82% Of Healthcare Companies Have Suffered an IoT Cyberattack during the Last 18 Months

Medigate and CrowdStrike performed new research which presented the degree to which hackers are attacking healthcare Internet of Things (IoT) devices and alerts about the disturbing status of IoT security in the medical care sector. The amount of IoT devices being employed in healthcare has risen considerably in the past few years as connected health … Read more

Ransomware Attacks Reported by Victory Health Partners and Strategic Benefits Advisors

Victory Health Partners Alerts Patients Concerning September 2021 Ransomware Attack Victory Health Partners based in Mobile, AL has informed patients concerning a ransomware attack it detected on September 23, 2021. Before the attackers encrypted the files, they exfiltrated sensitive information and has possibly released them. When Victory Health Partners discovered the attack, it shut down … Read more

Highlighting the Importance of Cybersecurity This Cybersecurity Awareness Month

The topic of the 4th week of Cybersecurity Awareness Month is “Cybersecurity First.” The emphasis is on letting businesses know about the importance of cybersecurity steps to handle vulnerabilities in products, operations, and individuals. Cybersecurity Information for Businesses One research indicates 64% of firms all over the world have encountered some kind of cyberattack and … Read more

19,000 People Impacted by Ransomware Attack on Directions for Living

The non-profit behavioral health service provider Directions for Living based in Clearwater, FL experienced a ransomware attack last July 17, 2021. When Directions for Living found out about the attack, it let law enforcement and got third-party computer forensics experts investigating the scope of the cyberattack and help take care of remediation. The investigation into … Read more

Alaska DHSS Claims May 2021 Cyberattack Has Potential Effect on All Alaskans

The Alaska Department of Health and Social Services (DHSS) will commence sending notification letters to all people in the state informing them about the possible exposure of their personal and health data due to a highly advanced cyberattack performed by a nation-state attacker. The cyberattack was noticed on May 2, 2021 and the DHSS was … Read more

SonicWall Threat Report Indicates Substantial Growth in Ransomware Attacks

SonicWall publicized a Cyber Threat Report update last July, which affirmed a significant rise in cyberattacks beginning 2020. From January to June of 2021, cryptojacking attacks went up by 23%, encrypted threats went up by 26%, IoT attacks increased by 59%, and ransomware attackers went up by 151% in comparison to the identical time period … Read more

UNM Health Data Breach Impacts Over 637,000 Individuals

UNM Health found out that an unauthorized third party acquired access to its system and possibly viewed and copied files from that included patients’ protected health information (PHI). The healthcare provider discovered the security incident on June 4, 2021 and immediately launched an investigation to determine the extent of the breach. UNM Health confirmed that … Read more

Phishing Attacks at Academic HealthPlans and Wayne County Hospital

Academic HealthPlans, Inc. (AHP) learned that an unauthorized person has obtained access to the email accounts of two workers after they responded to phishing emails. AHP was informed of a potential breach upon detecting suspicious activity in its Microsoft Office 365 email account. The impacted accounts were made secure, and an investigation was started to … Read more

Impact of Elekta Ransomware Attack on Advocate Aurora Health, Jefferson Health, and Intermountain Healthcare Confirmed

Three more healthcare providers reported that they were affected by the latest ransomware attack on Elekta Inc, the Swedish radiation therapy and radiosurgery provider. Elekta offers a web-based mobile software referred to as SmartClinic, which healthcare companies utilize to gain access to patient data for cancer treatments. Cybercriminals obtained access to Elekta’s systems from April … Read more

Kaseya Security Update Resolves Vulnerabilities Exploited in KSA Ransomware Attack

Kaseya has reported a security update published for the Kaseya KSA remote management and tracking software program to resolve the zero-day vulnerabilities, which the REvil ransomware gang fairly recently exploited in attacks on its customers and their clients. The vulnerabilities taken advantage of in the attack were included in a group of seven flaws that … Read more

Exploit Available for ‘PrintNightmare’ Zero-Day Windows Print Spooler RCE Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has given a notification after a proof of concept (PoC) exploit had been published for a zero-day vulnerability identified in the Windows Print Spooler service. The vulnerability was called PrintNightmare and is monitored as CVE-2021-34527. The vulnerability is caused by the Windows Print Spooler service that incorrectly executes … Read more

Healthcare Organizations Dealing with Higher Cyber Insurance Costs for Less Coverage

The number of cyberattacks currently being reported is greater than ever before. A few years ago, healthcare cyberattack reports are received at a rate of one each day, however, in 2021, there have been months where cyberattacks were reported at double that rate. The seriousness of cyberattacks has likewise become more intense and the cost … Read more

420,433 People Affected by Health Plan of San Joaquin Email Security Breach

Health Plan of San Joaquin (HPSJ), which is a not-for-profit service provider of Medi-Cal managed care based in French Camp, CA, learned that an unauthorized individual has obtained access to its email system and likely viewed or obtained sensitive data. HPSJ noticed a likely email breach on or approximately October 12, 2020 after identifying suspicious … Read more

President Biden Signs Expansive Executive Order to Enhance Federal Networks Cybersecurity

On May 13, 2021, President Biden signed a comprehensive Executive Order that seeks to appreciably strengthen cybersecurity protections for federal systems, enhance threat information sharing between the private sector, the government, and law enforcement, and present a cyber threat response playbook to speed up the response to incidents and their mitigation. The 34-page Executive Order … Read more

Three Actively Exploited Zero-Day Vulnerabilities in SonicWall Email Security

Three zero-day vulnerabilities were found in SonicWall Email Security solutions are being actively exploited in the wild by one or more threat actors. The vulnerabilities may be chained to obtain admin access to enterprise systems and do code execution. SonicWall Email Security products are used as a physical machine, virtual appliance, as a hosted SaaS … Read more

Hackers Stole the PHI of Over 200,000 Washington D.C. Health Plan Members

CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC) is notifying its members with regards to a cyberattack that resulted in the theft of their protected health information (PHI). CHPDC, previously known as Trusted Health Plans, discovered a breach of its computer networks on January 28, 2021. The health plan based in Washington D.C … Read more

Data Breaches at California Department of State Hospitals and Eyemart Express

The Department of State Hospitals (DSH) in California has learned a worker obtained access to the protected health information (PHI) of 1,415 present/former patients and 617 personnel without consent. The employee had an Information Technology job and got access to data servers that contain sensitive patient and staff information so as to perform work assignments. … Read more

Phishing Attack on Saint Alphonsus Health System, Saint Agnes Medical Center and Southeastern Minnesota Center for Independent Living

Due to a phishing attack encountered by Saint Alphonsus Health System based in Boise, ID, the information of its patients was potentially compromised, including the data of patients of Saint Agnes Medical Center located in Fresno, CA. Saint Alphonsus detected strange activity in the email account of an employee on January 6, 2021. The provider … Read more

100% of Screened mHealth Applications Prone to API Attacks

The personally identifiable health information of a huge number of people is being compromised by means of the Application Programming Interfaces (APIs) employed by mobile health (mHealth) apps, reported by a current study shared by cybersecurity agency Approov. Ethical hacker and researcher Allissa Knight carried out the study to discover how protected famous mHealth apps … Read more

Ransomware Attacks on Ramsey County and Crisp Regional Health Services and Vulnerability in Vaccine Scheduling Application

The County Manager’s Office of Ramsey County, MN has begun informing 8,700 customers of its Family Health Division regarding the potential access of some of their personal data by unauthorized persons brought about by a ransomware attack on its vendor Netgain Technology LLC. Netgain Technology LLC based in St. Cloud offers technology solutions to Ramsey … Read more

Emisoft Reports No Less Than 560 Ransomware Attacks on U.S. Healthcare Facilities in 2020

Ransomware attacks in 2020 had a huge impact on companies and organizations in America. Ransomware gangs targeted the healthcare and education sectors, the federal, state, and municipal governments and departments. These sectors had no less than 2,354 attacks in 2020 as per the most recent State of Ransomware report of Emsisoft, a cybersecurity company based … Read more

Vulnerabilities Identified in Philips IntelliVue Firmware

Cybersecurity researchers have identified vulnerabilities in Philips IntelliVue WLAN firmware which could be exploited by hackers to install malware. Two vulnerabilities affect specific IntelliVue MP monitors. Hackers could use the vulnerabilities to install malicious firmware which could impact data flow and lead to an inoperable condition alert at the device and Central Station. Shawn Loveric, … Read more

Software Vulnerability Identified in Change Healthcare Cardiology Devices

Cybersecurity researchers have identified a flaw in Change Healthcare Cardiology, McKesson Cardiology, and Horizon Cardiology devices. Locally authenticated users could exploit the flaw to insert files that could allow the attacker to execute arbitrary code on a vulnerable device. Alfonso Powers and Bradley Shubin of Asante Information Security identified the flaw (CVE-2019-18630) and reported the … Read more

Hackers Targeting US Utilities Sector with Spear Phishing Campaign

Hackers impersonating the US National Council of Examiners for Engineering and Surveying (NCEES) are targeting business in the US utility sector through a new phishing campaign.  Between July 19 and July 25 2019, the hackers sent phishing emails to three utility companies in the US. In each case, the hackers attempted to infect the organization’s … Read more

Ransomware Attack at Imperial Health Affects 110,000 Patients

A ransomware attack at Imperial Health has compromised the protected health information of more than 116,000 patients.   On May 19, 2019, Imperial Health, a physicians’ network in Southwest Louisiana, discovered that an unauthorized party had installed ransomware onto the network, encrypting files and a database used by the Imperial Health’s Center for Orthopaedics (CFO). … Read more

Wise Health Phishing Attack Affects 36,000 Patients

Wise Health System is sending breach notification letters to 36,000 patients following a phishing attack on their system. Wise Health System is a health care system with over 1,900 employees based in Decatur, Texas. The breach occurred on March 14, 2019, when a hacker sent phishing emails to employees of the organization. Several employees were … Read more

Microsoft July 2019 Patch Tuesday

Microsoft has issued patches for 77 vulnerabilities this Patch Tuesday. Of the vulnerabilities, 15 were rated critical and two were actively exploited zero day vulnerabilities.  Six of the vulnerabilities patched this month had been previously disclosed to the public. The two actively exploited zero-days are both privilege escalation vulnerabilities. The first – CVE-2019-0880 – affects … Read more

Flaw in Dell SupportAssist Leaves Millions of PCs vulnerable

A newly-identified privilege escalation flaw in Dell SupportAssist could leave millions of Dell PCs and laptops vulnerable attack. Threat actors could employ malicious software to elevate their privileges to administrator level and hijack the device for their nefarious purposes. The flaw affects both the home 9 (v 3.2.1 and prior) and business (v 2.0) versions … Read more

Microsoft June 2019 Patch Tuesday

Microsoft has issued patches for 88 vulnerabilities this patch Tuesday. Of the vulnerabilities, 20 were rated critical. One servicing stack and 4 advisories were also released in the update. Microsoft stated that there was no evidence to suggest that threat actors had been actively exploiting the vulnerabilities in the wild. SandboxEscaper, a security researcher, identified … Read more

Microsoft May 2019 Patch Tuesday

Microsoft has issued patches for 79 vulnerabilities this May 2019 Patch Tuesday. Of the vulnerabilities, 22 were rated critical. Adobe also issued patches for 84 vulnerabilities, 50 of which were critical. One critical flaw addressed by Microsoft left affected users vulnerable to WannaCry-style malware attacks. This vulnerability (CVE-2019-0708) is in Remote Desktop Services and can … Read more

Oracle WebLogic Server Vulnerability Exploited Using Sodinokibi Ransomware

A vulnerability in Oracle WebLogic Server is being exploited in the wild by a new ransomware variant named Sodinokibi. On April 26, Oracle released an out-of-band patch to address the vulnerability (CVE-2019-2725). There have been several reported cases of the vulnerability being exploited in the wild. Oracle WebLogic Server is part of Oracle Middleware, a … Read more

Southern Hills Eye Care Ransomware Attack Reported

Southern Hills Eye Care in Sioux City, Iowa, has announced that a recent ransomware attack on their facility may have compromised patient PHI. Ransomware is a variant of malware that prevents which hackers use to extort victims. The malware prevents the victim from accessing their computer, or files on their computer until a ransom is … Read more

DePaul Reports Phishing Compromised Employee Email Account

The assisted living facility provider DePaul has announced that a successful phishing attack on its networks has compromised patient data. DePaul, which operates facilities in New York, North Carolina, and South Carolina, discovered the breach on February 1, 2019. IT security staff immediately took steps to secure the compromised account and block the unauthorised individual’s … Read more

ICS-CERT Issues Medical Advisory for Vulnerabilities Found in BD FACSLyric Flow Cytometry Solution

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a medical advisory about vulnerabilities found in the BD FACSLyric flow cytometry solution. ICS-CERT is a governmental organisation that works to reduce the risk of cybercrime to US businesses. The medical advisory stated the flaw in the device, manufactured by Becton, Dickinson, and Company … Read more

Cyberattack Disrupts Printing of Major Newspapers

An investigation has been launched into a recent cyberattack that disrupted the printing of several major newspapers. The cyberattack on Tribune Publishing, attributed to a malware infection, caused disruption to several newspaper print runs including those of the Los Angeles Times, San Diego Tribune, and the west coast editions of the New York Times and … Read more

Beazley’s Publishes Breach Insights Report for Q3 2018

Beazley’s, a specialist insurance group, has released their quarterly Breach Insight Report for Q3 2018. The report concerned the attacks managed by Beazley Breach Response Services, which deals with the aftermath of an attack, including the investigation and the breach response. One of the most prevalent findings of the report is the huge rise in … Read more

Twin Phishing Attacks on Children’s Hospital of Philadelphia’s Results in Data Breach

Children’s Hospital of Philadelphia (CHOP) has announced that the email accounts of two employees have been compromised following cyberattacks on two August 23 and August 29, 2018. On August 24, CHOP, a paediatric healthcare facility and primary care provider, discovered an unauthorized individual had gained access to the email account of one of the physicians … Read more

Reliable Respiratory Falls Victim to Phishing Attack

Reliable Respiratory, a respiratory care provider, has announced that it has fallen victim to a phishing attack. Reliable Respiratory, based in Norwood, MA, stated that IT staff discovered the breach when they detected suspicious activity on an employee’s email account on July 3. The organisation immediately launched an investigation, which revealed that a hacker had … Read more

Proofpoint Announces Discovery of Marap Malware Strain

Proofpoint has announced the discovery of a new malware strain called Marap. Security researchers at Proofpoint stated that Marap malware is currently being used for gathering information about victims. The threat actor’s aim appears to be the creation of a network of infected users which they can target in future attacks. The malware operates by … Read more

Medical Data from Closed Pennsylvania Obs/Gyn Clinic Found at Allentown Public Recycling Center

Private Medical Data has been found at a recycling center in Allentown, Pennsylvania. Paper files containing names, Social Security numbers, and medical histories, including details of cancer diagnoses and sexually transmitted diseases were located that the center by a city worker. The medical files appear to have belonged to Women’s Health Consultants, an obstetrics and gynecology … Read more

12,172 Individuals Impacted by ShopRite Data Breach

Pharmacy customers of ShopRite Supermarkets, Inc. have been impacted by a security violation caused by the improper disposal of a device used to record the signatures of customers. The device was used at the ShopRite, Kingston, NY location during the time period from 2005-2015 and saved personal and medical details. Customers who went to the … Read more

Extortion Attack on Private Information of Sports Medicine Clients

7,000 patients of Sports Medicine & Rehabilitation Therapy (SMART) have been alerted of a possible breach of the private personal information. It is believed the breach, which involved an extortion attempt, may have impacted anyone whose information was taken during a visit to a SMART center before the last day of 2016. The extortion attempt … Read more

1300 People Impacted by RiverMend Health Breach

An unauthorized person has been found to have obtained access to the email credentials of one the  employees at RiverMend Health, a provider of specialty behavioral health services including services for drug and alcohol addiction. The unauthorized access was discovered by the Augusta, GA-based group on August 10, 2017, when it was noticed that suspicious … Read more

PHI Exposure May Have Happened Following Theft of Unencrypted Laptop

Exposure of patients’ protected health information may have occurred after an unencrypted laptop computer was stolen from a car belonging to an employee of Bassett Family Practice in Virginia. The theft of the laptop is thought to have occurred during the weekend of 12/13 August. Patients were warned of the exposure of their private date … Read more