Franciscan Health is notifying 2,200 patients that their sensitive data may have been compromised in a security incident involving a former employee. Franciscan Health, a health system operating 14 hospitals in Indiana and Illinois, discovered a former employee was accessing the data of 2,200 patients without the appropriate authorization to do so during a routine … Read more
Medical Informatics Engineering Inc (MIE) has agreed to a $100,000 settlement with HHS’s Office for Civil Rights for a 2015 data breach affecting 3.5 million individuals. MIE, an Indiana-based provider of electronic medical record software and services, experienced the data breach when hackers compromised the server of its NoMoreClipboard subsidiary. The hackers had access to … Read more
The Department of Health and Human Services’ Office for Civil Rights (OCR) has reached a $3 million settlement with Touchstone Medical Imaging following a 2014 data breach. The Franklin, TN-based diagnostic medical imaging services company agreed to the settlement to resolves multiple violations of HIPAA Rules. They have further agreed to adopt a corrective action … Read more
Sextortion scams have become increasingly common in recent years, with record numbers being reported in 2018. These types of attacks are potentially very lucrative for an attacker, due to the highly embarrassing or compromising nature of the material. In many cases, the hacker holds no sensitive information on the individual in question; however, simply the … Read more
A recent survey conducted by OpenVPN highlights the potential cybersecurity risks posed by remote workers. OpenVPN is a virtual private network solution provider that allows businesses to extend their VPNs securely. They surveyed 250 IT leaders, “from the manager level through the C-suite”, to ascertain whether allowing employees to work remotely posed a risk to … Read more
Protecting against zero-day malware and advanced phishing attacks can be a major challenge for SMBs and managed service providers (MSPs). To better protect against these advanced threats, TitanHQ, the leading provider of email security solutions to the SMB market, has added two new features to its award-winning spam filtering solution: SpamTitan. These features were introduced … Read more
Rutland Regional Medical has revealed that a hacker compromised nine employee email accounts following a cyber attack on their systems. Rutland Regional Medical, based in Rutland City, is the biggest community hospital in Vermont. A staff member discovered the attack on December 21, 2018, after noticing that their email account had been hijacked to send … Read more
Security researchers have discovered a new Trojan horse malware campaign used by hackers to launch attacks on Linux servers. Trojan horses are malware variants that are disguised as benign or useful pieces of software. They are installed under false pretences, as the user if often tricked into believing that they serve a legitimate purpose. Once … Read more
A new global phishing scam has been identified in which hackers target customers of Netflix, the world’s largest streaming organisation. The U.S. Federal Trade Commission, an independent agency of the United States government, issued a warning about the Netflix scam late in December 2018. The phishing scam attempts to fool Netflix subscribers into handing over … Read more
On Wednesday, December 5, 2018, Adobe issued an update to correct a vulnerability in Adobe Flash Player. The vulnerability had been identified in late November by Gigamon, held network visibility and traffic monitoring technology vendor. Qihoo 360, a Chinese internet security company, recently discovered an advanced persistent threat campaign that was exploiting the vulnerability in … Read more
Cancer Centers of America’s Western Regional Medical Center in Bullhead City, Arizona, has recently fallen victim to a phishing attack which has exposed the protected health information (PHI) of over 41,000 individuals. The attack occurred due to one of its employees responding to a phishing email. The email was designed to appear as if it … Read more
Catawba Valley Medical Center (CVMC), a medical center serving the greater Catawba County area based in Hickory, North Carolina, has recently announced that an unauthorised individual gained access to their systems following a successful phishing attack. It is estimated that up to 20,000 people may have been affected by the breach. The discovery was made … Read more
FirstCare Health Plans, a Texan health insurance organisation, has revealed that more than 8,000 of its members may have had some of their personal data breached due to an email error made by one of its staff. The organisation is in the process of notifying 8,056 plan members plan members that may have had some … Read more
Proofpoint, the Californian cybersecurity company, has launched a new Closed-Loop Email Analysis and Response (CLEAR) solution. Proofpoint’s website states that the solution reduces “threat triage time from days to minutes without requiring additional work from human analysts”. Proofpoint CLEAR utilises a complete closed-loop approach to automatically analyse suspicious emails reported by end users to security … Read more
A security researcher released proof-of-concept code that would allow for a user to exploit a flaw in the Windows Task Scheduler. The flaw was discovered by Github user SandboxEscaper, who was also responsible for publishing the proof-of-concept (PoC) code. The flaw, a local privilege escalation vulnerability, was found in the Advanced Local Procedure Call (ALPC) … Read more
7,000 patients of Sports Medicine & Rehabilitation Therapy (SMART) have been alerted of a possible breach of the private personal information. It is believed the breach, which involved an extortion attempt, may have impacted anyone whose information was taken during a visit to a SMART center before the last day of 2016. The extortion attempt … Read more
Additional evidence has appeared presenting the advantages of healthcare written messaging. A recently published study in the Journal of the American Heart Association obviously indicated that an automatic mHealth interference using Smartphone and text messages tracing applications might prove to be a good approach for rising patients’ physical activity stages. The advantages of rising activity stages, particularly … Read more
Last week software giant Adobe issued a new patch for Flash Player to address an actively exploited weakness (CVE-2017-11292) that is being targeted by the hacking group Black Oasis to install FinSpy malware. Finspy is strictly not defined as malware, it is a legitimate software program developed by the German software company Gamma International. However, … Read more
TheDarkOverlord hacking group has, in recent time, been targeting K12 schools; obtaining access to networks, stealing data and trying to extort money. As a reaction to the hacking and extortion threats, the U.S. Department of Education has released an advisory to K12 schools and has issued guidance to help educational institutions mitigate danger and safeguard their … Read more
Specific industry sectors in the United States and South Korea have been the main targets in the Formbook malware attacks. However there has been some worry that the malware will be used in more widespread cyberattacks around the world. So far, the Aerospace industry, defense contractors, and the manufacturing sector have been widely targeted; however, … Read more
This Patch Tuesday has seen Microsoft release several updates for serious vulnerabilities, some of which are being constantly exploited in the open. Microsoft is pleading with companies to apply the patches now to keep their systems safe. Some of the vulnerabilities are simple to exploit, requiring little experience or knowledge Overall, 62 vulnerabilities have been … Read more
DDoS attacks are being implemented using the Flusihoc Botnet, some as recording speeds as quick as 45 Gbps according to investigators at Arbor networks. The Flusihoc botnet has been in action for a minimum two years, although activity has grown over the last few months, with more than 900 attacks initiated using the Flusihoc botnet … Read more
After it was first discovered the 2013 Yahoo data violation was quickly found to have affected many of the company’s customers and in December 2016 it was announced that 1 billion accounts had been compromised. In September 2016, prior to that announcement, a separate breach was discovered that affected approximately half a billion email accounts. … Read more
A patch for a vulnerability in Drupal (CVE-2017-6922) that has been activiley exploited for some months was released in June 2017. The flaw affects Drupal v 7.56 and 8.3.4. Drupal was aware of the flaw, an access bypass vulnerability, since October 2017. It is possible for the flaw to be exploited on misconfigured websites, permitting … Read more
Proofpoint, the cybersecurity firm, has confirmed that is has discovered a new Twitter credit card phishing scam. Users of the social media platform Twitter are being offered verified account status via native Twitter ads; the catch being that signing up requires the provision of credit card details, which are then communicated to the attackers. Obtaining … Read more
Dr. Web, a Russian antivirus firm has recently discovered a new Trojan downloader. The malware uses a popup Windows ‘Save As’ dialog box to install malicious payloads, which have thus far all been adware. The malware, dubbed “Trojan.Ticno.1537”, installs variety of adware together with a malicious extension for Google Chrome. According to Dr. Web, the … Read more
Details of a SMB file sharing protocol flaw in Windows have been made public some 12 days prior to the release of a patch by Microsoft. Laurent Gaffié, the researcher who published details of the flaw, has claimed that Microsoft had been aware of the issue for around 3 months beforehand yet failed to act … Read more
One of Highmark Blue Cross Blue Shield’s (Delaware) subcontractors has fallen victim to a ransomware infection and cyberattack that may have put private information relating to almost ninetenn thousand beneficiaries of employer-paid health plans at risk. The attack happened on the 5th of August 2016 at Highmark BCBS subcontractor Summit Reinsurance Services, however affected individuals … Read more
Patients of the True Health Group have had their health reports exposed online due to a law in the True Health Diagnostics website. Moreover, the reports appear to have been viewable by other patients for months if not years. Based in Frisco, Texas, True Health Diagnostics is a company that offers a broad range of … Read more
Sentara Healthcare is currently carrying out an investigation into a data breach affecting one of its 3rd-party vendors which allowed a number of patients’ protected health information to be accessed by an unauthorized person. Sentara Healthcare was alerted to a possible ePHI breach by police officers on the 17th of November 2016. An internal investigation … Read more
New methods of spreading ransomware are constantly being developed; however, a new ransomware variant discovered by MalwareHunterTeam researchers called “Popcorn Time” appears to use tactics that have never before been seen. When Popcorn Time ransomware has infected a victims device they are given a choice between two options: They can pay the ransom and thereby … Read more
A security flaw in a patient portal has exposed information concerning patient claims. Claims information had previously been uploaded to the patient portal of Molina Healthcare, which is a managed care company based in Long Beach, California. This in itself is not abnormal, however the flaw meant that the information was in fact accessible without … Read more
Patch Tuesday 2016: Microsoft has acted to fix 68 vulnerabilities including 6 that had been rated critical. The updates have been spread over fourteen security bulletins. The updates include fixes for 2 vulnerabilities that are presently being actively exploited including the CVE-2016-7255 vulnerability that was announced by Google in October 2016. Google decided to announce … Read more
Numerous email compromise tactics have for some time been in use by scammers to trick business executives into making fraudulent wire transfers. Recently, a Symantec security specialist has observed that some scammers have begun taking a new approach in order to increase BEC scams’ rate of success. The biggest problem that the scammers face is … Read more
If yours is one of many businesses which depend upon Microsoft Security Bulletins to remain informed about new patches and fixes to known vulnerabilities, you and your colleagues should prepare yourselves for an upcoming change in the way Microsoft announces security fixes. In blog post in late 2016, Microsoft confirmed that its Security Bulletins would … Read more
According to IT Security researchers, MacOS malware is now being spread by malicious Word macros. This is the first occasion on which MacOS malware has been recognised as having been used to spread this attack vector. Windows users can anticipate that they are vulnerable to attack with malware, however until now Mac users have stayed … Read more
A ransomware attack on an LA Valley College on the 6th of January, 2017 lead to student data being locked and resulted in some 1,800 college staff – both administrators and teachers – being unable to gain access to their computer system and essential work files. Ransomware is a form of malicious software. The purpose … Read more
The culprits responsible for Locky ransomware have begun using data obtained in the OPM data breaches of 2014 and 2015 in a new campaign designed to spread cryptoransomware. It remains unknown exactly how much data was obtained, however in total, around 22 million user records were stolen in the OPM breach. The spam emails, sent … Read more
Malware infections over the Christmas holiday period are something to be expected. Every year as the number of online shoppers increases, the number of Windows malware infections increases with them. Data from Enigma Software Group (ESG) indicates that between Black Friday and Cyber Monday in 2015, the rate of malware infections was 84% higher than … Read more
E-Sports Entertainment Association (ESEA) has confirmed that it has been subject to an attempted extortion after a hacker successfully infiltrated one of its game servers. The incident enabled the hacker to steal the player profiles and other data of 1.5 million users. The hack was carried out on the 27th of December 2016. The attacker … Read more
LeakedSource has claimed that email addresses, usernames, and passwords have been accessed by the hackers responsible for a recent Dailymotion cyberattack. Dailymotion is one of the biggest internet video sharing platforms and, according to Alexa, is the world wide web’s 113th most popular site. Dailymotion recorded 148 million hits in April 2015. The cyberattack is … Read more
Cybercriminals responsible for a ransomware attack against a Sherriff’s office in Arkansas have received payment of 3 Bitcoin ($2,400) to supply the relevant keys to decrypt files that had been locked by the ransomware. Carrol County Sheriff’s office was the victim of a ransomware attack on the 5th of December, 2016 which resulted in its … Read more
Kaiser Permanente is alerting a few of its associates of a website formation mistake that led to the revelation of a few of their safeguarded health information. Luckily, the mistake was swiftly known and ePHI was just revealed for about 2 hours. On October 12, 2016, an upgrading to the site, Kp.org was carried out … Read more
The Division of Health and Human Services’ OCR has lately distributed guidance for HIPAA covered entities on ransomware to assist protected bodies trade with the enhanced danger of ransomware assaults. Recently the Federal Trade Commission (FTC) has cautioned companies that they should do more to cope with the ransomware danger. The failure to apply proper safeguards against … Read more
August was a regretful month for healthcare files breaks. Over 8.8 million health plan member and patient files were stolen or exposed. 8,804,608 to be exact. As per the up-to-date segment of the Protenus Break Indicator, the total quantity of healthcare files exposed or stolen this summer now surpasses 20 million. In August, 44 break … Read more
The Healthcare Information and Management Systems Society (HIMSS) has circulated the outcomes of its yearly healthcare cybersecurity analysis. The report demonstrates that healthcare companies are using a range of methods to enhance their safety posture as well as keep confidential files safeguarded. But, several companies are failing to use fundamental cybersecurity skills to avoid illegal … Read more
A huge data break has been informed by a Phoenix AZ-based healthcare company which has possibly affected 3.7 million people. The assault is the 2nd biggest cyberattack informed thus far in 2016, just second to previous month’s 9.3 million highest break on an as of yet unverified health underwriter. Early accounts of the assault on Banner … Read more
Throughout the last few weeks, huge data dumps occurred from extraordinary cyberattacks on MySpace, LinkedIn, and Tumblr. More lately, in excess of 33 million mutilated Twitter accounts were registered online for sale. These accounts are thought to have been mutilated making use of the records gotten in the LinkedIn break. Provided the quantity of healthcare … Read more
Earlier this year, Stamford Podiatry Group P.C., has found out that an illegal third party accessed to its computer systems for a period of nearly 2 months. The intruder was capable to see company data and possibly accessed the electronic medicinal record (EMR) database also. 40,491 patients have now been informed of the secrecy break … Read more
Roughly 1K patients in Southern Arizona have received notices of a break of safeguarded health information after the thievery of a doctor’s record. The record had been dumped in the automobile of a doctor who performed for Emergency Medicine Associates, which delivered ER staff for Carondelet Health Network hospices in Tucson. A burglar broke into … Read more