Healthcare Cybersecurity News

Kroll’s Data Breach Outlook 2025 report also reveals interesting information about cyberattacks on other sectors. Professional services, education, retail, and technology had fewer attacks. Cyberattacks on the technology sector dropped by 46%, education attacks fell by 38%, and retail attacks declined by 33%. Last year, attacks increased on the manufacturing, industrial services, government, and insurance sectors, with 25% more attacks on the insurance sector. Cybercriminals are attracted to the healthcare sector because of the value of protected health information (PHI). They can use stolen data for malicious applications. The average earnings of hackers is about $5 per stolen credit card…

A new report published by Censinet, KLAS Research, the American Hospital Association, Health-IASAC, and the Healthcare and Public Health Sector Coordinating Council has revealed insights into the current state of cybersecurity preparedness within the healthcare sector. The report, compiled through a survey conducted in November 2023, involved executives and cybersecurity professionals from various healthcare subsectors, including providers, pharma, payers, medical device manufacturers, and health IT. The survey, which received responses from 396 individuals, aimed to identify the top cybersecurity concerns facing healthcare organizations in both 2023 and 2024. Key findings from the survey highlight persistent and emerging threats, as well…

A recent survey conducted by Rock Health, titled “The New Era of Consumer Engagement: Insights from Rock Health’s Ninth Annual Consumer Adoption Survey,” has revealed insights into consumers attitudes towards health data-sharing. Focused on 2023, the survey reflects the transformative impact of the pandemic on virtual care adoption and preferences, offering valuable insights into the current state of consumer engagement with digital health tools.   The survey, which involved over 8,000 U.S. Census-matched adults, revealed the growing role of virtual care in modern healthcare. Results demonstrated a steady increase in digital health adoption over recent years, with virtual care adoption…

Petersen Health Care, recognized as a leading operator of nursing homes in the United States, has filed for bankruptcy protection following a series of cyberattacks and defaults on government-backed loans. Headquartered in Peoria, Illinois, the company includes an expansive network comprising over 90 nursing homes spread across the states of Illinois, Missouri, and Iowa. Amid mounting financial pressures, Petersen Health Care initiated Chapter 11 proceedings in a Delaware bankruptcy court on Wednesday, confronting debts exceeding $295 million. A large portion of this debt, amounting to $45 million, pertains to healthcare facility loans insured by the U.S. Department of Housing and…

A major data breach has affected over 791,000 members of UNITE HERE, a New York labor union serving individuals in Canada and the US, revealing an infiltration of sensitive data. The breach, initially detected on October 20, 2023, signaled a breach in UNITE HERE’s systems, prompting immediate action from the union. Third-party cybersecurity experts were immediately engaged to conduct a thorough investigation, aimed at determining the scope and nature of the breach. It was revealed that unauthorized access had been gained, compromising sensitive data belonging to members of specific local unions, health funds, and the San Diego UNITE HERE Pension…

The U.S. Department of Health and Human Services (HHS) is advancing with plans to establish a dedicated task force in response to the increasing integration of artificial intelligence (AI) into the healthcare sector. This initiative, led by a top HHS official, aims to establish robust “assurance, monitoring, risk-management practices” surrounding the utilization of AI in healthcare applications. President Joe Biden’s executive order, signed in October, mandated the creation of a comprehensive framework for evaluating AI technologies before market entry and ensuring continuous performance monitoring post-implementation. Operating under this directive, the task force faces a stringent timeline, with a deadline of…

Healthcare and Public Health (HPH) organizations have been alerted to the growing threat presented by email bombing attacks, a tactic increasingly utilized by cybercriminals to disrupt operations and compromise security. Email bombing, also referred to as mail bomb or letter bomb attacks, involves inundating an email address or server with a large volume of emails in a short period, overwhelming the recipient’s inbox and rendering it unusable. These attacks, categorized as Denial of Service (DoS) attacks, aim to disrupt regular communication channels by flooding them with spam emails, making it challenging for users to access legitimate messages.   The threat of…

Optum, a subsidiary of UnitedHealth Group, has introduced a temporary funding assistance program aimed at helping organizations manage short-term cash flow challenges resulting from the ongoing Change Healthcare cyberattack. The cyber incident, orchestrated by the BlackCat/ALPHV threat actor, has disrupted healthcare services, leading to widespread concerns and urgent calls for government intervention. The program, accessible through Optum Financial Services, targets providers whose payment distribution has been directly impacted by the cyberattack. Recognizing the immediate financial needs of affected providers, Optum is mobilizing its resources to offer short-term temporary funding assistance, with the understanding that the funds will be repaid once…

Five Eyes Agencies Warns about Continuing Exploitation of Ivanti Connect Secure and Policy Secure Vulnerabilities The Five Eyes Cybersecurity Agencies have released an alert that multiple threat actors have actively exploited earlier disclosed vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways since early December 2023. The vulnerabilities, CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893 affect all supported versions (9.x and 22.x) and could be chained to circumvent authentication, make malicious requests, and carry out arbitrary commands with higher privileges. Based on the notification, Ivanti’s internal and prior external Integrity Checker Tool (ICT) did not identify malicious activity connected with exploitation. CISA…

The National Institute of Standards and Technology (NIST) has released an update to its Cybersecurity Framework (CSF), marking the first major revision in a decade since its introduction in 2014. This comprehensive update showcases a change in focus, expanding the CSF’s applicability beyond key infrastructure, to include a diverse range of organizations regardless of their cybersecurity maturity levels.   The CSF 2.0’s primary objective is to assist all organizations in effectively managing and mitigating cybersecurity risks. The evolution of this framework stems from extensive discussions and public feedback over several years, aiming to improve its overall effectiveness. The CSF now…

In the aftermath of the Change Healthcare cyberattack, the healthcare sector is facing unprecedented challenges, dealing with a cyber event organized by the BlackCat/ALPHV threat actor. Change Healthcare openly acknowledges the security breach and emphasizes collaboration with cybersecurity experts, law enforcement, and third-party consultants Mandiant and Palo Alto Networks. The company takes active measures to address the situation, implementing multiple workarounds to ensure the continuity of key services. Change Healthcare also maintains that the systems of Optum, UnitedHealthcare, and UnitedHealth Group remain unaffected by the cyber incident. The effects continue, causing disruptions for pharmacies nationwide on the sixth day of…

U.S. President Joe Biden is set to sign an executive order on Wednesday, aimed at preventing large-scale transfers of sensitive personal data of Americans to countries, including China. The order, primarily targeting data brokers, directs the Department of Justice to initiate a rule-making process to impede bulk data transfers to “countries of concern,” such as Russia and Iran. The order covers various types of sensitive personal data, including genomic data, biometric data, personal health data, geolocation data, financial data, and specific personally identifiable information. President Biden’s executive order focuses on the national security implications tied to the extensive transfer of…

The U.S. Department of Justice, in collaboration with the United Kingdom and international law enforcement partners, has declared a successful disruption of the notorious LockBit ransomware group. LockBit, a major player in the cybercrime, known for its relentless targeting of over 2,000 victims globally. The group accumulated staggering ransom payments exceeding $120 million and issued demands totaling hundreds of millions of dollars. This collaborative operation engaged the U.K. National Crime Agency’s Cyber Division, working closely with the U.S. Department of Justice, the Federal Bureau of Investigation (FBI), and other international law enforcement agencies. The strategic measures employed in this operation…

The Healthcare Cybersecurity and Communications Integration Center (HC3) has issued a warning regarding the escalating threat presented by the Akira ransomware group, which, since its emergence in March, has actively targeted and victimized over 60 entities, with a considerable impact on the healthcare sector. This recent addition to cybercrime has demonstrated remarkable aggression and proficiency in targeting the U.S. health sector during its relatively short existence.   First identified in May 2023, the Akira ransomware has rapidly expanded its reach, claiming at least 81 victims within a year. It is important to distinguish the current Akira variant from a previous version…

The New York Attorney General Letitia James recently concluded a legal action against The NewYork-Presbyterian Hospital (NYP), resulting in a $300,000 settlement. This action was due to the hospital’s unauthorized use of online tracking tools on its website, which led to the unintentional sharing of sensitive personal and health-related information of its visitors with third-party technology companies. This incident was a clear breach of the Health Insurance Portability and Accountability Act (HIPAA), the most important piece of legislation designed to protect patient privacy and sensitive health information. From June 2016 to June 2022, NYP employed third-party tracking tools on its…

In an era of heightened cyber threats, researchers at cybersecurity firm Imperva have shed new light on the ever-evolving landscape of cyberattacks. Drawing from their recent 10th annual Bad Bot Report, the team offers a comprehensive examination of the escalating threats posed by bad bots, providing invaluable insights for industries across the board. The Imperva report’s findings are informed by an exhaustive analysis of six trillion blocked bad bot requests made across thousands of domains throughout 2022. The scale of the data examined underscores the increasingly pervasive nature of the bad bot problem and illustrates the need for evolving detection…

The ever-shifting terrain of cyber threats continues to pose increasing challenges for organizations across the globe. In particular, the specter of ransomware looms large, as indicated by Fortinet’s 2023 Global Ransomware Report. The comprehensive study, offering invaluable insights from 569 international cybersecurity leaders from diverse sectors, exposes a startling paradox. The majority, over 80% of respondents, express significant concern regarding ransomware, and a nearly equivalent number, 78%, believe they are well-prepared to ward off such an attack. Yet, despite this apparent readiness, a startling 50% of these organizations fell prey to ransomware attacks in the previous year. John Maddison, Fortinet’s…

According to the 2022 Internet Crime Report released by the FBI, losses due to cybercrime have surged by 49% to $10.3 billion in the current year, despite a 5% decline in the number of complaints received. In the past five years, the total loss due to cybercrime has exceeded $27.6 billion, with more than 3.26 million complaints received by the FBI’s Internet Crime Complaint Center (IC3). Established in 2000, the IC3 serves as a crucial component of the FBI’s mission to combat cybercrime, which poses a growing threat in our interconnected world. It serves as a platform to receive and…

The SEC has announced that Blackbaud, a software provider catering to non-profit organizations, will be paying out a $3 million settlement for its inadequate disclosure about a ransomware attack in 2020 that affected more than 13,000 customers. Further investigation revealed that the firm had not accurately conveyed the extent of the incident even after it became aware of the inaccuracy of its original public announcements. This attack was the largest healthcare data breach reported in 2020, affecting over 10 million patients and more than two dozen provider organizations. The attackers went undetected for over three months and were able to…

Cerebral, a telehealth company, recently notified its 3.1 million users of a data breach that occurred on January 3, 2023. The company revealed protected health information (PHI) to unaffiliated third-party platforms and subcontractors without satisfying the stipulations mandated by the Health Insurance Portability and Accountability Act (HIPAA).The company used “pixels” and other tracking technologies provided by Facebook, TikTok, and Google since 2019. During a review of its data sharing practices involving subcontractors, Cerebral discovered the breach. The company took prompt action by disabling, reconfiguring, and/or removing the tracking technologies on its platforms. Cerebral also stopped exchanging data with any subcontractors…

The healthcare industry continues to be a prime target for cybercriminals, with data exfiltration posing a significant threat to patient privacy and security. According to a recent report published by the HC3, a cybersecurity agency that collaborates with the Department of Health and Human Services, data exfiltration is becoming increasingly prevalent in healthcare cyberattacks, and the implications can be severe. Data exfiltration is a security breach where malware or a malicious actor transfer data from a device without permission. It is one of the last stages in the cyber kill-chain and is the target of advanced persistent threats (APTs). Ransomware…

A recent report has found that cybercriminals are adopting professional business strategies and diversifying their portfolios in response to declining revenues, as the world faces economic recession, inflation, and supply chain disruptions in 2022. Trend Micro’s Annual Cybersecurity Roundup for 2022 sheds light on the major security concerns that surfaced and prevailed last year, including the decline in profits for cybercriminal groups, the adaptation of cybercriminals to mirror legitimate businesses, and the top vulnerabilities exploited by malicious actors. According to the report, cybercriminal groups have experienced declining profits, mirroring legitimate businesses when faced with falling revenue. Ransomware groups, in particular,…

Police from Germany and Ukraine have apprehended individuals suspected of working with the DoppelPaymer ransomware group, and took out a warrant to arrest the three suspected head criminals behind the global extortion operation. By using a double-extortion technique, the crew would steal sensitive data from the computers of their victims and threaten to make it public on their data leak website unless the ransom was paid. According to local sources, the Doppelpaymer ransomware gang was responsible for the cyber-attack on a German hospital that resulted in the death of a patient. The attack was carried out through a vulnerable Citrix…

Clop, the notorious ransomware group, is reportedly targeting the healthcare industry in a new data breach, according to an HC3 Sector alert. The group claims to have stolen personal and protected health information data over a 10-day period and has the ability to encrypt affected healthcare systems using ransomware payloads. While the claims are unverified, Clop has a history of employing trend-setting techniques across multiple operations and has become one of the most successful ransomware groups in recent years. HC3’s previous Clop Analyst Note revealed that the ransomware group primarily targets Windows systems, but a new Linux variant was observed…

A new study has found that deidentifying wearable data may not be sufficient to protect individuals’ privacy. With advances in machine learning, seemingly innocuous data can be used to infer sensitive information about individuals, including medical diagnoses, mental health, personality traits, and emotions. This information can then be used to reidentify individuals, revealing not only the originally collected data but also inferences made about them.  Despite the risk, regulation changes often lag behind real-world reidentification events and their consequences. To address this, a new study published in the Lancet Digital Health journal aimed to provide an overview of the risks…

A warning has been issued by a group of leading cybersecurity organizations in the United States and the Republic of Korea about a growing threat of ransomware attacks targeting healthcare organizations. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and the Republic of Korea’s Defense Security Agency and National Intelligence Service have come together to alert the public of these dangerous state-sponsored attacks carried out by North Korean (DPRK) actors. These attacks are aimed at obtaining ransom payments to support the…

A new report has revealed that nearly half of all ransomware attacks have compromised healthcare delivery in the United States. Published in JAMA, the research conducted by the University of Minnesota Public Health researchers investigated the patterns of ransomware attacks in U.S. hospitals, clinics, and other healthcare delivery organizations. As healthcare organizations have become more reliant on health information technology, they have also become more vulnerable to cyber threats such as ransomware. This malicious software prevents access to electronic systems until a ransom is paid, causing major disruptions to healthcare operations. Ransomware attacks are becoming a major cause of healthcare…

The Health Sector Cybersecurity Coordination Center (HC3) has released an analyst note informing the HPH sector of Killnet, a pro-Russian hacking group. Since January 2022, KillNet has been an active pro-Russian hacktivist group and has carried out DDoS campaigns against countries backing Ukraine, especially those in NATO. These assaults began shortly after the United States and other nations decided to provide tanks to Ukraine in order to assist them in their struggle against Russian forces.  A DDoS attack is an act of flooding a target server or website with thousands of connection requests and packets per minute, leading to a…

Today, the United States Department of Justice has delivered a powerful blow to the malicious ransomware group known as Hive with the successful disruption of its operations. Since June 2021, Hive has launched cyberattacks against over 1,500 victims worldwide, many in the healthcare sector. This prompted alerts from agencies such as the U.S. Department of Health and Human Services, the Federal Bureau of Investigation, and the Cybersecurity and Infrastructure Security Agency.  Hive used a subscription-based business model called ransomware-as-a-service (RaaS) in which administrators or developers would produce a ransomware strain and offer it to affiliates. Affiliates would then use the…

A joint Cybersecurity Advisory has been issued by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) to alert network defenders of the potential malicious use of legitimate remote monitoring and management (RMM) software. In October 2022, CISA used its trusted third-party reporting to conduct retrospective analysis of a federal civilian executive branch-wide intrusion detection system (EINSTEIN) and identified a widespread, financially motivated phishing campaign related to malicious typosquatting activity. The investigation uncovered that since June 2022, cybercriminals have been sending phishing emails to email addresses of FCEB federal staff,…

Twenty security and risk executives from top healthcare provider organizations have joined forces to help less equipped healthcare organizations with their information risk management. This includes combating one of the most pressing healthcare cybersecurity concerns: third-party risk management. Cyberattacks against vendors have risen alarmingly, and many healthcare organizations have been affected as a result. In 2023, the majority of the top ten data breaches were at vendors. Cybercriminals are able to infiltrate numerous healthcare organizations’ networks and data through a single breach of a vendor, which is often due to inadequate security measures. The HSCC recently conducted a survey that…

The Health Sector Cybersecurity Coordination Center (HC3) has identified two advanced and hostile ransomware operations, Blackcat and Royal, that pose a major risk to the healthcare and public health (HPH) sector. They have shared this threat intelligence to help protect the sector. In 2021 and early 2022, Conti, a large and highly organized ransomware-as-a-service (RaaS) operation, was a major player in the ransomware threat landscape. However, the group disbanded in 2022. Although the Conti RaaS is no longer active, its members still are, just in smaller, semi-autonomous and autonomous ransomware operations. These operations are more difficult to trace and draw…

Delinea has recently released the 2022 State of Ransomware Report. Delinea is an innovative provider of privilege access management (PAM) solutions that helps organizations secure critical data and infrastructure, comply with regulations, and reduce risk. They offer their services to a vast global customer base ranging from small businesses to large organizations. Results of the report showed that strategies put in place to combat ransomware have achieved success, as cyber-attacks using this compromise approach were observed to have significantly declined over the past year as compared to earlier statistics. Additionally, fewer companies were seen to be paying the required ransom….

Consulate Health Care, a Florida-based chain of 140 U.S. nursing homes, has been targeted in an attack by the Hive ransomware-as-a-service (RaasS) operation. On January 6, 2023, the group posted on their leak site about the breach, claiming to have stolen 550 GB of data and encrypted files on December 3, 2022. Furthermore, some of the data allegedly taken in the attack has already been leaked, including contracts, company information, employee details, and patient information such as medical records, Social Security numbers, contact information, and insurance information. Consulate Health Care released a replacement breach announcement on their website when details…

According to data released by Check Point, a cybersecurity solutions provider, there was a 38% increase in global cyberattacks in 2022, making it an especially difficult year for cybersecurity. Moreover, healthcare organizations experienced the greatest surge in attacks, with 74% more weekly occurrences than in 2021. This pushed the healthcare industry to third place in terms of the most targeted sectors, with 1,463 attacks per week. In the USA, healthcare was the second most attacked sector, registering 1,410 weekly attacks – an 86% increase compared to the previous year. Across all industry sectors, the US registered a 57% year-over-year increase…

A recent analysis published in the JAMA Health Forum has revealed that healthcare ransomware attacks have grown exponentially in the past 5 years, causing a decline in data recovery from backups. Furthermore, it found that it is now commonplace for stolen data to be made public after a successful attack. To conduct their analysis, the researchers used data collected from the Tracking Healthcare Ransomware Events and Traits (THREAT) database. This database gathers information from a multitude of sources, including the HHS’ Office for Civil Rights breach portal, HackNotice, press releases from victims, media reports, and dark web monitoring. The analysis…

Users of the Citrix Application Delivery Controller (ADC) and Citrix Gateway are strongly encouraged to verify that their systems are not exposed to a dangerous unauthenticated remote code execution vulnerability that is currently being targeted by a highly skilled Chinese advanced persistent threat (APT) actors, as well as potentially other state-sponsored hacking groups. Healthcare organizations that use Citrix ADC and Gateway are vulnerable to CVE-2022-27518, a critical authentication bypass vulnerability with a CVSS v3 severity rating of 9.8 out of 10. Exploitation of this flaw could allow an unauthenticated actor to remotely execute code and completely compromise the system, making…

The HC3 has released a security advisory concerning Royal ransomware. The human-operated ransomware was first discovered in September 2022. Following infection, the ransomware organization is known to demand payment of up to $2 million USD from victims in order to prevent the publication of their sensitive data.There have been reports that Royal ransomware that looks to be made up of skilled actors from other organizations, as the techniques deployed appear to be the same. While the majority of known ransomware operators have engaged in ransomware-as-a-service, Royal ransomware seems to be a private group without any apparent affiliations while maintaining financial…

Multiple class action lawsuits have been filed against Empress EMS, the New York ambulance service, following a ransomware attack discovered on July 14, 2022. The HIVE ransomware gang has claimed responsibility for the attack.  According to the breach notification issued by Empress EMS, hackers from HIVE gained access to the network, stole files containing sensitive patient information, and then encrypted the files to prevent access. The information collected by the threat actors included full names, birth dates, demographic information, diagnoses, treatment information, medical record numbers, dates of service, prescription information, insurance information, and even Social Security numbers for an unlucky…

Community Health Network, the indiana-based healthcare provider, has acknowledged that the use of Meta and Google’s tracking codes has resulted in an unauthorized disclosure of sensitive patient healthcare information. Community Health Network is another addition to the ever-growing list of healthcare organizations who experienced data breaches following the implementation of third-party tracking codes. Affected healthcare organizations include Advocate Aurora Health, WakeMed Health and Hospitals, Novant Health, Medstar Health System, UCSF Medical Center, Dignity Health Medical Foundation, and Northwestern Memorial Hospital. The Department of Health and Human Services’ Office for Civil Rights received a breach report from Community Health Network, confirming…

The Department of Health and Human Services’ Health Sector Cybersecurity Coordinator (HC3) has issued a warning to the public healthcare and public health sector (HPH) to raise awareness of the Lorenz threat group. The cybercriminal gang has conducted numerous threat campaigns in the United States across the last two years.  The human-operated Lorenz ransomware is used after threat actors have broken into networks and stolen data. The gang is known to modify its executable code and personalize it for each targeted organization after access to the network has been obtained. Before spreading ransomware to encrypt files, the Lorenz actors remain…

Ten people have been charged by the U.S. Department of Justice in connection with corporate email breach frauds that resulted in the theft of more than $11.1 million from Medicaid, Medicare, and private health insurance programs. Hospitals were to receive the funds in exchange for delivering certain medical services. Business email compromise (BEC) schemes, which are the main source of losses from cybercrime, entail obtaining access to genuine email accounts and utilizing them to deceive those in charge of wire transfers into sending fraudulent money to attacker-controlled accounts. Between June 2016 and December 2021, over $43 billion was lost as…

The Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Cybersecurity and Infrastructure Security Agency (CISA) have recently released guidelines for federal and private agencies on the mitigation and prevention of Distributed Denial of Service (DDoS) attacks.  In a DDoS attack, a host connected to a network is temporarily or permanently denied access to its services in an effort to render a computer or network resource inaccessible to its intended users. The typical method for committing a DDoS attack is to overload the targeted machine or resource with excessive requests in an effort to…

An analyst note has been released by the Health Sector Cybersecurity Coordination Center (HC3) to raise health organizations’ awareness of the Venus ransomware. In the note, the HC3 shares information about the strategies, tactics, and procedures used in Venus ransomware attacks and a number of measures that organizations within the health sector can take to improve their cybersecurity.  According to the HC3, Venus ransomware was first detected in August 2022. However, since then, organizations worldwide have been subject to Venus ransomware attacks. When activated, the Venus ransomware attempts to erase 39 processes linked to Microsoft Office and database servers. For…

A recent survey conducted by LastPass has found that while respondents reported a high level of confidence with their password practices for personal and work accounts, the level of security for the passwords remained low for several instances. The survey is conducted annually by LastPass in an effort to better understand the current cybersecurity landscape. This year, the survey included 3,750 professionals.  According to the survey, Generation Z (7-26) reported the highest level of confidence in their password management practices. However, the age group accounted for the worst password hygiene scores. While Gen Z respondents reused passwords 69 percent of…

The security of medical devices is a major problem for the healthcare industry. Security of medical devices is still one of the biggest worries in the healthcare industry. There are several challenges facing the industry including potential risks to patient safety due to the existence of legacy devices, the industry’s growing interconnectivity, and the necessity for industry-wide standards in the medical device security space. In order to address these issues and gain a better understanding into the current situation of the medical device industry, the Medical Device Innovation Consortium (MDIC) published its first ever medical device security maturity benchmarking tool…

According to Check Point’s 2022 Mid-Year Report, of all industry sectors, the healthcare sector experienced the largest percentage increase in cyberattacks, rising by 69 percent in 1H 2022 compared to 2021. In terms of the amount of weekly attacks, healthcare is currently ranked fifth, behind communications, ISP/MSP, government/military, and education. In the report, Check Point explains that 2022 has shown that cyberattacks has been firmly established as a state-level weapon, with the first half of the year witnessing an unprecedented rise in state-sponsored attacks due to the ongoing war in Ukraine, as well as a significant increase in hacktivism –…

Microsoft has recently notified its users that two-day vulnerabilities in its Exchange Server are being exploited by Chinese threat actors and have recommended a number of mitigations users can take to secure their data while the company develops patches to rectify the vulnerabilities. While the attacks made by the threat actors have been restricted, Microsoft does advise that the attackers may soon target the health sector. In several of the attacks, the attackers used the China Chopper web shell for permanent access, which indicates that a Chinese hacker outfit with governmental backing is making use of the security vulnerabilities. The…

The United States Health Sector Cybersecurity Coordination Center (HC3) has warned the healthcare industry of a new monkeypox-themed malspam campaign targeting healthcare providers. According to the HC3, the campaign has a subject line of “Data from (Victim Organization Abbreviation): “Important read about -Monkey Pox– (Victim Organization) (Reference Number)” and utilizes an “Important read about Monkey Pox” theme. A PDF attachment to the email contains a malicious link that takes the user to a Lark Docs site. The website has a cloud-themed adobe doc and provides a secure Moneky Pox PDF download. The victim’s Outlook, O365, or Other Mail login credentials…

A penetration risk report released by Global cybersecurity firm Coalfire has found that while the health sector is gradually reducing its dependence on legacy systems, unpatched and out-of-date software continues to pose security risks. The report was composed of results of more than 3,100 penetration tests from approximately 1,600 client engagements in the technology, retail financial services, and healthcare industries. Penetration testing is a tool used by healthcare organizations to identify potential vulnerabilities in their cybersecurity before hackers can. In addition coalfire employed cybersecurity firm NowSecure to examine mobile applications’ cybersecurity.  The report found a number of key findings. Firstly,…

The United States Department of Justice (DOJ) has charged three Iranian nationals for executing several ransomware attacks and other cyberattacks against United States critical infrastructure entities including multiple healthcare organizations. The information of the charges comes from an unsealed indictment filed in the US District Court for the District of New Jersey and a DOJ press release.  According to the press release, the hacking campaign exploited flaws in frequently used network devices and software applications to gain access and remove files from computer systems. The hackers then deny the victims access to their own systems unless a ransom payment is…

A report recently issued by Comparitech has found that almost 5,000 healthcare breaches have been reported to the Department of Health and Human Services’ Office for Civil Rights’ (OCR) data breach portal since 2009. The breaches involved more than 342 million medical records.  The researchers at Comparitech evaluated data from the period between 2009 to June 2022 to determine which states in the United States experience the most medical data breaches and how many medical records are exposed annually. Additionally, the researchers examined from January 2021 to June 2022 in-depth to determine their main causes and the healthcare organizations they…

The Health Sector Cybersecurity Coordination Center (HC3) has released a report emphasizing some of the concerns associated with some of the most promising new technologies that have the potential to transform clinical research, the monitoring and delivery of treatment, connectivity, data analysis, and data security. New technologies have the capability to completely transform the healthcare sector. Although these technologies have a lot of potential advantages, they also carry a danger of compromising patient privacy and safety. If vulnerabilities are not adequately fixed, malicious actors may use them to access internal systems or sensitive health information, endangering patient safety. According to…

A report conducted by the Ponemon Institute has found that over 20 percent of healthcare organizations have encountered an increase in mortality rate after a substantial cyberattack and over half of healthcare organizations surveyed stated that they encountered poorer patient outcomes as a result. With delays to procedures and tests being the most frequent consequences of the attacks that resulted in poorer patient outcomes.  On behalf of cybersecurity firm Proofpoint, Ponemon Institute surveyed 641 IT and IT security professionals in healthcare organizations who are responsible for participating in cybersecurity procedures such as setting IT cybersecurity priorities, selecting vendors and contractors…

The Office of Inspector General (OIG) at the Department of Health and Human Services (HHS) has called for the Health Resources and Services Administration (HRSA) to bolster oversight of the cybersecurity of the Organ Procurement and Transplantation Network (OPTN). This public-private partnership is managed by the United Network for Organ Sharing (UNOS), a nonprofit that links all professionals involved in the donation and transplantation system. It holds the personal and medical information of organ donors, transplant candidates and transplant recipients. The OPTN’s IT systems are essential for the timely matching of organs with people awaiting organ donation. Such a process…

The Department of Health and Human Services’ (HHS) Office of Inspector General (OIG) has requested the Health Resources and Services Administration (HRSA) to improve their oversight of the cybersecurity of the Organ Procurement and Transplantation Network (OPTN). The OIG was established to ensure the protection of HHS programs through a nationwide network of audits, investigations, and inspections.The latest audit conducted by the OIG was to determine whether the HRSA had complied with federal requirements to implement appropriate and suitable cybersecurity controls over the OPTN to protect transplant information. The OPTN is a component of the HRSA’s nationwide system for allocation…

The United States Cybersecurity and Infrastructure Security Agency (CISA) has released a security advisory outlining five vulnerabilities found in Contec Health’s CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor. The Agency details how exploitation of the vulnerability could allow a malicious actor to conduct distributed denial of service attacks to alter firmware, make configuration changes, access a root shell, and cause a monitor to display wrong information.  CISA has stated that they have contacted Contec Health about the faults in the Vital Signs Monitors, however, they have not received any response regarding vulnerability mitigations. CISA have found five vulnerabilities within…

A joint Cybersecurity Advisory has been issued by the United States Cybersecurity and Infrastructure Agency (CISA) in collaboration the the Federal Bureau of Investigation (FBI), and the Department of the Treasury to advise the health sector about the threat of Maui ransomware, a cyberattack variant which has been utilized by the North Korea state-sponsored cyber attackers.  Since 2021, the FBI have identified and handled several incidents in the health sector involving Maui ransomware. The ransomware is used to encrypt servers that healthcare services operate such as EHR services, diagnostics services, imaging services, and intranet services. Maui ransomware has the ability…

A white paper has recently been published by Health-ISAC intended to assist CISOs to understand and implement a zero trust security architecture. Traditionally, a CISOs approach includes perimeter defenses, which prohibit unauthorized third parties from gaining access to data. However, the traditional cybersecurity approach is no longer viable in the cloud due to the lack of perimeters. Furthermore, the methods malicious actors employ to successfully gain access to data are rapid changing. In the event that access to the data is gained through perimeter defenses, the malicious actor can travel laterally within networks and have the ability to conduct several…

The General Health System (GHS), located in Baton Rouge, has recently disclosed on its website that it experienced a data breach in June. The GHS is responsible for operating over 20 healthcare institutions in the Baton Rouge area.  The breach was initially announced in June by WAFB, the local news network, who reported that GHS had temporarily transferred its patient records to paper until it was safe to bring its EMR and other patient networks back online. However, GHS has confirmed the incident in a post they have published on their website. The post confirms that the GHS had detected…

A recent study published by Sophos has revealed that 66 percent of healthcare organizations experienced ransomware attacks in 2021, a 94 percent increase compared to 2020. Sophos employed research agency Vanson Bourne to conduct an independent survey for Sophos’ annual study of ransomware attacks in the healthcare sector. The study consisted of 5,600 IT professionals, including 381 healthcare respondents in organizations residing in 31 different countries during the period of January and February 2022.  The survey discovered that two-thirds of healthcare organizations experienced ransomware attacks last year, revealing that cybercriminals’ capabilities to deliver significant attacks is only improving. The healthcare…

A recent analysis published by cybersecurity company Surfshark has revealed that almost half of period-tracking applications in the study shared or used user data for third-party advertising. The analysis consisted of the twenty most popular applications on the Apple Application Store and graded each application according to the quantity and sensitivity of the data it collects. Each data point was then added on the company’s point system. One point was awarded to data that is not linked to a user’s identity, two points for data that could be linked to a user’s identity such as name and address,  and finally,…

The number of cybersecurity attacks on healthcare organizations continue to increase on a yearly basis. The healthcare sector is often targeted by cyber criminals as healthcare providers are more likely to pay ransoms as there is risk to human health. Healthcare organizations are frequently penalized by the HHS’ Office for Civil Rights for cybersecurity vulnerabilities which can result in damaged reputations and the increased risk of patient safety and misuse of patient data. Organizations regularly employ outside consulting firms that specialize in increasing security and data privacy safeguards in order to decrease these risks in healthcare. A report conducted by…

The Oklahoma State University Center for Health Sciences (OSUCHS) has recently settled a HIPAA violation case for $875,000. The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) brought the case to the University after an investigation into a major breach of sensitive data found several potential violations of the HIPAA Rules.  The breach of data was detected by the university on November 7, 2017. It was discovered that an unauthorized third party had gained access to sections of the University’s computer network and potentially recovered files relating to the information of Medicaid patients. The information included…

A warning has been issued by the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center to warn healthcare organizations about voice phishing and social engineering attacks.  Social engineering, in the context of cybersecurity, is the exploitation of individuals by malicious attackers for their own benefit. Social engineering is a general term that ecompasses a wide range of cyberattacks such as phishing, spear phishing, business email compromising whaling, scareware, baiting, callback phishing, SMS phishing, and pretexting.  Social engineering techniques are employed in phishing attacks to deceive employees into giving up private information, such as protected health information, login…

A recent report issued by Okta has found that there has been an increase in the number of healthcare organizations that have implemented zero trust initiatives. The 2022 State of Zero Trust Security report revealed that approximately 58 percent of organizations who were surveyed have confirmed that they have or are beginning to implement zero trust initiatives. In addition, approximately 96 percent of healthcare organizations stated they had implemented a zero trust initiative or intend to do so over the next year to year and a half.  Traditionally, healthcare organizations secure devices and networks through a trusted network perimeter. However,…

The Department of Health and Human Services’ Cybersecurity Coordination Center (HC3) has issued a security alert notifying healthcare organizations of Apple’s security updates to safeguard against two zero-day vulnerabilities in the macOS Monterey, Safari, iOs, and iPadOS. The devices affected by the software vulnerabilities include all iPad Pro Models, iPad Air 2 and after, iPad 5th generation and after, all Macs operating with macOS Monterey, iPad mini 4 and later, the iPod Touch 7th generation, and finally iPhone 6s and later generations.  A zero-day vulnerability is a flaw in hardware, software, or firmware that the individuals responsible for resolving issues…

The Homeland Security’s Cybersecurity and Infrastructure Agency and the Federal Bureau of Investigation have issued a joint warning regarding the Zeppelin strain of ransomware. The alert, issued on August 11, warns healthcare organizations of the threat the ransomware poses and the steps organizations can take in order to mitigate threats to electronic healthcare data.  The Zeppelin ransomware is a component of  Delphi-based Vega malware and operates as a Ransomware as a Service. Malicious actors have utilized the malware to gain access to the networks of various critical infrastructure organizations and businesses. These include educational institutions, manufacturers, technology companies, and particularly…

A security advisory alert has been issued by the Health Sector Cybersecurity Coordination Center (HC3) warning organizations in the healthcare and public health industry about the dangers posed by Internet of Things (IoT) devices and has offered suggestions for improving the security of the devices.  The Internet of Things describes physical devices with software, sensors and other technologies that connect and exchange information with other devices and systems via the internet. There are currently approximately 7 billion devices that utilize IoT. The number of IoT devices is expected to increase dramatically over the coming years. IoT devices are utilized in…

The National Institute of Standards and Technology (NIST) has issued its updated healthcare cybersecurity and HIPAA Security Rule guidance to help aid health organizations in safeguarding their Protected Health Information.  The Health Insurance Portability and Accountability Act was introduced to establish national standards for the protection of electronic protected health information that is managed by HIPAA-covered entities. A significant component of the Act is the HIPAA Security Rule, which requires covered entities to implement the appropriate physical, technical, and administrative safeguards in order to ensure the confidentiality, integrity, and availability of the protected health information they maintain. Compliance with the…

The Department of Health and Human Services’ Health Sector Cybersecurity Coordinator (HC3) has issued an alert on july 21 about an increase in the number of web application attacks on the healthcare sector. In the alert, the HC3 outlines guidelines to help healthcare organizations to protect their health data against web application attacks. Web applications have become a significant proponent of the healthcare sector in recent years. The software has been utilized for patient portals, maintaining electronic medical record systems, CAD for dentists, remote consultation, predictive analysis, and inventory management. Web applications are accessed through a web browser such as…

A major behavioral health alliance has recently announced a significant breach of data. The Carolina Behavioral Health Alliance (CBHA) operates in the city of Winston-Salem and is the administer of behavioral health benefits for Wake Forest University and Wake Forest Baptist Medical Center. The attack was discovered by the alliance on March 20, 2022. Upon detection, the organization notified law enforcement and immediately conducted a comprehensive forensic investigation and deduced that cybercriminals had gained access to the organization’s computer systems between March 19 and March 20. The malicious actors potentially viewed and recovered the personal information of approximately 130,000 health…

In April 2022, the FDA published a draft guidance concerning cybersecurity medical devices. The Agency sought to help medical device manufacturers with integrating cybersecurity practices into their products in the premarket period and to help ensure security risks were addressed for the duration of the products lifetimes. The latest update to the guidance included recommendations related to device design and labeling. The FDA also encouraged manufacturers to include threat models, a requirement for a software bill of materials designed to improve data safety and security.   The FDA had created the new draft guidance after receiving concerns on its 2018 guidance….

The Cybersecurity Infrastructure Agency, a component of the Department of Homeland Security (DHS), has issued its fifth cybersecurity alert in five years to Becton Dickinson. The medical technology company has received the alerts as a result of vulnerabilities found in their Pyxis automated medication dispensing systems. The Cybersecurity alert is the second alert the medical device manufacturers have received this year. In March, the DHS had identified a vulnerability regarding the use of hard-coded credentials which may allow unauthorized malicious actors to gain access to the file system and use the data for exploitation. The DHS has issued the latest…

Three critical flaws in the OFFIS DCMTK software have been identified by the Cybersecurity and Infrastructure Security Agency (CISA), which has released a security advisory for the healthcare and public health sectors. The program is used for processing offline media, creating and converting DICOM image files, and transmitting and receiving images through a network connection. All versions before version 3.6.7. are affected by the critical flaws. If the flaw is abused, prior to version 3.6.7, all DCMTK versions are vulnerable. If abused, a remote attacker may cause a denial-of-service issue, write corrupt DICOM files into arbitrary directories, and obtain remote…

Hillrom Medical Device Management has reported the discovery of two vulnerabilities in selected Welch Allyn medical devices. An unauthorized attacker could exploit the vulnerabilities to threaten software protection by carrying out commands, getting privileges, and viewing sensitive data while avoiding identification. These Hillrom products are affected by the vulnerabilities: Welch Allyn ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph (versions 2.3.1 and earlier) Welch Allyn ELI 380 Resting Electrocardiograph (versions 2.6.0 and earlier) Welch Allyn ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph (versions 2.2.0 and earlier) Welch Allyn ELI 250c/BUR 250c Resting Electrocardiograph (versions 2.1.2 and earlier) An anonymous researcher discovered the two vulnerabilities…

The 2022 State of Ransomware Report released by cybersecurity company Sophos showed that ransomware attacks targeting healthcare companies grew by 94% year over year. The report based its data on an international survey involving 5,600 IT experts as well as interviews with 381 healthcare IT specialists from 31 nations. The report this year discussed the immediately growing connection between ransomware and cyber insurance coverage in the healthcare industry. 66% of surveyed healthcare providers mentioned they had suffered a ransomware attack in 2021, greater than the 34% in 2020 and the number of attacks grew by 69%, which was the largest…

Social Action Community Health System (SAC Health) has lately informed 149,940 patients regarding the theft of files comprising their protected health information (PHI) during a break-in at an off-site storage area that store patient records. SAC Health uncovered the break-in on March 4, 2022. The following investigation confirmed on April 22, 2022 the theft of 6 boxes of paper files from the storage area, which contained files associated with patients helped by SAC Health in 1997 and from 2006 to 2020. A review was done to figure out which types of data were contained in the files and confirmed the…

Illinois Gastroenterology Group just reported that unauthorized people obtained access to its computer system and possibly accessed and exfiltrated sensitive patient data. The group detected the cyberattack on October 22, 2021 due to suspicious activity seen in its computer system. Third-party cybersecurity experts were employed to inspect the attack and find out the nature and extent of the attack. On November 18, 2021, Illinois Gastroenterology found out that the segments of its network that the unauthorized people accessed comprised patient details like names, addresses, birth dates, driver’s license numbers, passport numbers, Social Security numbers, financial account details, payment card data,…

The five eyes cybersecurity agencies have just released a joint security advisory concerning the threat of cyberattacks on critical infrastructure conducted by Russian nation-state threat actors and pro-Russia cybercriminal groups. Intelligence obtained by the agencies reveals the Russian government has been trying to find potential for running cyberattacks on targets located in the West to retaliate against the sanctions made on Russia and the help being offered to Ukraine. The agencies say that Russian state-sponsored hacking groups were performing Distributed Denial of Service (DDoS) attacks in Ukraine and are recognized to have employed dangerous malware in Ukraine on government and…

Oklahoma City Indian Clinic Cyberattack Reported Oklahoma City Indian Clinic (OKCIC), a 501(c)(3) nonprofit provider of healthcare services to approximately 20,000 individuals from 200 Native American tribes based in Oklahoma, just published on its web page and social media pages that it is presently encountering technological problems and network interruption that hindered access to a number of computer systems. The attack seems to have taken place on or approximately March 10, 2022 and has impacted its pharmacy’s programmed refill line and mail order services. The OKCIC IT staff and third-party experts are investigating the occurrence now and are trying to…

New Jersey Brain and Spine (NJBS) has lately reported it suffered a cyberattack on or approximately November 16, 2021, that encrypted data files on its system. NJBS mentioned it promptly took steps to safeguard its network and involved a computer forensic company to investigate the security breach. Though no proof was uncovered that reveals there was any misuse of patient files because of the attack, the forensics agency stated the attacker could have accessed files comprising patient records. A third party vendor performed an assessment of all files on its system that was likely accessed, and though the data mining…

North Shore University Hospital (NSUH) in Manhasset, NY has announced an incident involving an ex-employee gaining access to protected health information (PHI) with no authorization. 7,614 patients received notifications that a former employee accessed some of their PHI without authorization. It is uncertain when NSUH detected unauthorized access. According to NSUH, it was identified on April 11, 2019 that unauthorized access had happened from October 2009 to February 2019. At first, the employee was suspended from work as the breach investigation was ongoing. Later, he/she was terminated because of unauthorized access. The breach was reported to the authorities, which asked…

The 2022 Breach Barometer Report from Protenus indicates that 2021 was a particularly disastrous year for data breaches in the healthcare business, with more than 50 million medical records disclosed or compromised. The data for the study was provided by Databreaches.net. The report contains incidents that have not been declared by the compromised organization, data breaches involving healthcare data at non-HIPAA-regulated entities, data breaches involving healthcare data reported to regulators, and data breaches that have been publicized in the media.  Since 2016, Protenus has been publishing yearly Breach Barometer reports, and each year since 2017, more records have been compromised…

Enlarging security features can be done with a small budget by utilizing free cybersecurity solutions and services. A lot of tools and services were created by government organizations, the cybersecurity group, and the public and private segment that may be employed to strengthen defenses versus damaging cyberattacks, recognize probable attacks fast, and help companies respond to and control security breaches. Obtaining appropriate free cybersecurity tools and services may be a time-consuming task. To support critical infrastructure firms minimize cybersecurity threats, the DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has gathered a collection of services made available by CISA and other…

Philadelphia FIGHT Community Health Centers has lately reported it encountered a cyberattack last November 30, 2021. Third-party forensic experts were involved to find out the nature and extent of the breach. Based on the investigation, there was no compromise of the health center’s electronic medical record system nor other clinical systems during the attack; nevertheless, on January 13, 2022, Philadelphia FIGHT found out that the attacker got access to non-clinical systems that stored files comprising the protected health information (PHI) of approximately 15,000 patients. It wasn’t possible to know whether the attacker accessed or acquired any patient data, though no…

The Federal Bureau of Investigation (FBI) has provided indicators of compromise (IoCs) as well as facts of the tactics, techniques, and procedures (TTPs) connected with Lockbit 2.0 ransomware. The Lockbit ransomware-as-a-service (RaaS) operation has been around since September 2019. In summer 2021, there’s a new ransomware version launched, Lockbit 2.0. It possessed more superior functions, such as the capacity to automatically encrypt data across Windows domains by means of Active Directory group policies, and a Linux-based malware was likewise created that can take advantage of vulnerabilities present in VMware ESXi virtual machines. The affiliates employed by the ransomware operation utilize…