Microsoft has announced that customer email information has potentially been accessed by an unauthorised third-party following a security incident at a support agent. The hacker used compromised support agent credentials to access customer data and is thought to have been able to access the data for three months. During this period, hackers could access affected … Read more
Southern Hills Eye Care in Sioux City, Iowa, has announced that a recent ransomware attack on their facility may have compromised patient PHI. Ransomware is a variant of malware that prevents which hackers use to extort victims. The malware prevents the victim from accessing their computer, or files on their computer until a ransom is … Read more
Sextortion scams have become increasingly common in recent years, with record numbers being reported in 2018. These types of attacks are potentially very lucrative for an attacker, due to the highly embarrassing or compromising nature of the material. In many cases, the hacker holds no sensitive information on the individual in question; however, simply the … Read more
Michigan-based Brookside ENT and Hearing Center has announced its closure following a ransomware attack on their facility resulted in all of their patient files being permanently destroyed. The practice-run by just two doctors-lost access to patient records, appointment schedules, payment information, and other sensitive after a hacker gained access to their network and infected it … Read more
The assisted living facility provider DePaul has announced that a successful phishing attack on its networks has compromised patient data. DePaul, which operates facilities in New York, North Carolina, and South Carolina, discovered the breach on February 1, 2019. IT security staff immediately took steps to secure the compromised account and block the unauthorised individual’s … Read more
A recent survey conducted by OpenVPN highlights the potential cybersecurity risks posed by remote workers. OpenVPN is a virtual private network solution provider that allows businesses to extend their VPNs securely. They surveyed 250 IT leaders, “from the manager level through the C-suite”, to ascertain whether allowing employees to work remotely posed a risk to … Read more
Washington D.C. Attorney General Karl. A. Racine has proposed stricter data breach notification laws. He anticipates that the new laws would provide greater protection to DC residents should their data be compromised in a data breach incident. AG Racine introduced the Security Breach Protection Amendment Act on March 21, 2019. This Act updates the definition … Read more
The healthcare and fitness tech industry is booming, with millions of users across the US using these devices and apps to track everything from their weight, sleeping habits, heart rate, and food consumption. Some of this information is similar to that collected by healthcare organisations when monitoring their patients. However, there is a vast difference … Read more
The CEO of Microsoft has called for the implementation of GDPR-legislation worldwide to enhance global attitudes to data privacy rights. Microsoft CEO Satya Nadella made the statement during a live interview at the World Economic Forum in Davos Switzerland. He called for world leaders to treat data privacy as a human right, and legislation should … Read more
A phishing attack at Main Line Endoscopy Centers has compromised the sensitive data of over 14,000 patients. Main Line Endoscopy Centers, a network of outpatient endoscopy facilities in the Malvern, Bala Cynwyd, and Media regions of Pennsylvania discovered the attack on January 30, 2019. Investigators were unable to determine when the attacker first gained access … Read more
Protecting against zero-day malware and advanced phishing attacks can be a major challenge for SMBs and managed service providers (MSPs). To better protect against these advanced threats, TitanHQ, the leading provider of email security solutions to the SMB market, has added two new features to its award-winning spam filtering solution: SpamTitan. These features were introduced … Read more
The Internal Revenue Service has launched a tax-related phishing awareness campaign. The campaign is designed to inform taxpayers fo the twelve most common tax scams, known as the ‘Dirty Dozen”. Each tax season, the IRS raises awareness of the most common phishing campaigns in an attempt to protect taxpayers, businesses, and tax professionals. Cybercriminals are particularly … Read more
Rutland Regional Medical has revealed that a hacker compromised nine employee email accounts following a cyber attack on their systems. Rutland Regional Medical, based in Rutland City, is the biggest community hospital in Vermont. A staff member discovered the attack on December 21, 2018, after noticing that their email account had been hijacked to send … Read more
Rush University Medical Center has announced that a data breach incident at a financial services vendor has compromised the PHI of 45,000 of their patients. The financial services vendor informed Rush of the incident on January 22, 2019. A member of staff at the vendor was caught sharing a file containing patient PHI with an … Read more
The Bon Secours St. Francis Health System has announced that unauthorised individual gained access to some of their patients’ protected health information (PHI). The hacker compromised the systems of Milestone Family Medicine, a medical facility based in Greenville, SC. Milestone Family Medicine was affiliated with St. Francis Physicians Services (SFPS) until February 24, 2019. SFPS … Read more
Bundeskartellamt has released a ruling outlining its decision on how Facebook operates in Germany. Bundeskartellamt, Germany’s national competition regulator, had been investigating Facebook’s business practices for three years. The organisation has revealed that it has ruled how Facebook obtains, links, authors, and handles user data gives it an ‘unfair advantage’. Bundeskartellamt stated that Facebook could … Read more
Ransomware attacks against healthcare organisations are becoming increasingly common. However, many individuals are still uncertain as to what constitutes a ransomware attack, and the potential consequences it has on an organisation. This article provides some background on ransomware attacks, outline how these attacks occur, and offer some guidance on how employees can mitigate the risk … Read more
Cottage Health has agreed to pay a $3,000,000 settlement to the Department of Health and Human Services’ Office for Civil Rights (OCR) for two data breaches resulting from HIPAA violations. Cottage Health is a non-profit health provider based in Santa Barbara, California. The organisation operates four hospitals-Santa Barbara Cottage Hospital, Santa Ynez Cottage Hospital, Goleta … Read more
Security researchers have discovered a new Trojan horse malware campaign used by hackers to launch attacks on Linux servers. Trojan horses are malware variants that are disguised as benign or useful pieces of software. They are installed under false pretences, as the user if often tricked into believing that they serve a legitimate purpose. Once … Read more
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a medical advisory about vulnerabilities found in the BD FACSLyric flow cytometry solution. ICS-CERT is a governmental organisation that works to reduce the risk of cybercrime to US businesses. The medical advisory stated the flaw in the device, manufactured by Becton, Dickinson, and Company … Read more
The Health Information Trust Alliance (HITRUST) has incorporated the European Union’s General Data Protection Regulation (GDPR) into the HITRUST Cybersecurity Framework (HITRUST CSF). HITRUST is a US-based organisation which, in collaboration with the healthcare, technology and information security sectors, has established a Common Security Framework (CSF). The CSF offers guidance to organisations across all industries … Read more
A senior official at Mozilla has predicted that 2019 will see much stricter enforcement of GDPR across Europe. The Senior Policy Manager and European Union Principal for Mozilla, Raegan MacDonald, has said that she believes that 2019 will see enhanced resources dedicated to the enforcement of the European Union’s General Data Protection Regulation (GDPR). Mozilla is a computer … Read more
Following the leaking of the master key for the FilesLocker ransomware on Pastebin, a decryptor has been made available to allow a victim’s files to be recovered for free. The master key is the key used by those behind a ransomware campaign to decrypt files that have been encrypted by the ransomware. FilesLocker is a … Read more
The U.S. Department of Health and Human Services has issued a four-volume publication on voluntary cybersecurity best practices for healthcare organisations. The publication includes guidelines for managing cyber threats and protecting patients. It is hoped that the guidelines will help all organisations that handle the protected health information (PHI) and other sensitive information of patients … Read more
An investigation has been launched into a recent cyberattack that disrupted the printing of several major newspapers. The cyberattack on Tribune Publishing, attributed to a malware infection, caused disruption to several newspaper print runs including those of the Los Angeles Times, San Diego Tribune, and the west coast editions of the New York Times and … Read more
A new global phishing scam has been identified in which hackers target customers of Netflix, the world’s largest streaming organisation. The U.S. Federal Trade Commission, an independent agency of the United States government, issued a warning about the Netflix scam late in December 2018. The phishing scam attempts to fool Netflix subscribers into handing over … Read more
The Center for Vitreo-Retinal Diseases in Libertyville, IL, has announced that it was recently the victim of a ransomware attack. The attack was first noticed on September 18, 2018, and resulted in the encryption of data on the organisation’s servers. The investigation into the breach suggests the attacker may have gained access to the protected … Read more
The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a medical advisory about a vulnerability that has been identified in the Philips HealthSuite Health Android App which would only take a “low level” of skill to exploit. The Philips HealthSuite Health Android App is used by individuals to help … Read more
On Wednesday, December 5, 2018, Adobe issued an update to correct a vulnerability in Adobe Flash Player. The vulnerability had been identified in late November by Gigamon, held network visibility and traffic monitoring technology vendor. Qihoo 360, a Chinese internet security company, recently discovered an advanced persistent threat campaign that was exploiting the vulnerability in … Read more
Cancer Centers of America’s Western Regional Medical Center in Bullhead City, Arizona, has recently fallen victim to a phishing attack which has exposed the protected health information (PHI) of over 41,000 individuals. The attack occurred due to one of its employees responding to a phishing email. The email was designed to appear as if it … Read more
The Centro Hospitalar Barreiro Montijo, near Lisbon, Portugal, has become the first hospital to be issued a penalty for violating the EU’s new General Data Protection Regulation (GDPR). The Comissão Nacional de Protecção de Dados (CNPD), the body which oversees issues relating to data protection, prosecuted the Barreiro Montijo hospital for failing to ensure that … Read more
On October 26, 2017, President Donald Trump declared the opioid crisis a national public health emergency. According to the National Institute on Drug Abuse, over 100 people die every day in the United States from overdosing on opioids. Hundreds more suffer due addiction to opioids, which include drugs such as pain relievers, heroin, and fentanyl … Read more
The Jones Eye Clinic and its affiliated surgery, CJ Elmwood Partners, based in Sioux City, Iowa, has announced that up to 40,000 patients may have had their data compromised following a ransomware attack on their systems. The ransomeware attack was discovered on August 23, 2018. Ransomware is software which denies the user access to their … Read more
The Radisson Hotel Group may be fined for non-compliance with the General Data Protection Regulation (GDPR) following a data breach earlier this year. The Radisson Hotel Group is a chain with over 1,400 hotels in over 70 countries and incorporates hotel brand such as the Park Plaza, Country Inn & Suites, Park Inn, and Radisson … Read more
Beazley’s, a specialist insurance group, has released their quarterly Breach Insight Report for Q3 2018. The report concerned the attacks managed by Beazley Breach Response Services, which deals with the aftermath of an attack, including the investigation and the breach response. One of the most prevalent findings of the report is the huge rise in … Read more
Catawba Valley Medical Center (CVMC), a medical center serving the greater Catawba County area based in Hickory, North Carolina, has recently announced that an unauthorised individual gained access to their systems following a successful phishing attack. It is estimated that up to 20,000 people may have been affected by the breach. The discovery was made … Read more
Anthem, Inc., a health insurance company and the largest for-profit managed health care company in the Blue Cross and Blue Shield Association, has been levied the largest ever fine for a HIPAA violation for the February 2015 attack on their servers which saw over 78.8 million records stolen. The Anthem data breach settlement of $16 … Read more
The Employees Retirement System of Texas (ERS) has discovered a flaw in its ERS OnLine portal which allowed some users to view other members’ details upon logging into the portal. Up to 1.25 million records may have been exposed as a result of the error. ERS, a public pension fund with over $21 billion in … Read more
FirstCare Health Plans, a Texan health insurance organisation, has revealed that more than 8,000 of its members may have had some of their personal data breached due to an email error made by one of its staff. The organisation is in the process of notifying 8,056 plan members plan members that may have had some … Read more
Children’s Hospital of Philadelphia (CHOP) has announced that the email accounts of two employees have been compromised following cyberattacks on two August 23 and August 29, 2018. On August 24, CHOP, a paediatric healthcare facility and primary care provider, discovered an unauthorized individual had gained access to the email account of one of the physicians … Read more
The General Data Protection Regulations (GDPR) came into effect in the European Union in May 2018. The regulations served to replace the existing regulations covering data protection, which were woefully out-of-date with modern technology and inadequate to deal with major cybersecurity risks. The creators of GDPR hoped that the regulations would reduce the risk of … Read more
A hospital in New York has fired several employees following a security breach. Claxton-Hepburn Medical Center, a not-for-profit 115-bed community hospital in Ogdensburg, NY, announced that several employees accessed patient protected health information (PHI) without proper authorisation to do so. This violates the Health Insurance Portability and Account Act (HIPAA). Officials at the hospital discovered … Read more
SecureWorks has discovered Cobalt Dickens, an Iranian threat group, has launched a URL spoofing campaign targeting universities in more than a dozen countries. On their website, SecureWorks stated that security researchers working in their Counter Threat Unit discovered the phishing campaign. Threat actors spoofed a university login page to steal the login credentials of university … Read more
Reliable Respiratory, a respiratory care provider, has announced that it has fallen victim to a phishing attack. Reliable Respiratory, based in Norwood, MA, stated that IT staff discovered the breach when they detected suspicious activity on an employee’s email account on July 3. The organisation immediately launched an investigation, which revealed that a hacker had … Read more
Kroll, a data security company, has released the results of a survey which shows that the number of data breaches reported to the UK’s Information Commissioner has increased by 75% since the introduction of the General Data Protection Regulation (GDPR). GDPR became EU law in May 2018. Its introduction revolutionised the data security landscape in … Read more
Proofpoint, the Californian cybersecurity company, has launched a new Closed-Loop Email Analysis and Response (CLEAR) solution. Proofpoint’s website states that the solution reduces “threat triage time from days to minutes without requiring additional work from human analysts”. Proofpoint CLEAR utilises a complete closed-loop approach to automatically analyse suspicious emails reported by end users to security … Read more
A security researcher released proof-of-concept code that would allow for a user to exploit a flaw in the Windows Task Scheduler. The flaw was discovered by Github user SandboxEscaper, who was also responsible for publishing the proof-of-concept (PoC) code. The flaw, a local privilege escalation vulnerability, was found in the Advanced Local Procedure Call (ALPC) … Read more
Augusta University Health has announced that a successful phishing attack has resulted in a hacker gaining access to over 417,000 sensitive files. The University of Augusta announced a substituted substitute breach notice posted on its website. The announcement states that the breach was discovered on 31 July. IT security staff changed the password to the … Read more
Proofpoint has announced the discovery of a new malware strain called Marap. Security researchers at Proofpoint stated that Marap malware is currently being used for gathering information about victims. The threat actor’s aim appears to be the creation of a network of infected users which they can target in future attacks. The malware operates by … Read more
Legacy Health has announced that the PHI of 38,000 patients was stolen during a phishing attack on their facility. Legacy Health is a non-profit hospital system based in Portland, Oregon. The organisation consists of six hospitals and employs upwards of 10,000 staff. IT security staff at Legacy Health discovered the breach on June 21. The … Read more