Security researchers this week have found a new vulnerability that affects Wi-Fi Protected Access II, also known as WPA2, which is the security protocol used by many wireless networks. The vulnerability, dubbed “KRACK,” which stands for “Key Reinstallation AttaCK”, allows intruders to breach into WPA2 and steal the data that is being transmitted between a … Continue Reading
The Federal Trade Commission (FTC) has concentrated on small businesses this year with the launch of www.FTC.gov/SmallBusiness , which provides data security awareness information to small businesses. The site includes articles about data security, how to develop a data security plan, what happens when ransomware affects your business, what to do in response to a … Continue Reading
Arkansas Oral & Facial Surgery Center (AOFSC) was recently hit with ransomware that shut down access to health information of its patients and rendered some of it imaging files, including X-rays of patient inaccessible. On July 26, 2017, AOFSC became aware that a hacker was able to infiltrate its system and demand a ransom for … Continue Reading
In its cyber security incident report outlining vulnerabilities for the second quarter of 2017, security firm McAfee lists the health care sector as having suffered the most security incidents, which surpasses the public sector for the first time in six quarters. It confirmed that cyber-attacks against the health care sector continue to increase. Although that … Continue Reading
The Internal Revenue Service (IRS) has issued a warning alerting the public to a new email phishing scam that looks like a joint notice from the IRS and FBI about new tax laws. The phishing email uses the emblems of both agencies, and asks recipients to download an FBI questionnaire related to “changes of tax … Continue Reading
Women’s Health Care Group of Pennsylvania has notified approximately 300,000 patients that their protected health information has been compromised by a ransomware attack. Although the ransomware became active on May 16, 2017, an investigation into the attack showed that the intruders had access to the Group’s system since January of 2017. The intruders may have … Continue Reading
Following the most recent ransomware attack, known as NotPetya, (among other nicknames), many health care entities were victims of the ransomware, which prompted the Office of the National Coordinator (ONC) to issue guidance to assist health care entities in the aftermath. In two separate warnings/updates, ONC provides guidance to health care entities on what to … Continue Reading
Numerous hospitals were victims to last week’s (aka NotPetya) ransomware attack. But one hospital—Princeton Community Hospital in West Virginia–has admitted that it is going to replace its entire computer network after Petya froze its electronic medical record making it unable to treat patients. They could not restore the electronic medical record, could not pay the … Continue Reading
On the heels of the WannaCry ransomware attack last month, a new ransomware variant, Petya, hit organizations around the world on Tuesday and stopped them in their tracks—including a major law firm. This keeps us up at night and we have empathy for our colleagues. It also has affected at least one U.S. nuclear plant’s … Continue Reading
Following the frequent and varied ransomware attacks on health care entities over the past few years, the Office for Civil Rights (OCR) published guidance last summer to the health care industry reminding it that a ransomware attack could be a reportable breach under the HIPAA Breach Notification Rule. Despite the fact that many health care … Continue Reading
Social networking app Wishbone, which is used primarily by teenage girls to vote on various teenage type quizzes, like favorite entertainers or fashion, has been hacked. The intruders have reportedly gained access to users’ (again, primarily female minors) names, unique email addresses and mobile telephone numbers. Not just a few, either. The data compromised included … Continue Reading
The fall-out from WannaCry continues, particularly in the healthcare sector. There are new reports that WannaCry affected at least two hospital systems in the U.S. and encrypted medical devices (power injector systems) in the hospitals. There are additional anecdotal reports that other medical devices were affected by WannaCry. According to medical device company spokesmen, if … Continue Reading
In response to the WannaCry ransomware attack that infiltrated the computer systems of health care systems and other entities worldwide on or around May 12, 2017 (previously discussed here), HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) issued a series of updates to provide consumers and potentially affected organizations with information on … Continue Reading
We have read multiple reports on WannaCry and if you are reading this and don’t know what WannaCry is, Google it for the background story. The clear message is this is not the last major attack we will see, and future attacks will only get more sophisticated. It is being estimated that the cost associated … Continue Reading
Over the past week, many clients and individuals have asked me why some companies and health care facilities were devastated by the WannaCry ransomware, and why others made it through the weekend without a blink of an eye. Simplistically, it is because those who pay attention to security patches that they receive from technology vendors … Continue Reading
We have previously reported on the vicious ransomware Locky and how it victimized companies throughout 2016 [View previous posts here, here, and here]. Although Locky quieted down in late 2016, according to researchers at Cisco Talos, Locky is perking up again in 2017 in a major way. Only this time, instead of using phishing email … Continue Reading
We follow the Verizon Data Breach Investigation Report each year. It just hit the news stand and as always, is full of insights. The report collected data from 65 organizations in 84 countries, including 42,068 cybersecurity incidents and 1,935 data breaches. The major themes of the report are: No one thinks it’s going to be … Continue Reading
ABCD Pediatrics, located in San Antonio, Texas has notified the Office for Civil Rights that a ransomware cyber intrusion has resulted in access to its servers, including the protected health information (PHI) of its patients. The ransomware used by the attackers was Dharma. The practice found through forensic analysis that access had been gained to … Continue Reading
Last week, IBM published its X-Force Threat Intelligence Index (Index), which summarizes the state of leaked records and vulnerabilities to data in 2016. It is depressing, but informative. The Index notes that the number of compromised records “grew a historic 566 percent in 2016 from 600 million to more than 4 billion.” Billion with a … Continue Reading
For decades, it has been assumed that MacBook and iPhone devices are hack proof and virus free. Their advertisements and claims for being indestructible were never questioned. Yet, nothing is truly immune to intrusion. Consumers pay a high premium for the slick and glossy Apple devices. Their superior brand has continued to sell and grow … Continue Reading
My newest hero in the fight against ransomware is Little Red Door Cancer Services of East Central Indiana (Little Red Door). I am sending a donation to it to celebrate its courage in the last few weeks. Little Red Door is a small not-for-profit agency in Indiana devoted to help cancer victims during their treatment, … Continue Reading
On December 30, 2016, the Los Angeles Community College computer network was kidnapped by cyber criminals requesting a ransom for its return. The ransomware encrypted the college’s entire network system, including email and voice mail systems. Rather than attempt to restore all of the data days before classes were to resume, on January 4, 2017, … Continue Reading
A recent IBM study shows that ransomware increased 6,000 percent in 2016 over 2015. According to the report, ransomware was present in almost 40 percent of all spam email messages. Ransomware is big business, since according to IBM Research, over 70 percent of business victims of ransomware pay the ransom for the key to get … Continue Reading
The No More Ransom Project, a coalition of security companies and law enforcement, which was launched through a partnership with the European Cybercrime Centre, the National High Tech Crime Unit of the Netherlands police, Kaspersky Lab and Intel Security has added 30 new members and 32 new decryption tools to combat ransomware variants. The Project … Continue Reading
