance concerning cybersecurity medical devices. The Agency sought to help medical device manufacturers with integrating cybersecurity practices into their products in the premarket period and to help ensure security risks were addressed for the duration of the products lifetimes. The latest update to the guidance included recommendations related to device design and labeling. The FDA also encouraged manufacturers to include threat models, a requirement for a software bill of materials designed to improve data safety and security.   The FDA had created the new draft guidance after receiving concerns on its 2018 guidance….

DHS Issues Fifth Cybersecurity Alert In Five Years to BD’s Pyxis Medication Dispenser

The Cybersecurity Infrastructure Agency, a component of the Department of Homeland Security (DHS), has issued its fifth cybersecurity alert in five years to Becton Dickinson. The medical technology company has received the alerts as a result of vulnerabilities found in their Pyxis automated medication dispensing systems. The Cybersecurity alert is the second alert the medical device manufacturers have received this year. In March, the DHS had identified a vulnerability regarding the use of hard-coded credentials which may allow unauthorized malicious actors to gain access to the file system and use the data for exploitation. The DHS has issued the latest…

DHS Issues Cybersecurity Alert To Illumina

The Cybersecuirty and Infrastructure Agency, a component of the DHS, has issued a cybersecurity alert regarding Illumina software and its multiple vulnerabilities. The Local Run Manager program provides a complete solution for collecting samples for a run, selecting run parameters, keeping track of progress, examining sequencing data, and reviewing outcomes. The vulnerabilities were identified by Pentest, an information security consultant, who found the softwares diagnostic devices and research-use only instruments were susceptible to security threats. The instruments named included NextSeq 500, 550 and 550Dx, MiSeq and MiSeq Dx, iSeq 100 and MiniSeq. Amongst these devices, Pentest found that an unauthorized…

New HHS Cybersecurity Guidelines to Protect PHI

The HHS has published new guidelines for healthcare organizations to improve the protection of the PHI they maintain. In these new guidelines, the HHS will help healthcare organizations to develop a more comprehensive cyber posture. This includes increasing the overall strength of an organization’s cybersecurity, developing protocols for predicting and preventing cyber threats, and improving the ability of the organization to continue operations while responding to cyber threats. A significant portion of breaches of unsecured electronic Protected Health Information are the result of cyberattacks. The HHS has contended that a large percentage of those breaches could have been prevented had…

CISA Issues Security Advisory Of 3 Vulnerabilities In OFFIS DICOM Software

Three critical flaws in the OFFIS DCMTK software have been identified by the Cybersecurity and Infrastructure Security Agency (CISA), which has released a security advisory for the healthcare and public health sectors. The program is used for processing offline media, creating and converting DICOM image files, and transmitting and receiving images through a network connection. All versions before version 3.6.7. are affected by the critical flaws. If the flaw is abused, prior to version 3.6.7, all DCMTK versions are vulnerable. If abused, a remote attacker may cause a denial-of-service issue, write corrupt DICOM files into arbitrary directories, and obtain remote…

Vulnerabilities Discovered in Welch Allyn Resting Electrocardiograph Devices

Hillrom Medical Device Management has reported the discovery of two vulnerabilities in selected Welch Allyn medical devices. An unauthorized attacker could exploit the vulnerabilities to threaten software protection by carrying out commands, getting privileges, and viewing sensitive data while avoiding identification. These Hillrom products are affected by the vulnerabilities: Welch Allyn ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph (versions 2.3.1 and earlier) Welch Allyn ELI 380 Resting Electrocardiograph (versions 2.6.0 and earlier) Welch Allyn ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph (versions 2.2.0 and earlier) Welch Allyn ELI 250c/BUR 250c Resting Electrocardiograph (versions 2.1.2 and earlier) An anonymous researcher discovered the two vulnerabilities…

94% Increase in Healthcare Ransomware Attacks in 2021

The 2022 State of Ransomware Report released by cybersecurity company Sophos showed that ransomware attacks targeting healthcare companies grew by 94% year over year. The report based its data on an international survey involving 5,600 IT experts as well as interviews with 381 healthcare IT specialists from 31 nations. The report this year discussed the immediately growing connection between ransomware and cyber insurance coverage in the healthcare industry. 66% of surveyed healthcare providers mentioned they had suffered a ransomware attack in 2021, greater than the 34% in 2020 and the number of attacks grew by 69%, which was the largest…

Theft Incident at SAC Health and Ransomware Attacks on Bryan County Ambulance Authority and Lifespan Services

Social Action Community Health System (SAC Health) has lately informed 149,940 patients regarding the theft of files comprising their protected health information (PHI) during a break-in at an off-site storage area that store patient records. SAC Health uncovered the break-in on March 4, 2022. The following investigation confirmed on April 22, 2022 the theft of 6 boxes of paper files from the storage area, which contained files associated with patients helped by SAC Health in 1997 and from 2006 to 2020. A review was done to figure out which types of data were contained in the files and confirmed the…

Illinois Gastroenterology Group and the Mental Health Center of Greater Manchester Report Hacking Incidents

Illinois Gastroenterology Group just reported that unauthorized people obtained access to its computer system and possibly accessed and exfiltrated sensitive patient data. The group detected the cyberattack on October 22, 2021 due to suspicious activity seen in its computer system. Third-party cybersecurity experts were employed to inspect the attack and find out the nature and extent of the attack. On November 18, 2021, Illinois Gastroenterology found out that the segments of its network that the unauthorized people accessed comprised patient details like names, addresses, birth dates, driver’s license numbers, passport numbers, Social Security numbers, financial account details, payment card data,…

Password Security and Management Recommendations

Creating and recalling long, difficult passwords is problematic for a lot of people, and it is made even more challenging as a result of the need to produce passwords to secure several accounts – A research by NordPass indicates the average individual has approximately 100 passwords. A lot of folks struggle to make and keep in mind several strong and unique passwords, and so with numerous accounts to protect it is not shocking that people take shortcuts, however, those password management tools make password security vulnerable. It is typical for users to not create unique passwords and utilize a similar…

Five Eyes Agencies Tell Critical Infrastructure Orgs Concerning Risk of Russian State-Sponsored and Criminal Cyberattacks

The five eyes cybersecurity agencies have just released a joint security advisory concerning the threat of cyberattacks on critical infrastructure conducted by Russian nation-state threat actors and pro-Russia cybercriminal groups. Intelligence obtained by the agencies reveals the Russian government has been trying to find potential for running cyberattacks on targets located in the West to retaliate against the sanctions made on Russia and the help being offered to Ukraine. The agencies say that Russian state-sponsored hacking groups were performing Distributed Denial of Service (DDoS) attacks in Ukraine and are recognized to have employed dangerous malware in Ukraine on government and…

Law Enforcement Health Benefits and Oklahoma City Indian Clinic Encounter Ransomware Attacks

Oklahoma City Indian Clinic Cyberattack Reported Oklahoma City Indian Clinic (OKCIC), a 501(c)(3) nonprofit provider of healthcare services to approximately 20,000 individuals from 200 Native American tribes based in Oklahoma, just published on its web page and social media pages that it is presently encountering technological problems and network interruption that hindered access to a number of computer systems. The attack seems to have taken place on or approximately March 10, 2022 and has impacted its pharmacy’s programmed refill line and mail order services. The OKCIC IT staff and third-party experts are investigating the occurrence now and are trying to…

Data Breach Reports Submitted by New Jersey Brain and Spine, Highmark Inc. and Dialyze Direct

New Jersey Brain and Spine (NJBS) has lately reported it suffered a cyberattack on or approximately November 16, 2021, that encrypted data files on its system. NJBS mentioned it promptly took steps to safeguard its network and involved a computer forensic company to investigate the security breach. Though no proof was uncovered that reveals there was any misuse of patient files because of the attack, the forensics agency stated the attacker could have accessed files comprising patient records. A third party vendor performed an assessment of all files on its system that was likely accessed, and though the data mining…

Data Breaches Reported by North Shore University Hospital, PracticeMax and Ascension Michigan

North Shore University Hospital (NSUH) in Manhasset, NY has announced an incident involving an ex-employee gaining access to protected health information (PHI) with no authorization. 7,614 patients received notifications that a former employee accessed some of their PHI without authorization. It is uncertain when NSUH detected unauthorized access. According to NSUH, it was identified on April 11, 2019 that unauthorized access had happened from October 2009 to February 2019. At first, the employee was suspended from work as the breach investigation was ongoing. Later, he/she was terminated because of unauthorized access. The breach was reported to the authorities, which asked…

Report Finds 50M Medical Records Were Exposed In 2021

The 2022 Breach Barometer Report from Protenus indicates that 2021 was a particularly disastrous year for data breaches in the healthcare business, with more than 50 million medical records disclosed or compromised. The data for the study was provided by Databreaches.net. The report contains incidents that have not been declared by the compromised organization, data breaches involving healthcare data at non-HIPAA-regulated entities, data breaches involving healthcare data reported to regulators, and data breaches that have been publicized in the media.  Since 2016, Protenus has been publishing yearly Breach Barometer reports, and each year since 2017, more records have been compromised…

HHS Alerts of Possible Threats to the Healthcare Industry

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has published an alert to the U.S. health industry concerning possible cyber threats that can spillover from the conflict and impact U.S. healthcare providers. HC3 stated the HHS is uninformed of any specified threats to the Health and Public Health (HPH) Segment; nevertheless, it is apparent that allies on the two sides of the clash have cyber capabilities and there are worries that there can be cyberattacks on the HPH industry as a result of the conflict. HC3 has cautioned that threats might be from three places:…

CISA Introduces List of Free Cybersecurity Tools to Boost Security Functions

Enlarging security features can be done with a small budget by utilizing free cybersecurity solutions and services. A lot of tools and services were created by government organizations, the cybersecurity group, and the public and private segment that may be employed to strengthen defenses versus damaging cyberattacks, recognize probable attacks fast, and help companies respond to and control security breaches. Obtaining appropriate free cybersecurity tools and services may be a time-consuming task. To support critical infrastructure firms minimize cybersecurity threats, the DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has gathered a collection of services made available by CISA and other…

PHI Exposed Due to Cyberattack on Philadelphia FIGHT Community Health Centers and Advent Health Partners

Philadelphia FIGHT Community Health Centers has lately reported it encountered a cyberattack last November 30, 2021. Third-party forensic experts were involved to find out the nature and extent of the breach. Based on the investigation, there was no compromise of the health center’s electronic medical record system nor other clinical systems during the attack; nevertheless, on January 13, 2022, Philadelphia FIGHT found out that the attacker got access to non-clinical systems that stored files comprising the protected health information (PHI) of approximately 15,000 patients. It wasn’t possible to know whether the attacker accessed or acquired any patient data, though no…

FBI Publishes Technical Information of Lockbit 2.0 Ransomware

The Federal Bureau of Investigation (FBI) has provided indicators of compromise (IoCs) as well as facts of the tactics, techniques, and procedures (TTPs) connected with Lockbit 2.0 ransomware. The Lockbit ransomware-as-a-service (RaaS) operation has been around since September 2019. In summer 2021, there’s a new ransomware version launched, Lockbit 2.0. It possessed more superior functions, such as the capacity to automatically encrypt data across Windows domains by means of Active Directory group policies, and a Linux-based malware was likewise created that can take advantage of vulnerabilities present in VMware ESXi virtual machines. The affiliates employed by the ransomware operation utilize…

Technologies Supporting Telehealth are Placing Healthcare Data at Risk

A new Kaspersky report shows that the substantial growth in telehealth has put healthcare information in danger. Vulnerabilities were discovered in the systems that are used in telemedicine, a lot of which have yet to be resolved. Substantial Growth in Using Telehealth The COVID-19 pandemic contributed to a growth in virtual appointments, with healthcare companies expanding telehealthcare access to help control infections and reduce healthcare costs. Virtual appointments are done through the phone, video-conferencing applications, and other platforms. A number of new systems and products like wearable devices for measuring vital signs, implanted sensors, and web services are likewise being…

2022 Healthcare Cybersecurity Risks

The healthcare industry will still have a sizeable assortment of threats. Ransomware attacks and data breaches continue to be remarkably commonplace. All through 2021, healthcare data breach reporting registered a rate of about 2 daily, and though there was a decrease in the number of ransomware attacks in contrast to 2020, ransomware is still a serious threat with a number of ransomware gangs actively targeting the healthcare community. In Quarter 4, the 2021 Healthcare Cybersecurity Bulletin, issued on January 21, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) cautioned of certain persistent cyberattack trends that…

Jefferson Surgical Clinic Reports June 2021 Data Breach with 174,769 Individuals Affected

Jefferson Surgical Clinic in Roanoke, VA has started informing patients concerning the potential compromise of some of their protected health information (PHI) because of a cyberattack that was discovered on June 5, 2021. As per the breach notification letter sent to the Maine Attorney General, the attacker obtained access to sections of the network that held patient data like names, Social Security numbers, dates of birth, and medical and treatment data. Jefferson Surgical Clinic quickly informed the FBI regarding the breach and employed third-party cybersecurity and forensics professionals to support the investigation. The investigation found no information that indicates any…

Log4j Version Three to Solve High Severity DoS Vulnerability

The original vulnerability determined in Log4j (CVE-2021-44228) that stunned the world thanks to its seriousness, ease of exploitation, and the magnitude of its effect on the software programs and cloud solutions, is not the only vulnerability present in the Java-based logging utility. Right after the launch of version 2.15.0 to fix the vulnerability, version 2.15.0 stayed vulnerable particularly to non-default configurations due to an incomplete patch. The most recent vulnerability CVE-2021-45046 was fixed in version 2.16.0 of Log4j. In the beginning, the low severity vulnerability had a CVSS rating of 3.7; however, the severity score turned to critical (CVSS 9.0)….

Patient Information Stolen During a Cyberattack on the Medical Review Institute of America

The Medical Review Institute of America (MRoiA) encountered a supposed ransomware attack last November 2021 that led to the stealing of sensitive patient information. MRoiA is granted access to patient data by HIPAA-covered entities because of the clinical peer evaluation process of healthcare providers. Based on a data breach notice furnished to the Vermont attorney general, MRoiA stated it experienced a sophisticated cyberattack that was discovered on November 9, 2021. Third-party cybersecurity specialists were quickly involved to do a forensic investigation to find out the nature and extent of the attack and to help with its remediation initiatives, which include…

PHI of About 400,000 Monongalia Health Patients Possibly Compromised in BEC and Phishing Attack

Monongalia Health System based in Morgantown, WV has started alerting about 400,000 patients that unauthorized individuals may have obtained some of their protected health information (PHI) in a recent cyberattack. Monongalia Health System discovered the security incident only when one of its vendors reported not receiving a July 2021 payment that had left Monongalia Health’s accounts. Based on the investigation of the incident, it was confirmed there was a business email compromise (BEC) attack. The attacker had utilized a phishing email to acquire the credentials for the email account of a Monongalia Health contractor. Then, the threat actor used it…

PHI of 57,000 TriValley Primary Care Patients Potentially Compromised in Cyberattack

TriValley Primary Care based in Perkasie, PA has started sending notifications to 57,596 patients regarding the potential compromise of some of their personal data and protected health information (PHI). Suspicious activity was noticed in its IT system on October 11, 2021. The healthcare provider took steps promptly to secure its systems and stop further unauthorized access. Third-party forensic specialists helped in investigating the incident to ascertain the nature and impact of the cyberattack. The investigation into the breach ended on November 4 and although no evidence of actual or attempted patient data misuse, unauthorized access and potential theft of PHI…

Iranian APT Actors Exploit Microsoft Exchange and Fortinet Vulnerabilities

The Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Cybersecurity and Infrastructure Security Agency (CISA), and the United Kingdom’s National Cyber Security Centre (NCSC) have issued a joint cybersecurity alert to warn about the continuing attacks on critical infrastructure industries such as the medical care and public health industry by an Iranian Advanced Persistent Threat (APT) actor. Cyber actors well-known for being connected with the Iranian government are taking advantage of vulnerabilities identified in the Fortinet FortiOS operating system beginning March 2021, and are using a Microsoft Exchange ProxyShell vulnerability to obtain access to targets’ systems beginning October…

Maxim Healthcare Group Informs 65,000 People Regarding October 2020 Email Breach

Maxim Healthcare Group based in Columbia, MD has begun informing 65,267 people concerning a historic breach of its email system and the compromise of their protected health information (PHI). Maxim Healthcare Group, which consists of Maxim Healthcare Staffing and Maxim Healthcare Services, stated it detected suspicious activity in its email system approximately December 4, 2020. It took steps to stop further unauthorized access and started an investigation to find out the nature and extent of the breach. The investigation showed that unauthorized people got access to a number of employee email accounts from October 1, 2020, to December 4, 2020….

Ransomware Groups Exploit Company Financial Events For Extortion

Ransomware groups frequently utilize double extortion techniques to compel victims to give ransom payments. Besides file encryption, they steal sensitive information and issue a threat to sell or post the stolen information when no ransom is paid. The Federal Bureau of Investigation (FBI) has recently released a private industry advisory regarding a new extortion strategy, where ransomware groups attack businesses and organizations that are engaged in important time-sensitive financial activities, steal sensitive financial information, then threaten to expose that data when payment isn’t made. Ransomware groups perform substantial research on their victims prior to starting an attack, including collecting publicly…

PHI Compromised in Tech Etch Ransomware Attack and UNC Hospitals Insider Breach

Tech Etch based in Plymouth, MA manufactures adaptable printed circuits, precision-engineered thin metal parts, and EMI/RFI shielding. It has reported a ransomware attack that resulted in the potential compromise of the personal data and protected health information (PHI) of current and former employees. Organizations such as Tech Etch would not typically be expected to adhere to HIPAA; nonetheless, the firm provides a health plan for its workers and, therefore, is categorized as a HIPAA-covered entity. Tech Etch identified the ransomware attack on August 25, 2021. The investigators determined that the attackers acquired access to its network last August 20. Tech…

Premier Patient Health Care and Oregon Eye Specialists Submits Data Breach Report

Premier Patient Health Care located in Carrollton, TX has learned that an unauthorized individual had acquired the protected health information (PHI) of 37,636 patients during an insider data breach. Premier Patient Health Care is an Accountable Care Organization (ACO) that collaborates with medical professionals to make improvements to clinical results covered by the Medicare Shared Savings Program (MSSP). The ACO and Premier Patient Health Care are run by Premier Management Company, a business associate to numerous primary care doctors who are covered entities by HIPAA. On April 30, 2020, Wiseman Innovations, a technology merchant utilized by Premier Management Company, confirmed…

Medtronic MiniMed Remote Controllers Recalled Due to Major Cybersecurity Issue

The Food and Drug Administration (FDA) has given a notification to end-users of Medtronic wireless insulin pumps concerning a critical security vulnerability impacting a number of remote controllers. MiniMed insulin pumps are employed to deliver insulin to help control diabetes. The pumps come with an optional remote controller device for connecting wirelessly with the insulin pump. A security analyst found a cybersecurity issue in older versions of remote controllers that employ previous-generation technology that can likely be used to cause harm to consumers of the pumps. An unauthorized individual could use the cybersecurity vulnerability to report and playback the wireless…

CISA Revises List of Cybersecurity Bad Practices to Remove

The Cybersecurity and Infrastructure Security Agency (CISA) has modified its checklist of cybersecurity bad practices that need to be eliminated. Cyber threat actors usually perform highly sophisticated attacks to obtain access to internal sites and sensitive records, yet in many cases, sophisticated strategies, techniques, and procedures aren’t necessary. The Bad Practices Catalog was made in July 2021 to improve knowledge of a number of the most egregious problems in cybersecurity that allow attackers to do the job. There have been numerous listings posted on cybersecurity best practices to adhere to, and although it is important that those practices are put…

Cyberattack Forces Memorial Health System to Move Patients to Alternative Hospitals

Memorial Health System located in Marietta, OH was pressured to redirect emergency care because of an alleged ransomware attack. When the cyberattack happened, the health network was compelled to de-activate IT systems to restrict the attack. Emergency practices were executed as a result of the insufficiency of access to critical IT systems, and the staff members are utilizing paper records. Memorial Health System manages three hospitals in West Virginia And Ohio, all of them were impacted by the cyberattack. Considering that electronic health records cannot be accessed, patient safety was likely put at stake, and so the option was taken…

Email Account Breaches Reported by Wisconsin Institute of Urology and Prestera Center

Prestera Mental Health Center located in West Virginia began informing 2,152 individuals regarding a security breach affecting employee email accounts. On or approximately April 1, 2021, Prestera Center discovered that selected worker email accounts were accessed without authorization between August 2020 and September 2020. Although the unauthorized access was confirmed, the center wasn’t possible to determine whether any patient data had been viewed or copied. A review was done to know the types of information that were included in the email accounts and which people were affected. The types of information in the account differed from person to person and…

45,000 Patients Potentially Affected by Cyberattack on Florida Heart Associates

Florida Heart Associates is informing 45,148 patients regarding one recent security breach that resulted in the compromise of their personal data and protected health information (PHI). The security breach was discovered some time in May 19, 2021, because of strange activity seen within selected networked computers. Florida Heart Associates immediately took steps to manage the breach and protect personal data and launched an investigation to find out the nature and extent of the breach. Florida Heart Associates confirmed the breach of its computer system from May 9 to May 19, 2021. Security systems were put in place before the breach…

Philips Vue PACS Products Affected by Multiple Critical Vulnerabilities

Several vulnerabilities were found in Philips Vue PACS items, 5 were critical vulnerabilities having a 9.8 severity score and 4 were high severity vulnerabilities. Attackers can exploit a few of the vulnerabilities remotely with a low attack complexity. An attacker that successfully exploits the vulnerability would be able to acquire system access, snoop, view and change information, execute arbitrary code, set up unauthorized software programs, or compromise system integrity and acquire access to sensitive information, or adversely impact the availability of the system. Philips reported the vulnerabilities lately to CISA as well as the impacted list of Philips Vue PACS…

NIST Releases Critical Software Definition for U.S. Federal Agencies

President Biden’s Cybersecurity Executive Order demands all federal bureaus to re-examine their strategy to cybersecurity, create new options of assessing software, and carry out modern security methods to minimize risk, for example, multi-factor authentication, encryption for data at rest and in transit, and using a zero-trust approach to security. One of the very first specifications of the Executive Order was for the National Institute of Standards and Technology (NIST) to issue a definition of critical software, which the Cybersecurity and Infrastructure Security Agency (CISA) will utilize to produce a listing of all software covered by the Executive Order and for…

Prominence Health Plan and Ohio Medicaid Data Breach

The Nevada health insurance provider Prominence Health Plan has reported it experienced a security breach on November 30, 2020 resulting in the potential acquisition of the protected health information (PHI) of some plan members by hackers. Prominence Health Plan discovered the data breach on April 22, 2021 and took immediate action to avoid continuing unauthorized access, which includes altering the credentials utilized by the attacker to obtain network access. Although Prominence Health Plan hasn’t established whether or not this was a ransomware attack, all impacted plan member information has been recovered from backup copies. The breach affected the audio recordings…

Avaddon Ransomware Group Closes Down Its Operations and Issues Decryption Keys

On June 11, the Avaddon ransomware-as-a-service operation was deactivated and the threat group gave the decryption keys for all its victims. Bleeping Computer received a message with a security password and a URL to a password secured ZIP file that included the individual keys for 2,934 Avaddon ransomware attack victims. The keys were affirmed as legit by Emsisoft and Coveware, with the former right now having revealed a free decryptor that could be employed by all Avaddon ransomware victims to decrypt their data files. Avaddon is a rather new ransomware-as-a-service operation that initiated in March 2020. The threat group responsible…

FBI Warning Regarding Persistent Exploitation of Fortinet Vulnerabilities by APT Groups

The Federal Bureau of Investigation (FBI) has released a Flash Advisory cautioning Fortinet Fortigate appliances users that Advanced Persistent Threat (APT) groups are going to exploit devices that lack patching for three CVEs: CVE-2020-12812, CVE-2019-5591, and CVE-2018-13379. These aren’t zero-day vulnerabilities, because patches are already accessible for a time. Numerous businesses are actually slow to employ the patches and are right now being targeted. In early April, the FBI, together with the DHS’ Cybersecurity and Infrastructure Security Agency (CISA) published a Joint Cybersecurity Advisory telling that threat actors can exploit the vulnerabilities to execute data exfiltration, data encryption, and to…

Data Exposed at ZocDoc and Cincinnati Parenting Center Breaches

ZocDoc in New York, which offers a platform that enables would-be patients to reserve consultations with physicians and dentists, has uncovered a problem in its software program that made it possible for patient records to be viewed by health care and dental practices when viewing ought to have been limited. The investigation showed programming flaws had taken place from August 2020 right until the issues were identified and fixed, a number of past and present practice workers got access to the provider site, even though their accounts must have been either terminated, erased, or been restricted. On all occasions, the…

CISA Gives Guidance on Evicting Adversaries from Networks Following the SolarWinds Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance on ousting threat actors from systems breached in the SolarWinds Orion supply chain attacks and, even succeeding breaches of Active Directory and M365 environments. The attacks were credited to threat actors linked with the Russian Foreign Intelligence Service (SVR). After acquiring network access by means of the update system of SolarWinds Orion, the threat actor picked its targets of interest for additional exposure and ignored multi-factor authentication strategies and moved laterally into Microsoft 365 environments by compromising federated identity solutions. The majority of the targets chosen for more compromise include…

Information of 200,000 Military Veterans Compromised On the Internet

A database made up of the personal data and protected health information (PHI) of more or less 200,000 U.S. military veterans was determined to be available on the web by security specialist Jeremiah Fowler. The database was found on April 18, 2021 and an evaluation pointed out references to a business entity named United Valor Solutions located in Jacksonville, NC. United Valor Solutions is a service provider of the Department of Veterans Affairs (VA) that delivers disability review services for the VA and many other government bureaus. The database – that included veterans’ names, contact details, birth dates, medical data,…

Californian Healthcare Service Provider Discovers Exposure of Patient Information Online for Over a Year

Doctors Medical Center of Modesto (DCM) based in California learned that a company used by a previous vendor accidentally exposed patient data online. DCM had employed the SaaS platform firm Medifies for its virtual waiting room services. DCM found out on April 2, 2021 that some of its patients’ data were accessible on the internet. Upon DCM’s inquiry of Medifies concerning the exposed data, the problem was sorted out on the same day and the data was secured. The inquiry into the data breach revealed the occurrence of an error during the conduct of a software system update that is…

Wyoming Department of Health Makes Announcement of GitHub Data Breach Impacting 164,000 Persons

The Wyoming Department of Health (WDH) has found out that the protected health information (PHI) of 164,021 persons was accidentally compromised on the web as a result of a blunder made by a member of its labor force. On March 10, 2021, WDH learned that a staff member had published documents with medical test information to public and private databases on the software development platform GitHub. Although security controls are set up to take care of users’ privacy, a mistake by the staff meant the information could likely have been viewed by people unauthorized to see the data since January…

Threat Group Actively Exploiting Pulse Connect Secure Vulnerabilities and Also New Zero-Day Vulnerability

The latest advisory from the DHS’ Cybersecurity and Infrastructure Security Agency (CISA) reported that one or more threat group is exploiting vulnerabilities identified in Ivanti’s Pulse Connect Secure devices. Though there is no formal attribution, certain security researchers had associated the threat actor with China. Targets of attacks are government, security, finance, and critical infrastructure institutions. FireEye has been keeping track of the malicious activity and claims that no less than 12 malware families were used in cyberattacks taking advantage of the vulnerabilities starting August 2020. These attacks included the collection of credentials to permit lateral movement in victim systems…

NAME:WRECK DNS Vulnerabilities Impact 100 Million+ Devices

Forescout and JSOF researchers have found 9 vulnerabilities in internet-linked devices which can be taken advantage of in remote code execution and denial-of-service attacks. The vulnerabilities were seen in specific usage of the Domain Name System (DNS) protocol in TCP/IP network communication stacks. The vulnerabilities are typically a result of how parsing of domain names happens, which could go against DNS implementations, and issues with DNS compression, that devices employ to compress information to converse online utilizing TCP/IP. This type of vulnerabilities was given the name NAME:WRECK. They impact common IoT and operational technology systems, such as IPnet, FreeBSD, NetX…

Third-Party Data Breaches Announced by Apple Valley Clinic & BioTel Heart

A ransomware attack on one of the IT vendors of Apple Valley Clinic in Minnesota resulted in the potential compromise of the protected health information of 157,939 of its patients. Apple Valley Clinic, which is with Allina Health, utilized Netgain Technology LLC for hosting its IT network and computer networks. In November 2020, Netgain encountered a ransomware attack that led to the taking down of its data off the web. Netgain informed Apple Valley Clinic on December 2, 2020 concerning the exposure of patient information during the ransomware attack. Allina Health acquired affirmation on January 29, 2021 regarding the impact…

New Report Exposes COVID-19 Themed Phishing Strategies

At the start of 2020, phishers began exploiting the pandemic and deviated from their normal lures to an array of pandemic-correlated themes for their phishing activities. One year after the pandemic began, the Palo Alto Networks Unit 42 Team researchers reviewed the phishing trends over the past year to see the variations in the tactics, techniques, and procedures (TTPs) of phishers and the level to which COVID-19 was utilized in their phishing activities. The researchers reviewed all phishing links discovered from January 2020 and February 2021 to find out the number that had a COVID-19 motif, utilizing certain keywords and…

Hackers Accessed 150,000 Verkada Security Cameras Including Live Feeds and Stored Video Footage

A hacking collective has acquired access to the systems of Verkada Inc., a Californian security camera startup, and viewed the live feeds and archived video footage from surveillance cameras connected to the cloud, which are utilized by big corporations, hospitals, police departments, schools, and jails. As originally reported by Bloomberg, a white hat hacking group called Advanced Persistent Threat 69420 accessed Verkada’s systems by using credentials they got online. The credentials allowed the group to have super admin-level privileges, so it has root access to the surveillance cameras and, in certain instances, the internal systems of Verkada’s customers. The hackers…

Phishing Attack on Saint Agness Medical Center Saint Alphonsus Health System and Southeastern Minnesota Center for Independent Living

Because of a phishing attack suffered by Saint Alphonsus Health System based in Boise, ID, the data of its patients were likely exposed, as well as the information of patients of Saint Agnes Medical Center located in Fresno, CA. Saint Alphonsus discovered abnormal activity in the email account of a worker on January 6, 2021. The provider quickly protected the email account and looked into the breach to find out the origin and character of the incident. Saint Alphonsus confirmed that an unauthorized person viewed the account on January 4, 2021, allowing the individual to access the account and the…

About 100,000 People Impacted by Cochise Eye and Laser Ransomware Attack

The ophthalmology and optometry provider based in Sierra Vista, AZ, Cochise Eye and Laser, encountered a ransomware attack last January 13, 2021 that brought about the encryption of the company’s patient scheduling and billing software program. Because of the attack, Cochise Eye and Laser could not access any information in its scheduling program. It continued to provide eye care services to patients, albeit using paper charts. Based on a breach notice published on its website on February 17, 2021, the company still use paper charts because the scheduling system is still not working. The investigators of the ransomware attack did…

Information Concerning Healthcare Sector Cyber Threats and the Supply Chain Aiding Criminal Activity

During the pandemic, cybercriminals exploited new opportunities and have been launching attacks on hospitals, physician clinics and other firms and institutions on the front line in the struggle against COVID-19. Cyber attacks on the healthcare field increased in 2020, specifically in the fall because a synchronized campaign had numerous healthcare victims. Ransomware continues to be a serious threat to the healthcare segment and more attacks have persisted into 2021. A current CTIL League report presents more data on these attacks and a number of the strategies employed to target the healthcare industry in 2020. The report shows the work carried…

Breach of Information at Rehoboth Mckinley Christian Health Care Services Captial Medical Center and Sutter Buttes Imaging Medical Group

Two healthcare companies have encountered ransomware attacks wherein sensitive information was exfiltrated and exposed on the web as the victims didn’t pay the ransom demand. The Conti ransomware group has publicized information on its leak website which was apparently acquired in an attack on Rehoboth McKinley Christian Health Care Services based in New Mexico. The exposed details include sensitive patient details such as patient ID cards, diagnoses, treatment data, diagnostic data, passports, and driver’s license numbers. It is uncertain how many people have had their PHI compromised thus far. The Conti ransomware gang says it has merely posted about 2%…

Ransomware Attacks Cause Almost Half of Healthcare Data Breaches

Tenable publicized a new report which showed that nearly half of all healthcare data breaches are due to ransomware attacks, and in many of the cases the attacks could have been prevented. Based on the Tenable Research 2020 Threat Landscape Retrospective Report, there were 730 data breaches reported from all industry categories in 2020’s first 10 months and more than 22 billion records had been exposed. The exposed healthcare data records were 8 million. Healthcare listed the largest number of data breaches of any industry segment from January to October 2020, accounting for nearly 1/4 of all documented data breaches….

About 560 U.S. Healthcare Facilities Affected by 2020 Ransomware Attacks

Ransomware attacks have had an enormous effect on enterprises and institutions in America, and 2020 was notably a bad year. Ransomware gangs targeted the healthcare field, education segment, and federal, state, and municipal government authorities and agencies. There were about 2,354 attacks on these industries in 2020, as per the newest State of Ransomware report by Emisoft, a cybersecurity company based in New Zealand. The number of ransomware attacks went up dramatically in late 2019, and though the attacks slowed down in the first 6 months of 2020, a serious coordinated campaign started in September when attacks considerably increased and…

HITECH Act Amendment To Give Cybersecurity Safe Harbor Now Approved

On January 5, 2020, President Trump approved a bill (HR 7898) that improves the Health Information Technology for Economic and Clinical Health Act (HITECH Act) and gives a safe harbor for firms that have carried out accepted security best practices before suffering from a data breach. Though the bill won’t go so far as stopping the Department of Health and Human Services’ Office for Civil Rights from issuing financial penalties for HIPAA compliance problems that triggered a data breach, the amendment necessitates OCR to consider the security steps put in place to lessen cybersecurity risk during the one year before…

Cyberattacks in the Healthcare Sector Higher by 45%

In the fall of 2020, CISA, FBI, and HHS cybersecurity issued a joint alert to the healthcare and public health field subsequent to an increase in ransomware activity. The joint notice discussed that threat actors are actively targeting the healthcare sector to infect systems with ransomware. Many ransomware gangs had heightened attacks on the medical and public health segment. The Ryuk and Conti gangs are the most dynamic. Check Point’s new report reveals that attacks kept on increasing in November and December 2020. Cyber-attacks on healthcare companies increased by 45% worldwide. The increase was greater than twice the percentage increase…

Ransomware Attack on Wilmington Surgical Associates Exposed Over 114,000 Patient’s Data

Last October 2020, the NetWalker ransomware gang launched an attack on the Wilmington Surgical Associates surgical center located in North Carolina. Prior to deploying the Netwalker ransomware to do file encryption, the gang stole 13GB of records with sensitive data. The HHS’ Office for Civil Rights breach portal already posted about the ransomware attack indicating that it has compromised 114,834 patients’ protected health information (PHI). The NetWalker ransomware gang has conducted more attacks on its healthcare company targets this 2020. It attacked the University of California San Francisco and stole sensitive and valuable research data. The University paid $1.14 million…

Data Breaches at Legacy Community Health Services, Hillcrest Nursing Center and Dental Care Alliance

Email Breach at Legacy Community Health Services Affects 3,076 Patients Legacy Community Health Services (LCHS) located in Texas is informing 3,076 people that some of their PHI held in an email account were potentially accessed by an unauthorized individual. LCHS noticed the unauthorized access of a staff’s email account on July 24, 2020 and performed a password reset on that day. A third-party cybersecurity agency helped look into the incident and completed the review of the breach on September 22, 2020. According to the evaluation, the account stored patient names and some clinical data associated to care gotten and the…

ASPR Issues Update on Ransomware Activities in the Healthcare Industry

The HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) has given an update on ransomware activity aimed at the healthcare and public health sectors. In late October, the HHS, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) gave a joint alert concerning an impending rise in ransomware activity aimed towards the healthcare sector. In just one week after giving the warning, six healthcare organizations reported ransomware attacks in one day. Over a dozen healthcare providers have submitted cyberattack reports in the last two months. Healthcare companies reported more than 62 attacks…

Data Breach Incidents at Lycoming-Clinton Joinder Board and Coast Dental

Lycoming-Clinton Joinder Board (LCJB) is managing programs that provide services to persons with mental health issues or intellectual disabilities in the area of Lycoming and Clinton Counties, Pennsylvania. It encountered a breach and is now notifying 14,500 individuals concerning the potential compromise of their protected health information (PHI). On August 10, 2020, while looking into a prior data breach, LCJB learned that an unauthorized individual viewed the email accounts of three personnel. A review of the email accounts affirmed they stored patient data, nevertheless, it can’t be determined if the unauthorized persons accessed or obtained any details in the email…

Dickinson County Health, Michigan Medicine and Passavant Memorial Homes Security Breaches

Dickinson County Health based in Michigan has encountered a malware attack that resulted in its EHR system to be taken offline. The attack has obligated the health system to use EHR downtime approaches and write patient details utilizing pen and paper. The attack began on October 17, 2020 and hampered computer systems at all its Michigan and Wisconsin clinics and hospitals. Systems were turned off to restrict the malware and third-party security professionals were called in to check out the breach and fix its systems and records. Though the attack prompted major interruption, nearly all patient services stayed entirely operational….

Data Breaches at Piedmont Cancer Institute, The Health and Wellness Clinic and McLaren Oakland Hospital

Piedmont Cancer Institute (PCI) located in Atlanta, GA is informing 5,226 patients about the potential exposure of their protected health information (PHI) as a result of an unauthorized individual getting access to the email account of one employee. A third-party cybersecurity firm helped PCI in determining the compromise of the email account for more than a month. The unauthorized person initially accessed the email account on April 5, 2020. PCI secured the account on May 8, 2020. The breached account review ended on August 8, 2020 and confirmed that it comprised a selection of PHI. Aside from names, the patients…

Ransomware Attacks on Magnolia Pediatrics and Accents on Health

Magnolia Pediatrics located in Prairieville, LA is informing 12,861 patients regarding the likely exposure of some of their protected health information (PHI) due to a ransomware attack that transpired on or around March 26, 2020. IT vendor, LaCompuTech looked into the ransomware attack and confirmed that only its master boot record was impacted and the hackers did not access, encrypt or export any patient data. The IT vendor reported that there was no HIPAA breach, thus it is not required to report the incident to the HHS’ Office for Civil Rights. It is likewise not required to issue breach notification…

PHI Compromised Due to Four Data Breaches

MU Health Care based in Missouri has suffered a phishing attack that caused the compromise of a few employee email accounts between May 4 and May 6, 2020. An investigation of the incident unveiled the compromised email accounts included patient data like names, birth dates, account numbers, health insurance information, Social Security numbers, and driver’s license numbers. MU Health Care has advised all impacted patients and has given them free of charge credit monitoring services. To date, there are no reports received that indicate the misuse of any patient information. The affected email accounts comprised the protected health information (PHI)…

CISA Gives Warning of Persistent Attacks by Chinese Hacking Groups Directed at F5, Citrix, Pulse Secure, and MS Exchange Vulnerabilities

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has given a security alert that hackers connected with China’s Ministry of State Security (MSS) are carrying out targeted cyberattacks on U.S. government bureaus and private sector firms. The attacks are continuing for more than a year and generally target vulnerabilities in common networking tools like Pulse And Citrix Secure VPN appliances, Microsoft Exchange email servers, and F5 Big-IP load balancers. The hacking groups employ publicly available data and open source exploit applications in the attacks for instance Mimikatz, Cobalt Strike, And China Chopper. The hacking groups that have…

Data Breaches at the Institute for Integrative Nutrition, Colorado Mental Health Center and Texas Recycling Center

The Institute for Integrative Nutrition in New York City encountered a phishing attack in March 2020, which resulted in the potential exposure of personal data. The institute only became aware of the breached email account on June 22, 2020. According to the investigators, an unauthorized person gained access to one email account starting March 3, 2020 up to March 4, 2020. Third party cybersecurity specialists assisted the investigation and confirmed after a manual document review that the unauthorized person potentially accessed names and personal information like Social Security numbers. But data theft is not confirmed by any evidence. As a…

2.5 Million Patient Records Hosted by Cense AI Compromised Over the Internet

Technology and security consultant Jeremiah Fowler reported that the personal and health data of over 2.5 million patients were compromised on the web. On July 7, 2020, two folders comprising the data were found publicly available over the web and without requiring any passwords to access. An artificial intelligence company called Cense AI hosted the folders marked as “staging data.” Cense AI is a firm that delivers SaaS-based intelligent process automation management solutions. The folders were managed on a similar IP address as the Cense website and were accessible by taking out the port from the IP address, which can…