Healthcare Cybersecurity News

The Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance on ousting threat actors from systems breached in the SolarWinds Orion supply chain attacks and, even succeeding breaches of Active Directory and M365 environments. The attacks were credited to threat actors linked with the Russian Foreign Intelligence Service (SVR). After acquiring network access by means of the update system of SolarWinds Orion, the threat actor picked its targets of interest for additional exposure and ignored multi-factor authentication strategies and moved laterally into Microsoft 365 environments by compromising federated identity solutions. The majority of the targets chosen for more compromise include…

A database made up of the personal data and protected health information (PHI) of more or less 200,000 U.S. military veterans was determined to be available on the web by security specialist Jeremiah Fowler. The database was found on April 18, 2021 and an evaluation pointed out references to a business entity named United Valor Solutions located in Jacksonville, NC. United Valor Solutions is a service provider of the Department of Veterans Affairs (VA) that delivers disability review services for the VA and many other government bureaus. The database – that included veterans’ names, contact details, birth dates, medical data,…

Doctors Medical Center of Modesto (DCM) based in California learned that a company used by a previous vendor accidentally exposed patient data online. DCM had employed the SaaS platform firm Medifies for its virtual waiting room services. DCM found out on April 2, 2021 that some of its patients’ data were accessible on the internet. Upon DCM’s inquiry of Medifies concerning the exposed data, the problem was sorted out on the same day and the data was secured. The inquiry into the data breach revealed the occurrence of an error during the conduct of a software system update that is…

The Wyoming Department of Health (WDH) has found out that the protected health information (PHI) of 164,021 persons was accidentally compromised on the web as a result of a blunder made by a member of its labor force. On March 10, 2021, WDH learned that a staff member had published documents with medical test information to public and private databases on the software development platform GitHub. Although security controls are set up to take care of users’ privacy, a mistake by the staff meant the information could likely have been viewed by people unauthorized to see the data since January…

The latest advisory from the DHS’ Cybersecurity and Infrastructure Security Agency (CISA) reported that one or more threat group is exploiting vulnerabilities identified in Ivanti’s Pulse Connect Secure devices. Though there is no formal attribution, certain security researchers had associated the threat actor with China. Targets of attacks are government, security, finance, and critical infrastructure institutions. FireEye has been keeping track of the malicious activity and claims that no less than 12 malware families were used in cyberattacks taking advantage of the vulnerabilities starting August 2020. These attacks included the collection of credentials to permit lateral movement in victim systems…

Forescout and JSOF researchers have found 9 vulnerabilities in internet-linked devices which can be taken advantage of in remote code execution and denial-of-service attacks. The vulnerabilities were seen in specific usage of the Domain Name System (DNS) protocol in TCP/IP network communication stacks. The vulnerabilities are typically a result of how parsing of domain names happens, which could go against DNS implementations, and issues with DNS compression, that devices employ to compress information to converse online utilizing TCP/IP. This type of vulnerabilities was given the name NAME:WRECK. They impact common IoT and operational technology systems, such as IPnet, FreeBSD, NetX…

A ransomware attack on one of the IT vendors of Apple Valley Clinic in Minnesota resulted in the potential compromise of the protected health information of 157,939 of its patients. Apple Valley Clinic, which is with Allina Health, utilized Netgain Technology LLC for hosting its IT network and computer networks. In November 2020, Netgain encountered a ransomware attack that led to the taking down of its data off the web. Netgain informed Apple Valley Clinic on December 2, 2020 concerning the exposure of patient information during the ransomware attack. Allina Health acquired affirmation on January 29, 2021 regarding the impact…

At the start of 2020, phishers began exploiting the pandemic and deviated from their normal lures to an array of pandemic-correlated themes for their phishing activities. One year after the pandemic began, the Palo Alto Networks Unit 42 Team researchers reviewed the phishing trends over the past year to see the variations in the tactics, techniques, and procedures (TTPs) of phishers and the level to which COVID-19 was utilized in their phishing activities. The researchers reviewed all phishing links discovered from January 2020 and February 2021 to find out the number that had a COVID-19 motif, utilizing certain keywords and…

A hacking collective has acquired access to the systems of Verkada Inc., a Californian security camera startup, and viewed the live feeds and archived video footage from surveillance cameras connected to the cloud, which are utilized by big corporations, hospitals, police departments, schools, and jails. As originally reported by Bloomberg, a white hat hacking group called Advanced Persistent Threat 69420 accessed Verkada’s systems by using credentials they got online. The credentials allowed the group to have super admin-level privileges, so it has root access to the surveillance cameras and, in certain instances, the internal systems of Verkada’s customers. The hackers…

Because of a phishing attack suffered by Saint Alphonsus Health System based in Boise, ID, the data of its patients were likely exposed, as well as the information of patients of Saint Agnes Medical Center located in Fresno, CA. Saint Alphonsus discovered abnormal activity in the email account of a worker on January 6, 2021. The provider quickly protected the email account and looked into the breach to find out the origin and character of the incident. Saint Alphonsus confirmed that an unauthorized person viewed the account on January 4, 2021, allowing the individual to access the account and the…

The ophthalmology and optometry provider based in Sierra Vista, AZ, Cochise Eye and Laser, encountered a ransomware attack last January 13, 2021 that brought about the encryption of the company’s patient scheduling and billing software program. Because of the attack, Cochise Eye and Laser could not access any information in its scheduling program. It continued to provide eye care services to patients, albeit using paper charts. Based on a breach notice published on its website on February 17, 2021, the company still use paper charts because the scheduling system is still not working. The investigators of the ransomware attack did…

During the pandemic, cybercriminals exploited new opportunities and have been launching attacks on hospitals, physician clinics and other firms and institutions on the front line in the struggle against COVID-19. Cyber attacks on the healthcare field increased in 2020, specifically in the fall because a synchronized campaign had numerous healthcare victims. Ransomware continues to be a serious threat to the healthcare segment and more attacks have persisted into 2021. A current CTIL League report presents more data on these attacks and a number of the strategies employed to target the healthcare industry in 2020. The report shows the work carried…

Two healthcare companies have encountered ransomware attacks wherein sensitive information was exfiltrated and exposed on the web as the victims didn’t pay the ransom demand. The Conti ransomware group has publicized information on its leak website which was apparently acquired in an attack on Rehoboth McKinley Christian Health Care Services based in New Mexico. The exposed details include sensitive patient details such as patient ID cards, diagnoses, treatment data, diagnostic data, passports, and driver’s license numbers. It is uncertain how many people have had their PHI compromised thus far. The Conti ransomware gang says it has merely posted about 2%…

Tenable publicized a new report which showed that nearly half of all healthcare data breaches are due to ransomware attacks, and in many of the cases the attacks could have been prevented. Based on the Tenable Research 2020 Threat Landscape Retrospective Report, there were 730 data breaches reported from all industry categories in 2020’s first 10 months and more than 22 billion records had been exposed. The exposed healthcare data records were 8 million. Healthcare listed the largest number of data breaches of any industry segment from January to October 2020, accounting for nearly 1/4 of all documented data breaches….

Ransomware attacks have had an enormous effect on enterprises and institutions in America, and 2020 was notably a bad year. Ransomware gangs targeted the healthcare field, education segment, and federal, state, and municipal government authorities and agencies. There were about 2,354 attacks on these industries in 2020, as per the newest State of Ransomware report by Emisoft, a cybersecurity company based in New Zealand. The number of ransomware attacks went up dramatically in late 2019, and though the attacks slowed down in the first 6 months of 2020, a serious coordinated campaign started in September when attacks considerably increased and…

CISA has recently alerted organizations to the fact that cybercriminals are taking advantage of vulnerable cloud environments due to the lack of proper cyber hygiene. This warning is especially pertinent as many businesses have moved to a remote workforce during the pandemic. Consequently, CISA is urging organizations to ensure they have implemented the necessary security measures to protect their cloud environments. The SolarWinds Orion supply chain attack is believed to have employed some of the tactics outlined in the report, however, no specific threat group has been identified as the culprit. Furthermore, multiple threat actors are taking advantage of these…

In the fall of 2020, CISA, FBI, and HHS cybersecurity issued a joint alert to the healthcare and public health field subsequent to an increase in ransomware activity. The joint notice discussed that threat actors are actively targeting the healthcare sector to infect systems with ransomware. Many ransomware gangs had heightened attacks on the medical and public health segment. The Ryuk and Conti gangs are the most dynamic. Check Point’s new report reveals that attacks kept on increasing in November and December 2020. Cyber-attacks on healthcare companies increased by 45% worldwide. The increase was greater than twice the percentage increase…

Last October 2020, the NetWalker ransomware gang launched an attack on the Wilmington Surgical Associates surgical center located in North Carolina. Prior to deploying the Netwalker ransomware to do file encryption, the gang stole 13GB of records with sensitive data. The HHS’ Office for Civil Rights breach portal already posted about the ransomware attack indicating that it has compromised 114,834 patients’ protected health information (PHI). The NetWalker ransomware gang has conducted more attacks on its healthcare company targets this 2020. It attacked the University of California San Francisco and stole sensitive and valuable research data. The University paid $1.14 million…

Email Breach at Legacy Community Health Services Affects 3,076 Patients Legacy Community Health Services (LCHS) located in Texas is informing 3,076 people that some of their PHI held in an email account were potentially accessed by an unauthorized individual. LCHS noticed the unauthorized access of a staff’s email account on July 24, 2020 and performed a password reset on that day. A third-party cybersecurity agency helped look into the incident and completed the review of the breach on September 22, 2020. According to the evaluation, the account stored patient names and some clinical data associated to care gotten and the…

The HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) has given an update on ransomware activity aimed at the healthcare and public health sectors. In late October, the HHS, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) gave a joint alert concerning an impending rise in ransomware activity aimed towards the healthcare sector. In just one week after giving the warning, six healthcare organizations reported ransomware attacks in one day. Over a dozen healthcare providers have submitted cyberattack reports in the last two months. Healthcare companies reported more than 62 attacks…

Lycoming-Clinton Joinder Board (LCJB) is managing programs that provide services to persons with mental health issues or intellectual disabilities in the area of Lycoming and Clinton Counties, Pennsylvania. It encountered a breach and is now notifying 14,500 individuals concerning the potential compromise of their protected health information (PHI). On August 10, 2020, while looking into a prior data breach, LCJB learned that an unauthorized individual viewed the email accounts of three personnel. A review of the email accounts affirmed they stored patient data, nevertheless, it can’t be determined if the unauthorized persons accessed or obtained any details in the email…

Dickinson County Health based in Michigan has encountered a malware attack that resulted in its EHR system to be taken offline. The attack has obligated the health system to use EHR downtime approaches and write patient details utilizing pen and paper. The attack began on October 17, 2020 and hampered computer systems at all its Michigan and Wisconsin clinics and hospitals. Systems were turned off to restrict the malware and third-party security professionals were called in to check out the breach and fix its systems and records. Though the attack prompted major interruption, nearly all patient services stayed entirely operational….

Piedmont Cancer Institute (PCI) located in Atlanta, GA is informing 5,226 patients about the potential exposure of their protected health information (PHI) as a result of an unauthorized individual getting access to the email account of one employee. A third-party cybersecurity firm helped PCI in determining the compromise of the email account for more than a month. The unauthorized person initially accessed the email account on April 5, 2020. PCI secured the account on May 8, 2020. The breached account review ended on August 8, 2020 and confirmed that it comprised a selection of PHI. Aside from names, the patients…

Magnolia Pediatrics located in Prairieville, LA is informing 12,861 patients regarding the likely exposure of some of their protected health information (PHI) due to a ransomware attack that transpired on or around March 26, 2020. IT vendor, LaCompuTech looked into the ransomware attack and confirmed that only its master boot record was impacted and the hackers did not access, encrypt or export any patient data. The IT vendor reported that there was no HIPAA breach, thus it is not required to report the incident to the HHS’ Office for Civil Rights. It is likewise not required to issue breach notification…

MU Health Care based in Missouri has suffered a phishing attack that caused the compromise of a few employee email accounts between May 4 and May 6, 2020. An investigation of the incident unveiled the compromised email accounts included patient data like names, birth dates, account numbers, health insurance information, Social Security numbers, and driver’s license numbers. MU Health Care has advised all impacted patients and has given them free of charge credit monitoring services. To date, there are no reports received that indicate the misuse of any patient information. The affected email accounts comprised the protected health information (PHI)…

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has given a security alert that hackers connected with China’s Ministry of State Security (MSS) are carrying out targeted cyberattacks on U.S. government bureaus and private sector firms. The attacks are continuing for more than a year and generally target vulnerabilities in common networking tools like Pulse And Citrix Secure VPN appliances, Microsoft Exchange email servers, and F5 Big-IP load balancers. The hacking groups employ publicly available data and open source exploit applications in the attacks for instance Mimikatz, Cobalt Strike, And China Chopper. The hacking groups that have…

The Institute for Integrative Nutrition in New York City encountered a phishing attack in March 2020, which resulted in the potential exposure of personal data. The institute only became aware of the breached email account on June 22, 2020. According to the investigators, an unauthorized person gained access to one email account starting March 3, 2020 up to March 4, 2020. Third party cybersecurity specialists assisted the investigation and confirmed after a manual document review that the unauthorized person potentially accessed names and personal information like Social Security numbers. But data theft is not confirmed by any evidence. As a…

Technology and security consultant Jeremiah Fowler reported that the personal and health data of over 2.5 million patients were compromised on the web. On July 7, 2020, two folders comprising the data were found publicly available over the web and without requiring any passwords to access. An artificial intelligence company called Cense AI hosted the folders marked as “staging data.” Cense AI is a firm that delivers SaaS-based intelligent process automation management solutions. The folders were managed on a similar IP address as the Cense website and were accessible by taking out the port from the IP address, which can…

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) issued a high priority notification to warn companies of the danger of cyberattacks using the Taidoor malware, which is a remote access Trojan (RAT) that the Chinese authorities employ in cyber-surveillance strategies. Taidoor was initially discovered in 2008 and was employed in numerous attacks on companies. The advisory was given after the FBI, CISA, and the Department of Defense (DoD) discovered a new Taidoor RAT variant that is being utilized in attacks on American companies. The solid proof was discovered indicating that attackers doing work for the Chinese government…

The Federal Bureau of Investigation (FBI) gave a (TLP:WHITE) FLASH notification this week after seeing a growth in attacks that use the NetWalker ransomware. NetWalker is a somewhat new ransomware threat that was discovered in March 2020 soon after a transportation and logistics organization in Australia and the University of California in, San Francisco suffered attacks. UC San Francisco was pressured to pay out a ransom payment of approximately $1.14 million to acquire the keys to unlock encrypted data files to restore vital research files. One of the latest healthcare victims was Lorien Health Services, a nursing home operator based…

After 5 months of dormancy, the reactivated Emotet botnet is being employed to send out substantial amounts of unsolicited email messages to businesses in the U.K. and the U.S. The Emotet botnet is a system of breached computers which were downloaded with Emotet malware. Emotet malware is a data stealer and malware downloader which was employed to spread different banking Trojans, which include the TrickBot Trojan. Emotet hijacks email accounts and then utilizes them to dispatch spam email messages that contain malicious urls and file attachments, usually Word and Excel files that contain harmful macros. In the event the macros…

Health plan Independence Blue Cross in Philadelphia, AmeriHealth Insurance Company and AmeriHealth HMO, Inc of New Jersey learned that unauthorized persons acquired access to web pages on their member sites from March 17, 2020 to April 30, 2020 and possibly saw the private and protected health information (PHI) of a number of plan members. The types of data exposed comprise names, health plan type, member ID numbers, payment account balances, claims details and user reward summaries. According to the breach investigation, the unauthorized person utilized legit credentials to log in to the website. On all occasions, the passwords employed to…

Security researchers often discover misconfigured public cloud databases. Wrong configurations that cause cloud data exposure may be because of insufficient knowledge of cloud security or guidelines, inadequate oversight to track down errors, or negligent conduct by insiders. The latest Trend Micro report pointed out that the top cause of cloud security issues is cloud misconfigurations. Security researchers at Comparitech frequently find unsecured cloud assets, typically Elasticsearch cases and unprotected AWS S3 buckets. Whenever the unprotected cloud databases are identified, security researchers identify the owners and notify them to make sure to secure data quickly. Upon identifying the owners, it usually…

Organizations participating in the research studies of SARS-CoV-2 and COVID-19 were warned that hackers linked with the People’s Republic of China (PRC) are focusing attacks on their organizations, for that reason, they have to do something to keep their systems safe from any attack. The Federal Bureau of Investigation (FBI) together with the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security have issued an alert that healthcare, pharmaceutical and research organizations working on SARS-CoV-2 vaccines, COVID-19 remedies and testing procedures are the targets of hackers wanting to get research data to move ahead with PRC’s research…

The Health Information Sharing and Analysis Center (H-ISAC) released a framework for CISOs to manage identity and secure their firm against identity-focused cyberattacks. This new white paper released by H-ISAC comprises the identity-focused plan to security. The former white paper details why an identity-focused solution to cybersecurity is necessary at this time, with the most recent white paper outlining how to execute that strategy. By using the framework, CISOs could handle the complete identity lifecycle of practitioners, patients, business partners, and employees in a manner that protects against identity cyberattacks, brings down risk and boosts operational efficiencies. The framework was…

Magellan Health, a Fortune 500 company, encountered a ransomware attack last April that resulted in the encryption of its files and theft of some employee information. Magellan Health noticed the attack on April 11, 2020 after files on its systems were encrypted. According to the breach investigation results, the attacker accessed its systems because an employee received a spear-phishing email on April 6 and responded to it. The attacker misled the employee by means of impersonating a Magellan Health customer. Magellan Health employed the cybersecurity firm Mandiant to investigate the breach and it confirmed that the attacker accessed a company…

The Federal Bureau of Investigation (FBI) has published an advisory that cybercriminals are attempting to rob from state organizations and healthcare market consumers that are purchasing medical products and personal protective equipment (PPE). Healthcare market consumers were cautioned after having records of increasing instances of scams connected to the order of PPE and important medical equipment including ventilators, that have limited supply as a result of greater demand. The FBI has received information on many reports of advance fee frauds. Government organizations and healthcare market consumers have sent funds to vendors and brokers of PPE and medical products and learned…

Cyberattacks on healthcare organizations were reported despite the fact that these organizations are working day and night to give COVID-19 patients their needed healthcare. These attacks not only cause serious disruption, but also possibly more damage and threat to patient safety considering the COVID-19 outbreak. Plenty of phishing campaigns were found using the fear of COVID-19 as a lure to install malware. More than 2,000 coronavirus-themed domains had been registered. Most of these domain names were probably bought for executing malicious intentions. For sure the cyberattacks will not stop. However, it would appear that some threat actors have chosen not…

With attacks rising it is essential to undertake cybersecurity guidelines for keeping remote employees safe against malware and phishing attacks. Institutions should make certain to use the most recent versions of VPNs and employ patches promptly. The DHS Cybersecurity and Infrastructure Security Agency (CISA) released another alert on March 13 concerning patching and upgrading VPNs for remote personnel to correct vulnerabilities. Institutions were likewise told to use multifactor authentication with all VPNs to boost security. VPNs should additionally be configured to start off automatically if devices are powered up and not just counting on personnel to manually connect. It is…

Personal Touch Home Care (PTHC), a home health company based in Lake Success, NY, began informing patients about the latest ransomware attack on Crossroads Technologies Inc., its IT vendor based in Wyomissing, PA, that potentially compromised their protected health information (PHI). On December 1, 2019, Crossroads advised PTHC that its Pennsylvania data center was attacked by ransomware. That data center hosted PTHC’s electronic medical records. Because of the ransomware attack, patient records were inaccessible for a couple of days. Although the EHR system was not accessible, PTHC employees followed emergency protocols and recorded patient data using pen and paper. The…

A phishing attack on Overlake Medical Center & Clinics located in Bellevue, WA in December 2019 caused the potential exposure to personal and protected health information (PHI) of 109,000 patients. Overlake Medical Center & Clinics discovered the phishing attack on December 9, 2019 and did a password reset to prohibit unauthorized access. Overlake affirmed the unauthorized access of one email account beginning December 6, 2019 up to December 9 which was the time the Overlake secured the account. There were other email accounts compromised on December 9, however, the attacker only had access for a couple of hours. An examination…

The 2019 Internet Crime Report of the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) was just released. It reveals that cybercrime losses in 2019 maxed $3.5 billion. IC3 got nearly 1,300 per day or 467,361 online and cybercrime complaints. Above 50% of the losses were caused by business email compromise (BEC) attacks, otherwise called email account compromise (EAC). These attacks entail the impersonation of an authorized person or business to acquire finances by means of email. These complex tricks usually start off with a phishing attack on a manager to acquire email login credentials. The hacker then…

The Iowa Department of Human Services informed 4,784 people concerning the potential exposure of their protected health information (PHI) because of improper disposal of documents. On November 25, 2019, a member of the DHS staff put documents containing the Dallas County clients’ PHI together within the regular garbage dumpster. The staff should have shredded the documents before disposal. DHS was late in discovering the improper disposal as the dumpster had been emptied already. The incident investigators learned that the custodial employee who disposed of the records wasn’t aware that the documents contained confidential information. It was not possible to determine…

TechCrunch researchers found a security error on a website that LabCorp is using for hosting its internal customer relationship management system. Though the system comes with password protection, the researchers discovered an error in the back-end system and exposing patient records. The error made possible patient data access even with no security password and search engines have indexed the web URL. Google had cached just one document that contains a patient’s health data. However, the researchers were able to see other patient records with health data just by modifying the document number in the web URL. The researchers examined sample…

Alomere Health in Alexandria, MN encountered a phishing attack that allowed unauthorized persons potential access to the protected health information (PHI) of more or less 50,000 patients. After becoming aware of the phishing attack on November 6, 2019, the healthcare provider conducted an internal investigation that revealed the account was accessed by unauthorized persons from October 31 until November 1, 2019. The computer forensics company that investigated the breach revealed on November 10, 2019 that a second email account compromise occurred on November 6. After a detailed examination of the compromised accounts, it was confirmed by the investigators that selected…

Enloe Medical Center in Chico, CA had a ransomware attack two weeks ago and until now the electronic medical record (EMR) system of this California healthcare provider is offline. Enloe knew about the ransomware attack on January 2, 2020, which encrypted the files of its entire network, which include the EMR system consequently the center staff are unable to access patient data. The provider promptly enforced emergency protocols to keep on delivering health care to patients and had to reschedule just a number of elective medical procedures. The telephone system became non-operational as well because of the attack, but it…

A malware attack on the Native American Rehabilitation Association of the Northwest, Inc. (NARA) in Portland, OR resulted in the potential unauthorized access of the protected health information (PHI) of native American patients who are receiving mental and physical health services, education and substance abuse treatment. NARA mentioned that the malware attack came about on November 4, 2019. Security controls failed to identify the malware at the beginning but eventually identified it in the afternoon. By November 5, the security team already had the threat under control and by November 6, it had changed all email account passwords. The attackers…

A phishing attack on Conway Medical Center in South Carolina resulted in the access of the email accounts of several employees by unauthorized people. Conway Medical Center became aware of the phishing attack on October 7, 2019 and immediately secured the employee’s email accounts to block the further access of unauthorized individuals. Third party cybersecurity specialists looked into the breach to confirm patient data access or theft. According to the investigators, the email accounts were first compromised on or before July 2019. It was only on November 20, 2019 that the investigators confirmed the exposure of the protected health information…

The radiology department of Roosevelt General Hospital located in Portales, New Mexico found malware in one digital imaging server, which possibly resulted in enabling the hackers to gain access to the radiological photos of approximately 500 patients. The malware installation was found on November 14, 2019 and immediate action was done to separate the server and stop even more unauthorized access and obstruct contact with the command and control server of the hackers. The IT unit was successful in taking away the malware, repairing the server and retrieving all patient information. A scan was done to search for any flaws….

Many cybercriminals still send phishing emails at random hoping to solicit some responses. However, it is more lucrative to conduct targeted attacks, which are also called spear phishing. Microsoft claims that spear phishing attacks increased twofold last year. From September 2018 to September 2019, spear phishing attacks have gone up from 0.31% to 0.62% of email volume. The number might be low, however, these spear phishing campaigns are very effective because they are laser-focused on distinct employees. Security-conscious employees find it hard to recognize emails. A lot of executives, IT and cybersecurity personnel become victims of these campaigns. The emails…

The Cancer Center of Hawaii in Oahu encountered a ransomware attack on November 5, 2019. The Cancer Center was compelled to power down its network servers because of the attack. That meant temporarily not providing radiation treatment to patients at St. Francis’ hospital in Liliha and Pali Momi Medical Center. Although patient services suffered some interruption, the center believes that the attackers did not access any patient information. The breach investigation is still in progress, but all information saved on the radiology machines were recovered. The network is likewise completely operational now. It is not known how long the network…

Aegis Medical Group, a Florida-based physician group, started notifying 9,800 patients that a former employee potentially accessed their protected health information (PHI). Purportedly, that individual offered the patient data for sale to third parties that were supposedly involved in identity theft and fraud. The law enforcement told about the employee’s action to Aegis Medical Group on September 11, 2019. The investigators confirmed the employee’s attempt to sell off two patients’ data. The physician network together with law enforcement discovered that the employee probably accessed approximately 9,800 patients’ information from July 24, 2019 up to September 9, 2019. The patient records…

Medtronic identified six vulnerabilities in the Medtronic Valleylab energy platform and electrosurgery products that include one critical vulnerability that an attacker can exploit to access the Valleylab Energy platform and view/overwrite data files and remotely implement arbitrary code. Medtronic already sent notifications about the identified vulnerabilities to the Department of Homeland Security Cybersecurity and Infrastructure Security Agency considering its responsible vulnerability disclosure policy. The following Medtronic Valleylab products have been found to have four vulnerabilities: Valleylab Exchange Client, Version 3.4 and earlier versions Valleylab FX8 Energy Platform (VLFX8GEN) software Version 1.1.0 and earlier versions Valleylab FT10 Energy Platform (VLFT10GEN) software…

Ransomware continues to be one of the greatest cybersecurity threats confronted by healthcare institutions. Attacks have increased as well as ransom demands. A recent analysis by Coveware, a company providing ransomware remediation and incident response, revealed that there is a 13% increase in the average ransom payment, which stands at $41,198 in Q3 of 2019. This amount is six times the average in December 2018. A lot of companies are paying substantially more. The ransom demand of threat actors that use the Ryuk ransomware in their attacks is usually hundreds of thousands of dollars. From Q2 to Q3 of 2019,…

Family members of the late Dr Ulrich Klopfer have discovered fetal remains at his home in Illinois.  Dr Klopfer operated three abortion clinics in Indiana until 2015 when his license was suspended due to failure to comply with state laws. The violations included failure to report cases of the rape of a minor following an abortion procedure, violations of state waiting periods, and improper record keeping. Indiana Attorney General Hill described Dr Klopfer as “one of the most notorious abortionists in the history of Indiana” with “a record of deplorable conditions and violations of regulatory controls.” Dr Klopfer had his…

Cybersecurity researchers have revealed that approximately 733 million medical images stored on picture archiving and communication systems (PACs) are freely accessible on the Internet.  The investigation, a joint venture by ProPublica, German public broadcaster Bayerischer Rundfunk, and vulnerability and analysis firm, Greenbone Networks, found images including X-rays, MRI, and CT scans stored in these PACs.  Greenbone analyzed 2,300 PACs and found that 590 were accessible from the Internet without requiring any user authentication. These 590 servers stored 24 million medical records from 52 countries.  Greenbone Networks audited the servers between July and September 2019 and set up a RadiAnt DICOM…

The Hospice of San Joaquin in Stockton, California, is in the process of notifying patients that their protected health information may have been compromised in a recent security incident. On July 2, 2019, at 12:50 pm, hackers installed malware on the hospice’s network. The network included servers used to store the protected health information of 13,000 patients.  In the breach notification posted on their website, the hospice stated: ‘we do not believe, or have any indication patient or staff information has been utilized, disseminated or disclosed to unauthorized parties.’ The server contained patient information such as their full name, home…

Microsoft has issued patches for 93 vulnerabilities across Windows, Microsoft Browsers, Microsoft Office, and Outlook this Patch Tuesday, 26 of which achieved a ‘critical’ rating. Somewhat unusually, there are no patches to address currently exploited zero-day vulnerabilities in this month’s updates; however, it is still important to apply the updates as soon as possible as it is unlikely to be long before exploits are developed for the remote code execution vulnerabilities. Four of the critical vulnerabilities corrected in this month’s round of updates are wormable flaws in Remote Desktop Protocol (RDP), two of which – CVE-2019-1181 and CVE-2019-1182 – affect…

Wise Health has revealed that a phishing attack on their system has compromised the protected health information (PHI) of 36,000 patients. Wise Health System is a health care system with over 1,900 employees based in Decatur, Texas. The breach occurred on March 14, 2019, when a hacker sent phishing emails to employees of the organization. Several employees were fooled by the spoof emails and responded, allowing the hacker to harvest their login credentials. The hacker then used the credentials to log in to the Employee Kiosk and attempted to redirect over 100 payroll direct deposits. Wise Health had anti-fraud policies…

Premera Blue Cross has agreed to a $10 million settlement to resolve lawsuit involving 30 state attorneys general for a 2014 data breach which compromised 10.4 million records. A hacker compromised Premera Health’s network on May 5, 2014, and had access until March 6, 2015. During this time, the hacker could access highly sensitive plan member information such as names, contact information, dates of birth, member ID numbers, and Social Security numbers. Premera Health record’s included information on individuals from Alabama, Alaska, Arizona, Arkansas, California, Connecticut, Florida, Hawaii, Idaho, Indiana, Iowa, Kansas, Kentucky, Louisiana, Massachusetts, Minnesota, Mississippi, Montana, Nebraska, Nevada,…

Turlock Irrigation District in California are notifying members of their employer-sponsored health plan that an error at a business associate has resulted in some of their protected health information (PHI) being exposed. The business associate, Delta Health Systems (DHS), provides administrative services related to Turlock Irrigation District’s health plan. As such, it requires access to employee protected health information and is required by HIPAA to protect the integrity and confidentiality of this information.  However, due to an error made by a third-party website developer, some employee information was made accessible through a link on DHS’s website. While the website had…

Siemens has discovered several vulnerabilities in the Scalance W1750D direct access point. Several of the vulnerabilities are of high-severity, and one is rated as ‘critical’. The vulnerabilities can be exploited remotely and hackers can exploit them with even low skill levels. A hacker could utilise the flaws to gain access to the W1750D device and execute arbitrary code within its underlying operating system. As a result, the hacker could gain access to sensitive information, perform administrative actions on the device, and expose session cookies for an administrative session. The vulnerabilities are present in all versions prior to 8.4.0.1 CVE-2018-7084 is a…

Centura Health has revealed that an email security incident has resulted in the protected health information (PHI) of 7,515 patients being compromised. Centura Health, based in Centennial, Colorado, discovered the breach on April 16, 2019. IT security staff immediately took steps to secure the account and revoke unauthorised access. An investigation was launched into the incident to determine the extent of the breach and how the hacker gained access to the account. The investigation concluded that the hacker may have been able to access emails and email attachments during the window in which they had access to the account. However,…

A phishing attack at a business associate of Columbus Community Hospital in Columbus, Wisconsin, has compromised the PHI of an unknown number of patients.  Columbus Community Hospital was notified of the breach on April 8, 2019, by OS, Inc., a claims management service provider and business associate (BA) to the hospital. According to the BA, the unauthorised individual gained access to the email account of one of its employees through a successful phishing attack. The hacker may have viewed patient information during the period in which they had access to the account. The information in the compromised account includes names,…

The U.S Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have issued a joint advisory warning that Lazarus APT has launched attacks using a new Trojan called HOPLIGHT. Lazarus, North Korea-backed hacking group, utilises spear phishing attacks to install malware on targets of high value. The group appears to be primarily motivated by financial gain, rather than intellectual property theft or espionage. The group is known by other aliases such as Hidden Cobra, Zinc, and Nickel Academy. Lazarus is the group that is generally considered responsible for the WannaCry attacks and several other high-profile cybersecurity incidents….

Avanan has released a study indicating that a quarter of all phishing emails bypass Microsoft Office 365’s default anti-phishing protections. Avanan, a cloud security platform provider, conducted a study of 52 million emails which had been assessed by Office 365 Exchange Online Protection (EOP). They discovered that the software categorised a quarter of phishing emails sent as ‘non-malicious’, and allowed them to arrive in user inboxes. A  further 5.3% of emails were delivered as they had been whitelisted, meaning the phishing emails couldn’t be blocked. EOP works by scanning emails for malware, signatures of spam, and checking if the sender…

Proofpoint, a software security company, has discovered that threat actors are using legacy IMAP protocols to bypass multi-factor authentication on Office 365 and G Suite accounts. Multi-factor authentication (MFA) systems check the identity of a user before allowing them to access the account. Many experts consider them more a far more robust security measure than passwords. These identification steps may include sending an email to their account, or a text to their phone, which contains a unique code which then must be submitted online to proceed. Usually, if an attacker attempts to access an account but fail on several attempts,…

Mimecast has released a report showing that there has been a 126% increase in the number of emails containing malicious URLs between August 2018 and February 2019. Mimecast, a company specialising in cloud-based email management, surveyed to ascertain workplace awareness of cybersecurity issues. The report was based on an analysis of 28.4 million emails that had been marked as ‘safe’ by security filters on email inboxes. These filters failed in nearly 17% of cases, as the researchers discovered 460,000 emails that contained malicious links but had made it past the email security solutions.  Previous reports suggest that the average office…

A free GandCrab ransomware decryptor has been made available on the No More Ransom depository. The decrypt works for files encrypted by versions 1, 4, early versions of 5, and versions 5.0.4 to 5.1 can now be decrypted without paying the ransom. Ransomware is malware variant which denies the user access to their device, or specific files on the device until a ransom has been paid to the scammer. Ransomware attacks are becoming increasingly common, particularly against organisations in the healthcare industry due to the high black-market of healthcare data. The malware is readily available on the dark web. If a campaign…

Hackers have launched a new GandCrab ransomware campaign targeting managed service providers (MSPs) and IT support companies. GandCrab ransomware is a popular variant of ransomware. It became popular for hackers to utilise as Ransomware-as-a-Service (Raas). RaaS allows even novice cybercriminals to launch ransomware campaigns and earn commission for the use of this ransomware. MSPs are often used by small and medium businesses (SMBs) that have insufficient resources to create and manage their cybersecurity frameworks. MSPs perform a range of functions such as patching, performing software updates, proactively finding security issues, and correcting problems in networks. As MSPs work remotely, SMBs…

The Industrial Control Systems Cyber Emergency Response Team (ICS-Cert) has issued a medical advisory about vulnerabilities found in Stryker equipment. Nine vulnerabilities were identified, affecting Secure II MedSurg Beds, S3 MedSurg Beds, and InTouch ICU Beds. The vulnerabilities could be potentially exploited to allow “data traffic manipulation, resulting in partial disclosure of encrypted communication or injection data”. The attacker need only be in radio range of the devices to perform a successful attack. The vulnerabilities are present in the four-way handshake used by WPA and WPA2 wireless security protocols which allow nonce reuse in Key Reinstallation (KRACK) attacks. Similar vulnerabilities…

The Department of Defence (DoD) Office of Inspector General (OIG) has released a report revealing that the Defense Health Agency (DHA) failed to implement security protocols consistently. This failing resulted in failings to protect against the unauthorised accessing of systems that stored, processed, and transmitted electronic health records and other sensitive patient information. The DoD OIG Report – DoDIG-2017-085, “Protection of Electronic Patient Health Information at Army Military Treatment Facilities” details the failings and includes suggestions made by OIG to improve the system. The DoD OIG found that Common Access Cards (CACs) were not used to access three DoD EHR…

A cybersecurity consultant has identified a new Microsoft Office 365 phishing attack that fools unsuspecting users into entering their Office 365 account details into a fake website. Phishing attacks are attempts made by cybercriminals to obtain sensitive information such as passwords or credit card details from a victim by pretending to be a reputable organisation via electronic communication channels. Often conducted through emails, the messages look surprisingly legitimate, and often direct the victim to a website which is a convincing copy of the genuine site. The only noticeable difference between the two web pages may be the URL, which ignorant…

Kaspersky Labs, a multinational cybersecurity and anti-virus organisation, has published its 2018 report on malware attacks detected on its network between November 2017 and October 2018. The report highlights the growing threat that malware attacks pose to data security worldwide. The report uses information obtained using data collected from Kaspersky Security Networks (KSN) users, of which there are millions worldwide. The report shows that there has been a 43% increase in ransomware detections experienced by KSN users during the period between November 2017 to October 2018 in comparison to the same period the previous year. The data also showed a…

November 13 2018 marked Microsoft’s November Patch Tuesday. The day saw the release of patches and security updates for Windows, Internet Explorer, Edge, and other Microsoft products. In total, 64 vulnerabilities were addressed across the range of Microsoft products. There were 12 vulnerabilities which were considered “critical” by developers. The updates are hoped to protect Microsoft devices against malware attacks, which are becoming increasingly prevalent.   The 12 critical vulnerabilities could allow hackers to execute malicious code and take full control of a vulnerable device. The majority of the critical vulnerabilities are in the Chakra Scripting Engine, which account for…

Defiant, a security research organisation which specialises in WordPress website security, has identified a flaw in a plugin that has allowed unauthorised individuals access and alter websites.  The flaw was identified in a GDPR Compliance plugin, which was created in response to the introduction of the EU privacy laws in May 2018. The plugin allowed website owners to add a checkbox to their website for users to consent to the use of their data for specific uses, as now required by GDPR legislation. Due to the importance of GDPR, and the hefty financial penalties that organisations faced for non-compliance, it…

In January this year, a medical attendant assistant was let go from Wayne Memorial Hospital for a HIPAA infringement after the improper obtaining of 390 patients’ documents was found. A famous event in 2011 observed medical caretakers and other medicinal services staff snoop on patient records. All things considered, there hosted been a gathering in a neighboring town where there were numerous medication overdoses. Allina Hospitals and Clinics let go 24 individuals from staff for the unseemly getting to of PHI. Attendant Fired for HIPAA Breach at Glendale Adventist Medical Center Every year, many attendants are found to have disregarded…

Blue Shield and the Blue Cross of Florida stated that personal information of a few insurance candidates has been revealed via online means. In last August, the Florida Blue was warned for the patient’s data exposure so it launched the investigation right away.  According to the investigation report of Florida Blue, the information of 475 candidates was shifted to clouds by an illegal insurance agent RTHQ (Real Time Health Quotes). The stolen data includes the files related to the agency, copies of life insurance, dental and health applications ranging 2009-2014. All those files were stored in the cloud without any…

9500 patient’s information has been exposed in a phishing attack to a Medical College of Wisconsin. The attackers got access to the email account of employees working in the college that contained PHI of patients and other sensitive information of faculty members. The type of information available was names, medical record no., DOB, details of health insurances, the names, surgical information, service date, information about treatment and medical diagnosis. A few patients also have their financial information and Social Security nos. This instance happened during a week between 21st July and 28th July when the employees of the Medical College…

UPMC Susquehanna is a linkage of medical centers and the hospitals in Muncy, Pennsylvania and Williamsport Wellsboro. UPMC declared that 200 patients PHI has been checked and accessed by illegal individuals. It is believed that the access to PHI is gained when an employee of the organization answered phishing email. Although the date of the incident has not been highlighted yet. According to UPMC Susquehanna the breach was discovered on 21ts September when the worker of the organization highlighted doubtful activities on the device. According to the investigation process, the illegal individual got access to the information using the employee’s…

The PHI of 683 patients belonging to TJ Health Columbia Clinic and TJ Samson Community Hospital in Glasgow was accessed inappropriately. This incident was highlighted by one of the autonomous care provider who worked for TJ Samson Community. This theft was checked and unrelieved in the repetitive review of PHI logs on 25th August, 2017. The continuous investigation showed that there were two people in the healthcare provider’s office who stole the PHI of patients without undergoing the policies and rules. It is a fact that autonomous health care provider have access to PHI of patient to perform daily routine…

The PHI (Protected health information) of members (932) of Children Health Plan has been emailed to the personal account of prior employee. This instance happened on 21, Sep 2017, although, the employee sent the data in November or December 2016. These emails were found during a daily review analysis. The Texas Children’s Health Plan immediately took action to the attack and responded to minimize the risk too.  In order to prevent such problems in future, the Health Plan also implemented the Insurance plan. Additionally, all the workers have been retrained for the HIPAA rules and the hospital policies. Although, the…

A virus named Trojan horse virus has been discovered on two devices that have been used by the Health and Social Services department. This virus access and steals the information stored on laptops. “HIPAA revealed of 500 plus individuals”, the statement was highlighted by Katie Marquette who is the communication director is Alaska DHSS. Currently, the right number of the people affected has not be discovered. Complete analysis of the affected devices has been conducted that disclosed the attackers. According to the analysis, the trackers are present in Western area, may access the important and sensitive information like reports and…

Among all the identified healthcare breaches, the phishing attack is one of the major threats to the privacy of PHI. A few weeks ago, different healthcare companies announced email accounts with the PHI of 1000s of patients has been stolen by different people. On the basis of which, the healthcare employees are answering the phishing emails. The reports highlighted the increase in Phishing attacks with Malicious URLs This week a new report has been released and this report shows that there is a major increase in the malicious emails in past few months. A Quarterly threat article from Proofpoint highlighted…

A nearly expired laptop with very sensitive information has been missing. This laptop was belonged to the Mann-Grandstaff who worked as the VA in Spokane, WA. The laptop contained all the information about hematology tests as it was combined with the hematology analyzer. Previously the laptop was in use from April 2013 to the May 2016, but later on, when the device was not usable, it was decommissioned. A vender who supplied the device replaced the device, however the missing device was revealed by the equipment inventory. Vender of the device has no record, but the device should be returned…

The number of patients in MS center of st Louis and the MC Neurology County and town. All these patients were informed that the marketing teams of pharmaceutical companies may contact them for the research purpose. The teams may belong to the third parties. According to the authorized party, they are not permitted to contact them, but still there are some chances that the marketing teams may contact them. According to the HIPAA rules, no marketing or the research team are permitted to contact the patients for research purpose, until or unless they got permission from the authorized party. However,…

The Phishing attack has been becoming a viral issue for the healthcare companies. The latest news to HIPAA is that phishing attack has also affected the Florida Healthy Kids Corporation. On 25th July, 2017 the staff members started getting phishing emails. Some of the staff members also responded to those emails and ultimately gave access to the attacker to get the private information. When the management realized about the phishing attack, they immediately blocked the access to the email accounts. The situation was clearly handled on time. The hacker had access the accounts containing data for about 24 hours. At…

In a few weeks before, it has been a wave of phishing attacks on the information of healthcare companies. Due to the enhances threats, the Department of Health and Human Services’ Office for Civil Rights issued notice to the healthcare companies, empathizing them to increase their security checks using regular training sessions of the workers and implementation of new rules. Phishing attack is one of the attack in which malware is successfully transferred to the devices and this results in the stealing of sensitive information. The email accounts hold a huge information about the patients, it is the information that…

A health insurer Aetna located in Harford, CT found that the PHI of 5000 members was exposed via online means and the information was also accessible via the search engines.  Aetna conducted an investigation on 27 April, 2017 for the security problem that affected 2 computer services. Those computer services were responsible to expose the documents showing Information of authorized people and other member plans. During the investigation Aetna found, that these documents were also submitted to search engines and unauthorized people can easily access those. On 10th May, the investigation report highlighted the fact that the data has been…

Universal care found a serious breach of PHI. On 28 Dec, 2016, Brand New Day found that an unauthorized individual got access to the PHI that was send to one of the business associated. The information was obtained by a third party supplier system that was used by the company’s contract provider. This incident happened 6 days ago on 22nd Dec 2016. The incident notification that was differed to attorney general of California does not contain any information about the affected members of the incident. Although, the information was breaches and the criminal investigation was immediately started by law. The…

3,594 clients of Children’s Hospital Los Angeles Medical Group (CHLAMG) and Children’s Hospital Los Angeles (CHLA) are being advised of a potential rupture of their secured wellbeing data following the robbery of a decoded, secret word secured portable PC. The portable workstation was stolen from the bolted vehicle of a CHLAMG representative who rehearses at CHLA. The robbery is comprehended to have happened on October 18, 2016. CHLAMG scrambles its smart phones, while the examination concerning the rupture at first showed the portable PC had been encoded to institutional models, on December 21, 2016, CHLA confirmed that there was a…