On July 9, 2018, Cass Regional Medical Center (CRMC) in Harrisonville, Missouri was hit with a ransomware attack that led to a complete shutdown of its electronic health record (EHR) and the diversion of trauma and stroke patients. According to CRMC, the attack affected CRMC’s internal communications system and “access to” its EHR. In response, … Continue Reading
Medical transcription provider MEDantex has reportedly exposed the protected health information of thousands of patients through its unsecured provider portal, which did not require a password for access. According to reports, including KrebsOnSecurity, the patients’ audio medical notes were uploaded to MEDantex’s website, which were then to be transcribed and uploaded to a portal accessible … Continue Reading
The health care industry continues to get hammered by SamSam ransomware attacks, to the point that the Department of Health and Human Services Healthcare Cybersecurity and Communications Integration Center (HCCIC) has issued a report outlining the danger of ongoing SamSam ransomware campaigns, with tips to help organizations detect and block SamSam. According to the report, … Continue Reading
Verizon recently issued its Protected Health Information (PHI) Data Breach Report, which is always an interesting read. Not surprisingly, Verizon’s report concludes that based upon analysis of 1,360 security incidents involving the health care sector, 58 percent of the incidents were caused by insiders and 42 percent were caused by external threats. Insider threats can … Continue Reading
The recently released Protenus Healthcare Breach Barometer report notes that in January, 2018, at least 473,807 patient records were compromised in 37 breaches reported to the Office for Civil Rights. Twelve of the reported breaches were attributable to insiders, which was 32 percent of the data breaches reported in January. Seven of those incidents were … Continue Reading
Lazarus, the well-known hacking group responsible for the WannaCry ransomware attack from last year, as well as the attack on the Bangladesh Central Bank and Sony, is now targeting global financial firms and Bitcoin adopters with a phishing campaign dubbed “HaoBao.” The phishing campaign was discovered by McAfee Labs in mid-January. The way it works … Continue Reading
It is a myth that employees hate training and education. I have seen it with my own eyes. It is very exciting to watch an audience visibly cover their mouths when real life stories are told about cyber-attacks and phishing incidents that employees’ conduct cause because they are working too fast, not paying attention to … Continue Reading
Allscripts Healthcare Solutions Inc. notified its electronic medical record customers last week that a ransomware attack was behind the disruption of service for medical providers. Allscripts became the victim of the ransomware “SamSam” on January 18 which shut down providers’ access to their electronic medical records. Allscripts was able to restore some access, but a … Continue Reading
A new report issued by the World Economic Forum (WEF), called “Global Risks Report 2018,” lists the threat of cyber-warfare and cyber-attacks affecting the public as the world’s third greatest threat in 2018, only behind natural disasters and extreme weather. The report notes that because of an increased global reliance on connected devices and the … Continue Reading
Just before the false alarm last weekend in Hawaii when residents were erroneously warned of an impending missile attack, think tank Chatham House issued a report stating that it had identified vulnerabilities in nuclear weapons systems located throughout the world that made them susceptible to malware and ransomware attacks that could lead to inadvertent missile … Continue Reading
It has been predicted that the healthcare industry will continue to be lambasted with ransomware in 2018. It has also been predicted that attackers will move from taking sensitive information hostage to sabotage, service disruption, physical damage and malicious deletion or changes to the integrity of data. Unfortunately, the year has started off true to … Continue Reading
Our experience last year is consistent with the conclusion of a new report issued by Cryptonite in its 2017 Health Care Cyber Research Report—that the number of hacking events targeted at health care entities involving ransomware increased a whopping 89% from 2016. The report analyzed the self-reporting database of the Office for Civil Rights (OCR) … Continue Reading
There is no relief in sight for combating new strains of ransomware. One new ransomware, dubbed the Spider virus, was discovered by researchers at Netskope on December 10, 2017, and continues to attack victims to date. To implement the Spider Virus, attackers send malicious emails containing a Microsoft Office attachment that includes macros to potential … Continue Reading
It is estimated that we will spend $4 billion online this year, including on Cyber Monday, coming up in just a few days. With the increase in online shopping, particularly over the holidays, it is prime time for scheming scammers to take advantage of the unwary online shopper. Here are some things to think about … Continue Reading
We previously warned readers about the Locky ransomware, which is potent and designed to use phishing emails to lure users to click on links and attachments, including pdfs. Now, researchers at Cylance have discovered that a new Locky variant, known as Diablo6, is a variant of Locky, but much more difficult to detect. According to … Continue Reading
There have been a myriad of research studies attempting to come up with the “cost” of a data breach. The most recent, released by AT&T, estimates that it costs organizations $3.6 million to recover from a data breach. The AT&T team surveyed 700 IT professionals in all industry sectors, and found that the biggest risks … Continue Reading
Beazley has published a report outlining data breaches in the first nine months of 2017. The report notes that the highest cause of a data breach in 2017 so far are unintended disclosures, which accounted for 41 percent of all incidents. Beazley stated: “We urge organizations not to ignore this significant risk and to invest … Continue Reading
The U.S. Computer Emergency Readiness Team (US-CERT)is warning companies in the U.S. about a new ransomware dubbed “Bad Rabbit.” US-CERT stated that it has received multiple reports of infections by Bad Rabbit in countries around the world. According to security researchers, Bad Rabbit poses as an Adobe update and when the user clicks on the … Continue Reading
Unfortunately, September was another banner month for data breaches involving the health care industry. According to the Office for Civil Rights (OCR) website, 39 data breaches involving over 500 records were reported to the OCR in the month of September. This does not include all records breached, as health care entities have until February 2018 … Continue Reading
Security researchers this week have found a new vulnerability that affects Wi-Fi Protected Access II, also known as WPA2, which is the security protocol used by many wireless networks. The vulnerability, dubbed “KRACK,” which stands for “Key Reinstallation AttaCK”, allows intruders to breach into WPA2 and steal the data that is being transmitted between a … Continue Reading
The Federal Trade Commission (FTC) has concentrated on small businesses this year with the launch of www.FTC.gov/SmallBusiness , which provides data security awareness information to small businesses. The site includes articles about data security, how to develop a data security plan, what happens when ransomware affects your business, what to do in response to a … Continue Reading
Arkansas Oral & Facial Surgery Center (AOFSC) was recently hit with ransomware that shut down access to health information of its patients and rendered some of it imaging files, including X-rays of patient inaccessible. On July 26, 2017, AOFSC became aware that a hacker was able to infiltrate its system and demand a ransom for … Continue Reading
In its cyber security incident report outlining vulnerabilities for the second quarter of 2017, security firm McAfee lists the health care sector as having suffered the most security incidents, which surpasses the public sector for the first time in six quarters. It confirmed that cyber-attacks against the health care sector continue to increase. Although that … Continue Reading
The Internal Revenue Service (IRS) has issued a warning alerting the public to a new email phishing scam that looks like a joint notice from the IRS and FBI about new tax laws. The phishing email uses the emblems of both agencies, and asks recipients to download an FBI questionnaire related to “changes of tax … Continue Reading
