Mark Wilson
How Sniper Dz Enables Over 140,000 Credential Theft Scams
In the past year, the phishing-as-a-service (PhaaS) platform known as Sniper Dz has facilitated over 140,000 cyberattacks. The free platform offers tools to help cybercriminals target user credentials, making phishing campaigns easier to launch even for those with limited skills. … Read more
Sparkling Pisces Unleashes New Malware: KLogEXE and FPSpy
Sparkling Pisces is a North Korean threat actor group recognized for its cyberespionage operations and spear-phishing campaigns. Unit 42 researchers recently identified two new malware variants linked to this group, named KLogEXE and FPSpy. These additions to the group’s toolkit … Read more
U.S. Indicts Three Iranians in Trump Campaign Hack
The U.S. Department of Justice recently announced charges against three Iranian operatives accused of hacking into former President Donald Trump’s campaign and leaking confidential documents. The indictment details the hacking operations linked to Iran’s Islamic Revolutionary Guard Corps (IRGC) and … Read more
CrowdStrike’s Apology and the Fallout from the Global IT Outage
The prominent cybersecurity company “CrowdStrike”, recently issued a public apology after a widespread IT outage caused by its Falcon Sensor software update brought many systems to a standstill. Affecting an estimated 8.5 million Windows PCs globally, the incident on July … Read more
PondRAT Backdoor Hidden in Python Packages Hits Developers
Researchers at Unit 42 have uncovered a new campaign that involves the delivery of Linux and macOS backdoors through poisoned Python packages. These packages are uploaded to the popular PyPI repository, and have been linked to a North Korean-affiliated group … Read more
Europol Leads International Effort to Shut Down Phone Unlocking Phishing Scheme
An international criminal network responsible for a large-scale phishing scheme targeting mobile phone credentials has been dismantled in a coordinated operation led by Europol and law enforcement agencies across six countries. The operation, codenamed “Operation Kaerb,” successfully shut down the … Read more
Disney Phasing Out Slack After Massive Data Breach
In July 2024, The Walt Disney Company faced a cybersecurity breach when over 1TB of sensitive data was stolen from its internal Slack channels. The breach was carried out by the group ‘NullBulge,’ exposing confidential company information, including project details, … Read more
High Court Battle Looms for Capita Over Major Data Breach in 2023
Nearly 8,000 individuals are set to join a High Court case against the outsourcing firm ‘Capita’ , following a cyberattack that occurred in March 2023. Barings Law, the Manchester-based legal firm representing the claimants, has criticized Capita’s handling of the … Read more
The Resurgence of TeamTNT
Recent investigations suggest that the well-known threat group “TeamTNT”, may be back in operation. The group that is infamous for targeting cloud environments like Docker, Kubernetes, and Redis, has left traces in new attacks observed from 2023 through 2024, raising … Read more
AI Industry Leaders to Combat Image-Based Sexual Abuse
The U.S. government has received a set of voluntary commitments from AI industry leaders aimed at addressing the issue of image-based sexual abuse, including non-consensual intimate images (NCII) and child sexual abuse material (CSAM). Big players such as Adobe, Anthropic, … Read more
New Phishing Attack Targeting Major Sectors
A new type of phishing attack is deceiving users into giving up sensitive login credentials. Researchers from Palo Alto Networks’ Unit 42 have found these phishing campaigns that use refresh entries in HTTP response headers to automatically redirect users to … Read more
Russian GRU Unit 29155 Targeting Infrastructure Worldwide
In a recent advisory issued on September 5th, 2024, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) discuss the cyber activities of Russia’s GRU Unit 29155. This military intelligence … Read more
Why RansomHub is a Growing Threat Across Sectors
Since its emergence in early 2024, RansomHub has quickly expanded its operations and now affects over 210 victims across various sectors. This ransomware-as-a-service (RaaS) variant has become a player in the world of cybercrime, targeting infrastructure and large industries with … Read more
The Rise of In-Memory Threat ‘PEAKLIGHT’
Recent cybersecurity research has uncovered an attack chain utilizing a memory-only malware downloader, known as PEAKLIGHT. This PowerShell-based downloader uses a multi-stage infection process, with a range of obfuscation techniques to evade detection and deliver infostealers such as CRYPTBOT, SHADOWLADDER, … Read more
The Full Breakdown of Delta’s IT Woes
Delta Air Lines is contending with the aftermath of an IT outage that disrupted its operations for several days in July, resulting in thousands of canceled flights and financial losses. The outage, which was caused by a faulty software update … Read more
The Cyber Espionage Campaign Threatening Japan
A newly discovered cyber espionage operation, referred to as “Cuckoo Spear,” has brought to light the ongoing activities of a state-backed Chinese hacking group that has been quietly infiltrating Japanese organizations. This covert campaign is alarming due to its use … Read more
How to Identify Phishing Emails
Investigations of cyberattacks and data breaches often reveal the initial access vector to be a phishing email. Phishing provides threat actors with a foothold from where they can achieve an organziation-wide compromise, so teaching employees how to identify phishing emails … Read more
Social Media and HIPAA Compliance
The challenge with social media and HIPAA compliance is that covered entities and business associates cannot disclose Protected Health Information unless the disclosure is permitted by the Privacy Rule. This restriction should apply to members of the workforce. Yet it … Read more
Med-Data Settles Data Breach Legal Case Through $7 Million Agreement
Med-Data Inc., a revenue cycle management services provider based in Spring, TX, has reached a $7 million settlement to address all claims arising from a data breach spanning from 2018 to 2019, affecting around 136,000 individuals. Between December 2018 and … Read more
Green Ridge Behavioral Health Faces OCR HIPAA Action After Ransomware Attack
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has announced the settlement of a ransomware investigation involving Green Ridge Behavioral Health, LLC, a Maryland-based psychiatric practice, highlighting the growing cybersecurity threats facing the healthcare … Read more
BlackCat Ransomware Group Behind Change Healthcare Cyberattack
Change Healthcare, a leading provider of healthcare billing and data systems, finds itself grappling with a severe cybersecurity crisis following the detection of a malicious cyberattack on February 21, 2024. This attack, attributed to the BlackCat ransomware group, has put … Read more
Integris Health Reports 2.39 Million People Impacted by Cyberattack
Integris Health has finished the analysis of the files that were viewed/stolen as a result of a cyberattack in November 2023. It has submitted the breach report to the Department of Health and Human Services (HHS) Office for Civil Rights … Read more
$4.75 Million HIPAA Penalty on Montefiore Medical Center Due to Malicious Insider Incident
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reported the first financial penalty issued in 2024 to settle alleged HIPAA violations. Montefiore Medical Center has consented to pay a $4.75 million penalty to settle the … Read more
Patch for Fortra GoAnywhere Critical Vulnerability and Unauthorized Remote Access Using the ScreenConnect Tool
Fortra has announced a critical vulnerability identified in its GoAnywhere Managed File Transfer (MFT) solution and also issued a patch. Vulnerability CVE-2024-0204 is an authentication bypass bug caused by a path traversal weakness. An unauthenticated user can exploit the vulnerability … Read more
Data Breach Reports by Columbus Regional Healthcare System, Senior PsychCare, and Aria Care Partners
133K Record Data Breach at Columbus Regional Healthcare System Columbus Regional Healthcare System located in Whiteville, NC, has informed the Maine Attorney General about a patient data theft due to a cybersecurity incident. Unauthorized people got access to its system … Read more
Data Breach Reports by Electrostim Medical Services, Meridian Behavioral Healthcare and Network 180
543,000 Electrostim Medical Services Patients Affected by Data Breach The medical device firm Electrostim Medical Services, Inc. in Florida, which is also called EMSI, has reported that it encountered a cyberattack in May 2023 which involved access to sections of … Read more
Cyberattack and Data Breaches at Anna Jaques Hospital, NYC Health + Hospitals, and Corewell Health Business Associate
Anna Jaques Hospital Cyberattack on Christmas Day Anna Jaques Hospital located in Newburyport, MA, encountered a cyberattack on Christmas Day that caused an interruption to its health record system. It was decided to redirect ambulances to other nearby hospitals until … Read more
New York Presbyterian Hospital Pays $300K Fine for Using Website Pixel
New York Presbyterian Hospital has decided to resolve alleged Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule violations by paying the New York Attorney General a $300,000 financial penalty. NYP manages 10 hospitals around New York City and has … Read more
Urgent Action Needed on Citrix Bleed Vulnerability as Ransomware Attacks Increase
Ransomware groups are exploiting a critical vulnerability identified in NetScaler ADS (earlier known as Citrix ADC) and NetScaler Gateway (Citrix Gateway) devices, referred to as Citrix Bleed. On October 10, 2023, Citrix released a security alert concerning the vulnerability and … Read more
Data Breaches Reported by State of Maine, Affinity Legacy, The Charles Lea Center and Detroit Chassis
State of Maine Data Breach Impacts 450,000 Records The State of Maine has reported the theft of the protected health information (PHI) of 453,894 persons in the latest mass exploitation of a zero-day vulnerability in the MOVEit Transfer solution by … Read more
Advisories on Critical ownCloud Vulnerabilities, Critical FortiSIEM Vulnerability and Emotet Malware Threat
HC3 Alerts HPH Sector Regarding Critical FortiSIEM Vulnerability and Ongoing Emotet Malware Threat The Health Sector Cybersecurity Coordination Center (HC3) has alerted healthcare companies that utilize Fortinet’s FortiSIEM platform to fix a critical vulnerability that is probably exploited by malicious … Read more
Guidance on Managing Legacy Medical Devices and Advisory Against Rhysida Ransomware Attacks
FDA Releases Guidance on Managing Legacy Medical Device Cybersecurity Risks The U.S. Food and Drug Administration (FDA) has released a report that recommends how to handle the cybersecurity problems of legacy medical gadgets. Legacy medical gadgets are considered devices that … Read more
Data Breaches at Medical Eye Services, PeakMed, Prospect Medical Services, and 4 More Healthcare Providers
Medical Eye Services Says PHI of 370,000 Patients Stolen in MOVEit Transfer Hack Medical Eye Services, Inc. based in California recently reported the theft of the protected health information (PHI) of 346,828 persons. The PHI was stolen from the MOVEIt … Read more
HIPAA Cases Against Doctors’ Management Services and Wright & Filippis Resolved
Doctors’ Management Services Resolves OCR HIPAA Case for $100,000 The HHS’ Office for Civil (OCR) has consented to resolve an investigation of a ransomware attack and data breach that revealed several potential HIPAA Security Rule violations of Doctors’ Management Services … Read more
Cyberattacks on Westchester Medical Center Health Network, Fellowship Village, Meadville Medical Center, and BHI Energy Health Plan
Westchester Medical Center Health Network (WMCHealth) has encountered a cyberattack that impacted its IT systems. The health network discovered the attack last week. On October 20, 2023, at 10 p.m., all connected systems were shut down. The downtime was estimated … Read more
Data Breaches Reported by Fairfax Oral and Maxillofacial Surgery, Henwood Family Dentistry, Piedmont Healthcare and Surround Care
Fairfax Oral and Maxillofacial Surgery Ransomware Attack Impacts 236,000 Individuals Fairfax Oral and Maxillofacial Surgery based in Virginia has reported the potential compromise of the protected health information (PHI) of around 235,931 persons in a ransomware attack last May 2023. … Read more
Warning Against LokiBot Malware and Increasing Remote Access Software Threats
HHS Publishes Alert Against LokiBot Malware The Health Sector Cybersecurity Coordination Center (hC3) has publicized an Analyst Note regarding LokiBot – one of the most common and persistent malware variants. LokiBot, also known as Loki PWS, has been employed in … Read more
Community First Medical Center Data Breach, AlphV and CommonSpirit Health Ransomware Attack
Community First Medical Center based in Chicago, IL started telling 216,047 patients about a cyberattack that allowed an unauthorized entity to obtain access to its computer system on July 12, 2023. According to the September 26, 2023 breach notification, the … Read more
Advisory on Snatch Ransomware and the Lazarus Group
Feds Release Snatch Ransomware Alert After an Attack on Hospital The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint security alert regarding Snatch ransomware. The Snatch ransomware group carried out … Read more
Health Care Service Corporation and Schneck Medical Center Face Lawsuit
HIPAA Lawsuit Against Schneck Medical Center Resolved Schneck Medical Center based in Seymour, IN has resolved a lawsuit with Attorney General Todd Rokita of Indiana, regarding a ransomware attack and data breach in 2021 that impacted 89,707 Indiana locals. Schneck … Read more
Cyberattacks and Data Breaches Reported by Texas Medical Liability Trust, Bloom Health Centers and Other Healthcare Organizations
60,000 People Impacted by Texas Medical Liability Trust Data Breach The Texas Medical Liability Trust (TMLT) submitted a data breach report to the Maine Attorney General representing itself and its affiliate companies, Physicians Insurance Company, Texas Medical Insurance Company, and … Read more
Finding the Common Causes of Hacking/IT Incidents
The common source of healthcare data breach data is HHS Office for Civil Rights Breach Report. Although it is an important source of data to know the developments in data breaches, the Breach Report has limited scope since it merely … Read more
Sentinel Event Alert and State of External Exposure Management
Joint Commission Issues Guidance on Ensuring Patient Safety After a Cyberattack The Joint Commission has published a Sentinel Event Alert offering guidance on keeping patient safety after a cyberattack. There has been an increase in sophisticated healthcare cyberattacks. The question … Read more
Vulnerabilities Found in 1,900 Citrix NetScaler Devices and Limited Use of Generative AI by Malicious Actors
Malicious Actors Still Limit the Use of Generative AI It is feared that malicious actors will take advantage of generative AI to support their malicious pursuits; nevertheless, the use of generative AI by malicious actors seems to be minimal, definitely … Read more
Data Breaches Reported by Cummins Behavior Health, Redwood Coast Regional Center and Other Healthcare Entities
Data of 4 Million Coloradans Exposed in MOVEit Transfer Attack The Colorado Department of Health Care Policy and Financing (HCPF), which supervises the Medicaid program of the state and the Child Health Plan Plus (CHP+) program, has just reported the … Read more
Top Industries Targeted by Cyber Threat Actors and 2022’s Most Often Exploited Vulnerabilities
Top Targets for Cyber Threat Actors According to Blackberry’s most recent Global Threat Intelligence Report, the two most attacked sectors are healthcare and financial services. The information for the report was gathered between March and May 2023 from its cybersecurity … Read more
VUMC and Norton Healthcare Face Class Action Lawsuit
Class Action Lawsuit Filed Against Norton Healthcare Over BlackCat Cyberattack Norton Healthcare based in Kentucky operates over 140 clinics and hospitals all across Kentucky and Southern Indiana. It is confronted with a class action lawsuit in association with a cyberattack … Read more
Approved Information Blocking Penalties and the Mission of OSHA
Approved Final Rule for Information Blocking Penalties of Up to $1 Million for Health IT Companies HHS-OIG already approved the civil monetary penalties for health IT companies that are found engaging in information blocking. Penalties of as much as $1 … Read more
Delaware’s Comprehensive Data Privacy Law and HSCC’s Coordinated Healthcare Incident Response Plan Template
Comprehensive Data Privacy Law Passed by the Delaware Legislature The Delaware legislature passed a comprehensive new data privacy law. Delaware Governor John Charles Carney Jr is likely to sign the Personal Data Privacy Act making Delaware the 12th U.S. state … Read more
Cyberattacks at Precision Imaging Centers, Atrium Health Wake Forest Baptist, Marshall & Melhorn, and Murfreesboro Medical Clinic & SurgiCenter
Precision Imaging Centers located in Jacksonville, FL recently informed 31,010 patients with regards to a security breach that took place on or about November 2, 2022. Unauthorized persons acquired access to its system and extracted files that contain sensitive patient … Read more
