Defensorum Editor

Atlassian has developed a patch to resolve a critical zero-day vulnerability that has an effect on all supported models of Confluence Server and Data Center. The vulnerability, which is monitored as CVE-2022-26134 has the highest CVSS severity rating of 10. Unauthenticated attackers could take advantage of the vulnerability remotely to accomplish code execution. Security researchers … Read more

Social Action Community Health System (SAC Health) has lately advised 149,940 patients regarding the theft of documents that contain their protected health information (PHI) in a break-in at an off-site storage place that keep patient records. SAC Health discovered the theft on March 4, 2022. The succeeding investigation affirmed on April 22, 2022 the theft … Read more

The Federal Bureau of Investigation (FBI) has released a public service statement cautioning about the risk of Business Email Compromise/Email Account Compromise (BEC/EAC) frauds. The number of attacks documented by the FBI Internet Crime Complaint Center (IC3) and the sum of money lost because of these scams is growing every year. Losses due to BEC/EAC … Read more

The HHS’ Office of Information Security Health Sector Cybersecurity Coordination Center (HC3) has given a TLP: White alert concerning the Hive ransomware group – An especially violent cybercriminal operation that has greatly targeted the healthcare market in the United States. HC3 has shown a study of the tactics, techniques, and procedures (TTPs) recognized to be … Read more

The latest Software Advice survey of healthcare companies gives information on healthcare data breaches, their underlying causes, and the distinct security strategies at small and big healthcare organizations. The survey engaged 130 small practices with 5 or fewer licensed providers and 129 large practices having six or more providers to fully grasp the security concerns … Read more

South Denver Cardiology Associates (SDCA) has recently reported that it experienced a cyberattack in January 2022 that led to the access and possible theft of files that contain patient data by attackers. Strange network activity was noticed on January 4, 2022, and SDCA quickly started its breach response process. Systems were separated from the network … Read more

Logan Health Medical Center located in Kalispell, MT has recently commenced informing a number of patients that hackers obtained access to a file server that contained patient files in a highly sophisticated criminal attack. The medical center noticed the security breach of its information technology systems on November 22, 2021. The initial investigation confirmed that … Read more

Phishing attacks make it possible for threat actors to get credentials, but with multi-factor authentication (MFA), it is tougher for phishing attacks to become successful. With MFA activated, aside from a username and password, an additional way of authentication is needed prior to approving account access. Microsoft has earlier mentioned multi-factor authentication prevents 99.9% of … Read more

The University of Arkansas for Medical Sciences and Sacramento County recently reported email-related breaches of protected health information (PHI). HIPAA Violation by an Employee of the University of Arkansas for Medical Sciences (UAMS) The University of Arkansas for Medical Sciences (UAMS) has begun sending breach notification letters to patients to notify them about a HIPAA … Read more

Data of Millennium Eye Care Patients Stolen by Ransomware Gang A provider of ophthalmology services in Freehold, NJ, Millennium Eye Care, reported on December 22, 2021, that attackers lately obtained access to its computer system and utilized ransomware for file encryption in an effort to extort cash from the healthcare provider. The breach notification letters … Read more

An attacker acquired access to BioPlus Specialty Pharmacy Services, an IT network located in Altamonte Springs, FL. Files containing sensitive patient data were accessed by the attacker. The pharmacy discovered the attack on November 11, 2021, and took prompt action to get rid of the hacker from its system. A third-party computer forensics agency aided … Read more

On July 11, 2021, the Oregon Anesthesiology Group learned that it suffered a ransomware attack that allowed the encrypting of files on its systems and obstructed the use of its servers and patient information. Subsequent to the attack, its IT infrastructure was reconstructed and offline data backups were employed to quickly bring back the impacted … Read more

Medigate and CrowdStrike performed new research which presented the degree to which hackers are attacking healthcare Internet of Things (IoT) devices and alerts about the disturbing status of IoT security in the medical care sector. The amount of IoT devices being employed in healthcare has risen considerably in the past few years as connected health … Read more

Victory Health Partners Alerts Patients Concerning September 2021 Ransomware Attack Victory Health Partners based in Mobile, AL has informed patients concerning a ransomware attack it detected on September 23, 2021. Before the attackers encrypted the files, they exfiltrated sensitive information and has possibly released them. When Victory Health Partners discovered the attack, it shut down … Read more

The topic of the 4th week of Cybersecurity Awareness Month is “Cybersecurity First.” The emphasis is on letting businesses know about the importance of cybersecurity steps to handle vulnerabilities in products, operations, and individuals. Cybersecurity Information for Businesses One research indicates 64% of firms all over the world have encountered some kind of cyberattack and … Read more