1300 People Impacted by RiverMend Health Breach

An unauthorized person has been found to have obtained access to the email credentials of one the  employees at RiverMend Health, a provider of specialty behavioral health services including services for drug and alcohol addiction. The unauthorized access was discovered by the Augusta, GA-based group on August 10, 2017, when it was noticed that suspicious … Read more

PHI Exposure May Have Happened Following Theft of Unencrypted Laptop

Exposure of patients’ protected health information may have occurred after an unencrypted laptop computer was stolen from a car belonging to an employee of Bassett Family Practice in Virginia. The theft of the laptop is thought to have occurred during the weekend of 12/13 August. Patients were warned of the exposure of their private date … Read more

51,000 Plan Members Affect by Network Health Phishing Attack

Network Health, a Wisconsin-based insurer, has contact 51,232 of its plan members to advise them that some of their protected health information (PHI) hmay have been obtained by unauthorized persons. Last August,  a number of Network Health staff members received sophisticated phishing emails. Two of those members of staff replied to the scam correspondence and handed … Read more

Cybercriminals with Nation-State Support Responsible for Yahoo Attack

InfoArmor has claimed that data from the Yahoo breach of over one billion user accounts has already been purchased on the black market by multiple third parties on numerous occasions. Although Yahoo argues that a nation-state sponsored group was responsible for the hack, research carried out by InfoArmor’s indicates otherwise and a number security experts … Read more

Global Reports of WannaCry Ransomware Attacks

There has been a huge increase in WannaCry ransomware attacks around the globe, including a new campaign being launched on Friday the 13th of May 2017. Unlike previous WannaCry ransomware attacks, the present campaign takes advantage of a vulnerability that is found in Server Message Block 1.0 (SMBv1). Zero day exploits are often employed by … Read more

US-Certs: SSL Inspection Tools Might Make Cybersecurity Weaker

A recent warning issued by US-CERT has advised that SSL inspection tools may actually do the opposite of what they are intended for; i.e. they might serve to weaken the cyber defenses of healthcare organizations’ rather than strengthen them – by making their computer systems more at risk of man-in-the-middle attacks. It should be noted … Read more

Wi-Fi Routers Infected by Switcher Trojan through Android Mobiles

Kaspersky Lab has identified a highly dangerous new Trojan which has been used to attack Wi-Fi routers through Android devices. The new form of malware, which has been dubbed the Switcher Trojan, is presently being employed to attack routers based in China. Nonetheless, Kaspersky Lab researchers have warned that the new malware could indicate a … Read more

Erie County Medical Center Patients Put at Risk by Apparent Ransomware Attack

Ashland Women’s Health confirmed in April 2017 that it had been the victim of a significant ransomware attack.19,272 Ashland patients were affected. This followed confirmation the previous week that ABCD pediatrics ransomware attack had put 55,447 patients at risk. On Sunday 9th April, a third healthcare provider became aware that it had received a ‘virus’ … Read more

San Francisco Transport System Ransomware Attack Reported

A ransomware attack on the San Francisco Transport System in November 2016 resulted in the encryption of computers used by the city’s light rail system. The criminals responsible for the attack demanded ransom of 100 Bitcoin (approxiately $70,000) for the key to unlock the encryption. The San Francisco Municipal Transportation Agency (SFMTA) stated that although … Read more

ABCD Pediatrics Hit By Ransomware Attack Affecting 55,000 Patients

The private health information relating to more than 55,000 patients may have been compromised in during a ransomware attack against ABCD Pediatrics on the 6th of February 2017. Attackers managed to access ABCD Pediatrics’ servers following which Dharma ransomware was installed and consequently some PHI was encrypted. Dharma ransomware has been identified by experts as … Read more

New Powershell Remote Access Trojan Identified

Researchers at Cisco Talos have recently identified a new Powershell remote access Trojan. The memory-resident malware is almost impossible to detect because it doesn’t write files to the computer’s hard drive and uses a new way of communicating with its C2. The infection is spread via a malicious Microsoft Word document sent as an email … Read more

Warning Issued by OCR to Providers of Healthcare Regarding Use of HTTPS Inspection Tools

Numerous healthcare organization employ HTTPS inspection tools in order to monitor HTTPS connections for any malware which may be present. HTTPS inspection tools are used to decrypt secure HTTPS network traffic and verify content prior to re-encrypting traffic. The purpose of HTTPS inspection tools is to enhance security, however the Department of Health and Human … Read more

Thousands of Sites at Risk from Newly Identified Zero Day WordPress Vulnerability

A Sucuri researcher has recently discovered a new zero day WordPress vulnerability in the WordPress REST API. The vulnerability permits content injection and the escalation of user privileges. Should it be exploited, an unauthenticated user might be able to make modifications to any content found on the WordPress sites, which could include the addition of … Read more

Madison County Invests $220K in Cybersecurity Following Ransomware Attack

The payment of a $21,000 ransom to attackers following the Madison County ransomware attack that disabled a large number of the county’s computer systems in November 2016 was necessitated as a viable backup of the data concerned did not exist. In accordance with the County’s insurance company’s advice, the ransom was paid. It has been confirmed that … Read more

2017’s Biggest Healthcare W-2 Phishing Scam Impacted 17,000 Employees

The biggest healthcare W-2 phishing scam 2017 thus far has been reported by American Senior Communities of Indiana. Although a number of organizations have already reported being tricked by phishing emails this tax season, this was by a long way the largest healthcare W-2 phishing scam, affecting over 17,000 of the organization’s employees. To date, … Read more

Google Acts Against Repeat Malware Offending Sites

Google has promised that it will take action against websites that are used repeatedly to serve malware, unwanted software, or are used to ‘phishing’ attacks. As soon as a website has been confirmed as a repeat offender, the Google Chrome browser will automatically issue an alert to visitors, warning them that the site is known … Read more

FBI Informs Healthcare Providers of Risks Associated with Anonymous FTP Server Use

According to a recent warning issued by the FBI, Healthcare organizations may be placing the protected health information of their patients in jeopardy by using anonymous FTP servers. Cybercriminals are profiting from the lack of protection on FTP servers to access patients’ protected health information (PHI). Anonymous FTP servers enable unauthorised individuals to access data … Read more

Cybercriminals Telephoning Customer Service Representatives to ask them to Open Malware Infected Attachments

The risk of malware and ransomware infections can be reduced by training staff to avoid opening file attachments received from unfamiliar email accounts. Despite this being common practice, a well known cybercriminal group has recently been increasing the number of infections by telephoning hotels and restaurants to ask staff to open emails with infected attachments. … Read more

Exploitation of Vulnerability in Apache Struts Revealed

Cisco Talos and Apache have issued warnings to their users following the revelation of a new Apache Struts vulnerability that has been actively exploited in recent days. Cisco Talos researchers recently identified the ‘zero-day’ vulnerability in the Java application framework was recently, and it has been confirmed that a constant stream of attacks have been … Read more

Gooligan Malware Infection compromises 1,300,000 Google Accounts

A new type of Android malware, known as ‘Gooligan’ has been discovered by the Israeli based company CheckPoint which specialises in cybersecurity. According to initial reports it is already spreading at a rate which has alarmed experts. A cyber attacker can potentially gain access to Google accounts and the data stored in Gmail, Google Drive, … Read more

Seguin Dermatology Declares Ransomware Assault ePHI Access Possible

Texas-centered Seguin Dermatology has begun notifying patients of a ransomware assault that has likely led to electronic protected health information being wrongly accessed. The assault happened around or on September 12, 2016, and affected a computer network used by the Bureau of Robert J. Magnon, Doctor of Medicine. The ransomware encrypted many file varieties avoiding … Read more

Operations Annulled After 3 UK Hospitals are Paralyzed by Computer Infection

Cyberattacks on healthcare suppliers in the U.S. are happening at a frightening speed; nevertheless, it’s not just U.S healthcare companies which are targeted by cybercriminals. During the weekend, a big security case was informed by a National Health Service Trust in the U.K. The case has led to computer systems taken offline and scheduled operations … Read more

Analysis Emphasizes Danger of PHI Revelation from Unencrypted Healthcare Pagers

Several healthcare suppliers have now changed from pagers to more safe types of communication. Safe text messaging platforms permit safeguarded health info to be communicated swiftly and efficiently between doctors and care team associates. Those platforms include the necessary safety features to make sure messages can’t be interrupted and seen by illegal people. However, pagers … Read more

OCR Alerts of FTP Weaknesses in NAS Appliances

The Division of Health and Human Services OCR has released a notice to HIPAA protected bodies as well as their business associates of a surge in assaults on network attached storage (NAS) appliances. The appliances are being assaulted using a type of malware known as Mal/Miner-C, or else called PhotMiner. The assault uses File Transfer … Read more

Main Ohio Urology Consortium Notifies 300K Patients of PHI Thievery

Patients of Central Ohio Urology Consortium whose safeguarded health information was thieved and displayed live in August have now been informed of the safety break. Although it’s not sure precisely when the hack happened, the data thieved in the cyberattack were put live on August 2, 2016. Hackers uploaded a wide variety of patient files to Google … Read more

New Review Indicates Data Break Cost is $200K for each Happening

A new review indicates the cost of deciding breaks of confidential information is much lower than earlier thought. The charges are so little that for several firms there is a slight inducement to finance more cash to expand cybersecurity protections. Examining the price of data breaks is a difficult matter. There are direct charges connected … Read more

Texas Health and Human Services Commission Informs 600 of PHI Revelation

A storage servicer has notified the loss of 15 storing packets to the Texas Health and Human Services Commission (HHSC). The packets were stowed at 3 Iron Mountain services in Fort Worth, Dallas, as well as Irving. The packets had records pertaining to people who had submitted applications to HHSC for medical help during January … Read more

Kern County Mental Health Division Publicizes Secrecy Break

Kern County Mental Health Division, CA. (KCMH) has informed a break of safeguarded health information that happened during the transfer of its administrative division in April 2016. The break included the revelation of a partial amount of safeguarded health information of sick persons who had earlier received treatment from KCMH during September 1, to September 30, … Read more

Up to 400K Prisoners’ SSNs and PHI Revealed

Up to 400K existing and earlier inmates imprisoned by the California Department of Rehabilitation and Corrections during 1996 to 2014 have possibly had their medical data, Social Security numbers, and personally identifiable information displayed. Last month California Correctional Healthcare Services (CCHCS) reported the data break and an alternate break notice was displayed on the website … Read more

Verity Health System Prey of Phishing Assault

Verity Health System has become prey to a phishing assault leading to confidential worker data being transmitted out of the company. Employee names, Social Security numbers, addresses, money earned in the fiscal year, as well as particulars of tax pending have been revealed to the invader. The break only impacted present and past workers who … Read more

Illinois Data Break Notice Law Renewed

Illinois data break notice rule has been updated, widening the meaning of private information and modifying the timescale for alerting the Attorney General of data breaks. A break notice will have to be released if an individual’s complete name or last name, as well as signature, is revealed in association with any of the below-mentioned data … Read more

Florida Medical Clinic Informs 1K Patients of Secrecy Breach

Florida Medical Clinic, PA., has informed 1K patients that their outstanding balance reports were revealed online as a consequence of a misconfiguration of its Patient Portal. Outstanding balance reports of a few patients, between November 18, and January 6, 2016, were seen by industrial account sick persons when they registered onto the Patient Portal. Just … Read more

Anti-Malware Scan Halts Cardiac Catheterization Process

It’s imperative for anti-malware keys to be utilized to defend medical appliances, even though care should be taken when designing software. In the same way, as was lately stressed at a U.S. hospice, a misconfiguration of software has the possibility to have a harmful effect on sick people. Previously this calendar year, a cardiac catheterization … Read more

23000 Patients of Mayfield Clinic Receive Malware-Infected Email

The Mayfield Clinic of Cincinnati patients received an email in February that contained a malevolent attachment which transferred ransomware onto their machines. The entrance on the HHS’ OCR infringement portal shows 23,341 patients received the email, even though it’s unclear how many of email receivers opened the malevolent attachment as well as infected their machines. … Read more

California Ransomware Law Approved by State Senate Commission

Bob Hertzberg, Californian Senator, introduced a new proposal (Senate Proposal 1137) in February that suggests a modification to the punitive policy in California in order to make it an offense to intentionally fix ransomware on a CPU. The proposal has now been approved by the Senate’s Commission on Public Security, getting it a stage nearer … Read more