Mark Wilson
Roundup of Recent Data Breaches and Cyber Attacks
mscripts Cloud Storage Misconfiguration Exposed PHI for 6 Years The mobile pharmacy company, mscripts, has just reported that its misconfigured cloud storage environment resulted in the exposure of client information on the internet for the last 6 years. mscripts discovered … Read more
GoAnywhere MFT Hack Impacts Up to 1 Million Community Health Systems Patients and Growing Gootloader Attacks
Community Health Systems based in Franklin, TN recently reported being affected by a security incident that happened at cybersecurity firm, Fortra. Unauthorized people acquired access to the protected health information (PHI) of around 1 million of its patients. Community Health … Read more
Cyber Attacks on VMware ESXi Servers, Sharp HealthCare, Regal Medical Group, and Southeast Colorado Hospital District
The French Computer Emergency Response Team (CERT-FR) issued a warning regarding a persistent ransomware campaign attacking VMware ESXi hypervisors without patching against the critical heap-overflow vulnerability monitored as CVE-2021-21974. VMware released a patch on February 3, 2021, to resolve the … Read more
Round-up of Cyberattacks and Data Breaches Affecting Healthcare Organizations
Multiple Vulnerabilities Discovered in OpenEMR Health Record and Practice Management Software More than 100,000 healthcare providers across the globe use the open source electronic health record and medical practice management software called OpenEMR. They use it to document and process … Read more
Ransomware Income Decrease as Victims Decline to Pay Ransoms
Ransomware groups are profiting less from their attacks as fewer victims give ransom payments to get the decryption keys and keep the stolen data from being exposed, according to two newly revealed reports from the ransomware remediation company, Coveware, and … Read more
Ethics, the Challenge of Using AI in Healthcare
Based on a survey performed by Dataiku in 2020, the main organizational challenge that delays the use of AI in healthcare settings is ethics. Even though particular concerns vary by company, the concerns could typically be classified as informed permission … Read more
Applications of AI in Healthcare
The subject of AI in healthcare frequently gets different responses. Although a number of people believe in the advantages of using AI in healthcare and the substantial rewards to patients, other people have worries concerning the ethics of AI in … Read more
Retreat Behavioral Health, Maternal & Family Health Services, and L. Knife & Son Reported Data Breaches
Maternal & Family Health Services based in Eastern Pennsylvania lately informed a number of patients regarding a ransomware attack on April 4, 2022 that resulted in the exposure of sensitive patient data. As soon as the healthcare provider detected the … Read more
Diagnostic Lab Resolves Medical Record Access Case for $16,500
The HHS’ Office for Civil Rights (OCR) made an announcement of its first HIPAA enforcement action for 2023. The OCR is reminding HIPAA-covered entities of their responsibility to provide people and their personal representatives with prompt access to their health … Read more
2023 Version of HITRUST Cybersecurity Framework Released
The information risk management, standards, and certification agency, HITRUST, made an announcement that it is going to release a new version of its well-known cybersecurity framework this January. HITRUST CSF Version 11 includes a number of enhancements to make sure … Read more
HPH Sector Cautioned About Pro-Russian Hacktivist Group’s DDoS Attacks
The healthcare and public health (HPH) industry has been cautioned regarding the likelihood of cyberattacks conducted by a pro-Russian hacktivist gang called KillNet, after a new cyberattack on a U.S. healthcare group. KillNet started its operations during the time when … Read more
Around 254,000 Medicare Beneficiaries Impacted by CMS Subcontractor Ransomware Attack
On November 14, 2022, Health Care Management Solutions (HMS) located in Fairmont, WV announced a data breach to the HHS’ Office for Civil Rights that affected approximately 500,000 people. During that time, limited information regarding the breach was revealed. Now, … Read more
New Proposed Rule by HHS to Enforce HIPAA Standard for Healthcare Attachments and Electronic Signatures
The Secretary of the Department of Health and Human Services (HHS) has a new proposed rule that will call for the use of criteria for healthcare transactions and electronic signatures utilized together with those transactions to support healthcare cases and … Read more
Automation Can Aid Network Defenders to Accomplish More Quickly and Be Ahead of Hackers
Automation reduces expenses and enhances productivity. It is vital in cybersecurity just like in manufacturing. A lot of labor-intensive security work may be automated to enable network defenders to accomplish more quicker, such as port scanning, monitoring, scanning vulnerability, and … Read more
Guide Published for Evaluating and Enhancing Connected Medical Device Security
One of the major cybersecurity issues in healthcare is the safety of medical devices. Hospitals still use a lot of connected healthcare devices and in so doing they considerably expand the attack surface. A new survey identified a connection between … Read more
Healthcare Sector Impending Risk Due to Cuba Ransomware Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint cybersecurity warning concerning the Cuba Ransomware and have provided information on the tactics, techniques, and procedures (TTPs) utilized by the ransomware group, … Read more
119 Pediatric Practices Impacted by EHR Vendor Breach
Connexin Software Inc., an electronic medical records and practice management software provider to pediatric doctor practice groups has lately reported that it encountered a cyberattack wherein an unauthorized third party acquired access to its internal computer system. Although the electronic … Read more
Forefront Dermatology Negotiates $3.75 Million Settlement to Take Care of Ransomware Lawsuit
The dermatology practice, Forefront Dermatology, based in Wisconsin has decided to settle a class action lawsuit filed on behalf of patients who had their protected health information (PHI) compromised in a ransomware attack in late May 2021. Forefront Dermatology has … Read more
Up to 1.5 Million Patients Affected by Adding a Tracking Code to the Community Health Network Website
Community Health Network in Indiana is the most recent healthcare company to announce the impermissible disclosure of protected health information (PHI) of patients to Google and Meta/Facebook as a result of adding their tracking code on its web pages. Based … Read more
Data Exposed at Alta Forest Products, Hilario Marilao, M.D, and Three Rivers Provider Network
Alta Forest Products based in Chehalis, WA has encountered a cyberattack where the protected health information (PHI) of around 2,100 Alta Forest Products Health and Welfare Plan members was compromised. The company detected the security breach on September 1, 2022, … Read more
Feds Publish Guidance on Responding and Lowering Impact of DDoS Attacks
The Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Cybersecurity and Infrastructure Security Agency (CISA) just released guidance for government and private institutions on the avoidance and mitigation of distributed Denial of Service … Read more
2021 Data Breaches Reported by U.S. Vision Subsidiary and Florida Addiction Treatment Center
USV Optical, a branch of U.S. Vision, has lately reported the exposure of patient records at a number of entities inside its network. It detected suspicious activity inside its system on May 12, 2021. Forensic investigation affirmed that unauthorized persons … Read more
CISA Wants Companies to Use Phishing-Resistant Multifactor Authentication
MFA is one of the most essential steps to take to stop unauthorized account access; on the other hand, it doesn’t give total security and certain types of MFA could be circumvented. Any type of MFA is significantly better than … Read more
Hacking Incidents and Improper Disposal Incidents Reported
Hacking Incident at Country Doctor Community Clinic, WA On October 19, 2022, Country Doctor Community Clinic based in Seattle, WA reported that attackers had acquired access to its digital system and viewed and likely acquired files comprising the protected health … Read more
CISA Director Encourage All Healthcare Providers to Use FIDO Authentication
The Director of the Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, is traveling across the country as part of the Cybersecurity Awareness Month. She’s been promoting the best practices of cybersecurity, telling everyone the steps they can dp to … Read more
EyeMed to Pay $4.5 Million Penalty for Phishing Attack and Data Breach of 2.1M-Record
The New York State Department of Financial Services (DFS) has decided to resolve an investigation of EyeMed Vision Care (EyeMed) into possible violations of the DFS Cybersecurity Regulation for $4.5 million. EyeMed based in Ohio is a licensed medical insurance … Read more
Data Breach Affects At Least 13 Anesthesia Providers
A big data breach has happened at the management firm of several anesthesia services providers. Based on a media breach notice released by Anesthesia Associates of El Paso, one of the impacted providers, the data breach happened at its unnamed … Read more
Wisconsin Department of Health Services, Detroit Health Department, and Smith, Gambrell & Russell, LLP Announce Data Breaches
Wisconsin Department of Health Services Reports Accidental Disclosure of PHI through Email The Wisconsin Department of Health Services (DHS) has just announced that there was an accidental disclosure of protected health information (PHI) via its email. Based on the breach … Read more
Cyberattack on FMC Services, Kaye-Smith and Johnson Memorial Hospital
FMC (Family Medicine Centers) Services based in Amarillo, TX recently reported a hacking incident it discovered and blocked on July 26, 2022. A third-party cybersecurity company conducted a forensic investigation to find out the nature and extent of the cyberattack. … Read more
Data Breaches at Choice Health, Tessie Cleveland Community Services Corp and Easterseals-Goodwill Northern Rocky Mountain
Humana lately reported the potential compromise of the protected health information (PHI) of 22,767 persons in a security incident at Choice Health. This business associate is Humana’s vendor of its Medicare products. On May 18, 2022, Choice Health discovered that … Read more
Healthcare Companies Targeted by Monkeypox Phishing Campaign
An alert was given to the healthcare and public health (HPH) industry regarding a Monkeypox phishing campaign directed at U.S. healthcare companies that tries to steal Office 365, Gmail, and other email account credentials. Monkeypox is a remarkably transmittable viral … Read more
What Happens In Case a HIPAA Complaint is Filed?
When a HIPAA complaint is submitted, what happens next depends on who it is filed with, the nature of the complaint, and whether the complaint is valid. After registering with a healthcare company or becoming a group health plan member, … Read more
Oakbend Medical Center Experiences Ransomware Attack
During the Labor Day weekend, Oakbend Medical Center based in Richmond, TX, encountered a ransomware attack, which began on September 1, 2022, resulting in the encryption of files in its network. The IT team of the medical center had to … Read more
Henderson & Walton Women’s Center & Genesis Health Care Inc. Report Data Breaches
Henderson & Walton Women’s Center (HWWC) based in Birmingham, AL lately advised 34,306 patients about the potential compromise of some of their protected health information (PHI) due to a hacker getting access to an employee’s email account. HWWC stated the … Read more
Health-ISAC Releases Guidance to help CISOs Implement Zero Trust Security Architectures
Health-ISAC has publicized a white paper to help guide healthcare CISOs planning to employ zero trust security architectures. The standard security approach is to set up border defenses in order to keep unauthorized persons out. Although this security strategy has … Read more
2.65 Million Victims of OneTouchPoint Ransomware Attack
The number of persons impacted by the ransomware attack on OneTouchPoint, the mailing and printing vendor based in Hartland, WI, has now grown to 2,651,396 people. One of the most recent companies to confirm being impacted by the attack is … Read more
LastPass Data Breach Results in Source Code Theft
LastPass, the company offering the most widely used password management solution worldwide, reported a cyberattack and security breach. As per LastPass, there are close to 30 million users of its password manager tool globally, which include 85,000 business clients. Notifications … Read more
HC3 Advisory About Growing Vishing Attacks and the Risks of Social Engineering
The Health Sector Cybersecurity Coordination Center has alerted the healthcare and public health (HPH) sector regarding the growing social engineering and voice phishing (vishing) attacks. In cybersecurity terminology, social engineering is the control of people by malicious actors to advance … Read more
Independent Case Management & Conifer Health Solutions Report Cyberattacks
Independent Case Management (ICM) based in Little Rock, AR, a provider offering home and community-based assistance for persons with mental and developmental handicaps, recently informed 3,307 persons about the potential theft of some of their protected health information (PHI) in … Read more
Florida Orthopaedic Institute to Pay $4 Million to Settle Class Action Data Breach Lawsuit
Florida Orthopaedic Institute has offered to pay $4 million to settle claims from patients impacted by a data breach in 2020. In April 2020, Musculoskeletal Institute, doing business as Florida Orthopaedic Institute, found that an unauthorized third party had acquired … Read more
Data Breaches at Healthback Holdings, City of Newport, and OrthoArizona
Healthback Holdings has begun sending notifications to 21,114 persons regarding the likely access and theft of some of their protected health information (PHI) by unauthorized individuals. The Oklahoma City home health provider noticed odd activity inside its email account on … Read more
55% of Healthcare Providers Encountered a Third-Party Data Breach in the Past Year
Cyberattacks on firms are growing year over year throughout all industry segments. Cyberattacks involving third parties also increased. From the perspective of a cyber threat actor, it is more practical to attack a vendor for instance a managed service provider, … Read more
Data Breaches Announced by Allegheny Health Network, St. Luke’s Health System, & Goldsboro Podiatry
St. Luke’s Health System based in Boise, ID, has just submitted a data breach report to the HHS’ Office for Civil Rights that affected 31,579 patients. The breach happened in May 2022 at Kaye-Smith, which is a billing vendor of … Read more
Data Breaches Announced by Blue Cross and Blue Shield of Massachusetts and Blue Shield of California
Blue Cross and Blue Shield of Massachusetts (BCBSofMA) has lately affirmed that a data breach at a business associate led to the compromise of the protected health information (PHI) of several of its health plan members. The breach took place … Read more
$500,000 Ransom Payment Seized by the Department of Justice
The U.S Department of Justice made an announcement that it seized approximately $500,000 in Bitcoin from North Korean threat actors that used the Maui ransomware to attack healthcare companies in the U.S.A. The Cybersecurity and Infrastructure Security Agency (CISA) and … Read more
Cyber Safety Review Board Claims Log4j Vulnerabilities Very Prevalent and Will Remain for Years
The Cyber Safety Review Board (CSRB), started by President Biden last February 2022, has released a report about the Log4j vulnerability (CVE-2021-44228) as well as linked vulnerabilities that were identified at the end of 2021. The vulnerabilities have an impact … Read more
President Biden Approves Executive Order to Keep Access to Reproductive Healthcare Services Safe
President Biden has approved an executive order that aspires to safeguard access to reproductive healthcare assistance. This happened right after the SCOTUS ruling that vetoed Roe v. Wade, which provided women the right to decide on their own reproductive healthcare … Read more
Google Tells About New Ways to Secure User Privacy on Healthcare Stuff
Google has reported that it is going to do something to enhance the privacy security for consumers of its services. Google has always favored a complete, national privacy law that covers consumer data to make certain there is reliability all … Read more
Senators Ask Mental Health App Companies Concerning Privacy and Data Sharing Practices
Senators Ron Wyden (D-OR), Cory Booker (D-NJ), and Elizabeth Warren (D-MA) wrote to two major mental health app vendors and required replies regarding their practices regarding information collection and disclosure. There were a number of allegations that the mental health … Read more
Fitzgibbon Hospital, Christiana Spine Center, and Diskriter Encounter Ransomware Attacks
On June 25, 2022, a representative of a threat group known as DAIXIN Team shared details with regards to a ransomware attack and information theft incident that occurred at Fitzgibbon Hospital located in Marshall, Missouri. Stolen data was published to … Read more