Cyber Security Threats

The medical insurance company True Health New Mexico located in Albuquerque, NM began alerting selected health plan members concerning the breach and likely theft of their protected health information (PHI). The data breach incident was … Read more

Biomedical firms and their partners are being targeted by an Advanced Persistent Threat (APT) actor in a campaign that delivers Tardigrade malware. Initial analyses of Tardigrade malware suggest it is a sophisticated threat from the … Read more

A new Android banking Trojan named SharkBot has been identified that has capabilities that go beyond most mobile banking Trojans. This new Android malware stands out due to its use of an Automatic Transfer System … Read more

JEV Plastic Surgery & Medical Aesthetics based in Owing Mills, MD has began sending notifications to 1,620 patients concerning the exposure of some of their protected health information (PHI) because of a security breach. Malware … Read more

Tech Etch located in Plymouth, MA makes precision-engineered thin metal pieces, versatile printed circuits, and EMI/RFI shielding. It has reported a ransomware attack that resulted in the potential compromise of the personal data and protected … Read more

In November 2018 the Rockingham school district in North Carolina suffered an Emotet malware infection that cost a massive $314,000 to resolve. The malware was delivered using spam emails, which were sent to multiple users’ inboxes. … Read more

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) just published the latest edition of the NIST Cybersecurity Practice Guide SP 1800-13, Mobile Application Single Sign-On: Improving Authentication … Read more

Following the ransomware attacks on critical infrastructure in the United States, several ransomware-as-a-service operations went quiet. The attacks attracted a lot of heat for ransomware gangs and several groups responded by either implementing new restrictions … Read more

Florida Heart Associates based in Fort Myers, FL encountered a ransomware attack on May 19, 2021 and has brought about significant and ongoing interruption to its services. Medical practice is just running at about 50% … Read more

UofL Health has begun informing 42,465 patients regarding the sending of some of their protected health information (PHI) to the wrong external email address. The healthcare system in Louisville, KY sent breach notification letters to … Read more

A flaw in the mobile Safari browser has been targeted by cybercriminals and used to extort money from people who have previously used their mobile device to access pornography or other illegal content. The Safari … Read more

After the DarkSide ransomware attack on Colonial Pipeline, a number of ransomware gangs have stopped activity or have executed guidelines that their affiliates are required to follow, which include stopping all attacks on critical infrastructure … Read more

University of Florida Health Shands has learned that an ex-employee has viewed the health files of 1,562 patients without valid permission. The HIPAA violations were uncovered on April 7, 2021. The provider promptly ended the … Read more

When it comes to password sharing, Password Safe, Bitwarden and KeePass are all good options that allow you to complete this function with little hassle. In order to ascertain which solution provides the best functionality, … Read more

Three zero-day vulnerabilities were found in SonicWall Email Security solutions are being actively exploited in the wild by one or more threat actors. The vulnerabilities may be chained to obtain admin access to enterprise systems … Read more

The latest Coveware Quarterly Ransomware Report states that the growth in ransomware attacks in 2020 has persisted in 2021 as most threat actors target the healthcare industry. 11.6% of all attacks in quarter 1 of … Read more

When we conducted a comparison of the password management solutions offered by Bitwarden and KeePass, we discovered both are quite solid options for personal and business use. When you are trying to decide which service … Read more

The American College of Emergency Physicians (ACEP) has commenced notifying some of its members regarding the unauthorized access of their personal data that was located on a server. Besides offering professional company services to its … Read more

Bitwarden and 1Password are two of the strongest and most secure password managers currently available. Deciding which one to add to your group’s cybersecurity suite may seems like a daunting task. To help you make … Read more

Mobile Anesthesiologists fairly recently found out about the exposure of a limited amount of patients’ protected health information (PHI) because of a technical misconfiguration. The problem seemed to have occurred prior to December 14, 2020, … Read more

The disruption to learning from a pandemic that has lasted more than a year is bad enough, but many schools have experienced even more disruption just as many have opened their gates and allowed students … Read more

University of Pittsburgh Medical Center (UPMC) and the law agency Charles Hilton and Associates are dealing with a class-action lawsuit because of a breach of the protected health information (PHI) of 36,000 UPMC patients. Charles … Read more

New London Hospital based in central New Hampshire has identified an unauthorized person who accessed a file on its system in July 2020 and may have gotten the protected health information (PHI) of 34,878 patients. … Read more

Governor Ralph Northam has approved the Virginia Consumer Data Protection Act (CDPA). CDPA necessitates individuals running a business in the Commonwealth of Virginia to abide by new data privacy and security conditions. The CDPA will … Read more

There has been an increase in the use of a JavaScript-based infection framework known as Gootloader for delivering malware payloads. Gootloader, as the name suggests, has been used to deliver the Gootkit banking Trojan, but … Read more

Pennsylvania Adult & Teen Challenge located in Rehrersburg, PA announced that an unauthorized individual obtained access to worker email accounts that included the PHI of 7,771 people. This provider operates addiction treatment programs for adults … Read more

The protected health information (PHI) of 29,982 patients of Harvard Eye Associates located in Laguna Hills, CA was potentially stolen due to a cyberattack on its cloud storage provider. The medical and surgical eye care … Read more

Compromised email accounts take place many times around the world every day of the week and it is estimated that 2.5 billion accounts were hacked during 2019 which equates to 6.85 million accounts being hacked … Read more

The Department of Health and Human Services’ Office for Civil Rights (OCR) is moving forward with its campaign to stop noncompliance with the HIPAA Right of Access. OCR reported its fifteenth settlement this week that … Read more

The contract of Philly Fighting COVID to dispense COVID-19 vaccines in Philadelphia city with the Philadelphia Department of Public Health was terminated because of allegations that the company’s privacy policies possibly made possible the sale … Read more

Health insurance company Excellus Health Plan agreed to pay the Department of Health and Human Services’ Office for Civil Rights $5.1 million as a penalty to settle its HIPAA violation case associated with the 2015 … Read more

Roper St. Francis Healthcare has informed 189,761 patients regarding an unauthorized individual who accessed some of their protected health information (PHI) saved in employee email accounts. The provider detected the email security breach in late … Read more

The U.S. National Security Agency (NSA) has released a cybersecurity advisory alert informing the public that Russian state-sponsored hackers are focusing on a flaw in VMWare virtual workspaces used to support remote working. The flaw, … Read more

The Advanced Persistent Threat (APT) group APT32 – aka OceanLotus – is conducting a malware campaign targeting Apple MacOS users. APT32 is a nation-state hacking group that primarily targets foreign companies operating in Vietnam. The … Read more

A recent phishing campaign has been discovered that deceived the US Internal Revenue Service (IRS) and tells recipients that their are facing immediate legal action to take back a huge tax repayment. These emails are … Read more

It is fair to say that more people are now working from home than ever before and the number is growing rapidly due to the coronavirus pandemic. Here we explore some of the key cybersecurity … Read more

In the rush to buy Christmas gifts online, security awareness often is disregarded and hackers are waiting to take advantage. Hidden among the countless emails sent by retailers to inform past customers of the most … Read more

A data security incident at Shore Speciality Consultants Pulmonology Group (SSCPG) has potentially compromised the protected health information (PHI) of 10,000 patients.  SSCPG, based in New Jersey and part of the Shore Physicians Group, released … Read more

Cybersecurity researchers have identified vulnerabilities in Philips IntelliVue WLAN firmware which could be exploited by hackers to install malware. Two vulnerabilities affect specific IntelliVue MP monitors. Hackers could use the vulnerabilities to install malicious firmware … Read more

A spam email campaign is being conducted focusing on targeting corporate email accounts to share Loki Bot malware. Loki Bot malware is a data stealer capable of obtaining passwords stored in browsers, obtaining email account … Read more

Irish Internet browser Brave has claimed that they have offered new information to the Data Protection Commission (DPC) in Ireland which proves that Google has been trying to bypass General Data Protection Regulation (GDPR) legislation.  … Read more

Cybersecurity researchers have identified a flaw in Change Healthcare Cardiology, McKesson Cardiology, and Horizon Cardiology devices. Locally authenticated users could exploit the flaw to insert files that could allow the attacker to execute arbitrary code … Read more

Although many reports seem to indicate that email spam is dropping, email spam and botnet infection is still a major danger for most U.S organizations and people – with criminal practices netting hacking gangs billions … Read more

Monzo has contacted 500,000 customers following a data breach which saw customer PINs accessible to employees of the digital bank for more than a year.  The incident, which may constitute a breach of the EU’s … Read more

The Philadelphia Department of Behavioral Health and Intellectual Disability Services (DBHIDS) is notifying 1,500 individuals that their private information may have been exposed after an employee lost an unencrypted laptop.  The employee has been carrying … Read more

St. Croix Hospice is notifying 21,000 patients that their protected health information (PHI) may have been compromised in a phishing attack. St. Croix Hospice is a provider of hospice care in Minnesota and Wisconsin. On … Read more

The UK Information Commissioner’s Office has fined Marriott International Inc £99 million under GDPR for a data breach that affected seven million UK residents. The ICO released the statement for intention to fine Marriott on … Read more

The City of Griffin, Georgia, has revealed that it made two payments totalling $800,000 to scammers following a series of business email compromise attacks. BEC campaigns are a form of a phishing attack in which … Read more

Microsoft has issued patches for 77 vulnerabilities this Patch Tuesday. Of the vulnerabilities, 15 were rated critical and two were actively exploited zero day vulnerabilities.  Six of the vulnerabilities patched this month had been previously … Read more