Health IT Security, December 23, 2022
MultiCare Health System in Washington suffered a third-party data breach that originated at its mailing service provider, Kaye-Smith. As previously reported, the breach at Kaye-Smith impacted other healthcare organizations, including 31,573 individuals at St. Luke’s Health System in Idaho. The breach impacted more than 23,000 individuals at MultiCare.
IT World Canada, December 22, 2022
The impact of the ransomware attack that hit Toronto’s Hospital for Sick Children may last for weeks. In an online statement today the hospital said it anticipates that it will be a matter of weeks before all systems are functioning as normal. There is no evidence to date that personal information or personal health information has been impacted.
SC Media, December 22, 2022
The pro-Russian hacktivist group known as “KillNet” targeted a U.S. healthcare entity. The attack should serve as a warning to provider organizations to be on the alert and shore up defenses to prevent a similar outcome, according to the latest Department of Health and Human Services Cybersecurity Coordination Center alert.
Tech Report, December 21, 2022
A new ransomware named Royal has infected Healthcare and Public Healthcare sectors in the US. It is unknown how many successful attacks have occurred but Health Sector Cybersecurity Coordination Center (HC3) have stated that ransoms from $250,000 to over $2 million USD have been demanded.
SC Media, December 21, 2022
Ransomware attacks rose 41% last month as threat actor groups shifted top spots, according to new research from NCC Group.
SC Media, December 19, 2022
Provider organizations are being urged to prioritize patching of a critical vulnerability in the Citrix Application Delivery Controller and Gateway platforms, as threat actors have already compromised multiple healthcare entities by exploiting the flaw.
Gov Info Security, December 16, 2022
Nearly a quarter million Medicare beneficiaries require new identifiers and ID cards following a ransomware attack on a government contractor that compromised a range of sensitive personal and health information.
SC Media, December 15, 2022
The Department of Health and Human Services Centers for Medicare and Medicaid Services is currently notifying 254,000 out of its 64 million Medicare beneficiaries that their data was compromised after a ransomware attack on one of its third-party vendors.
Becker’s Health IT, December 14, 2022
The Health Sector Cybersecurity Coordination Center, or HC3, is warning healthcare organizations to be on the lookout for the BlackCat ransomware variant.
Known to be in operation since November 2021, BlackCat has already targeted the healthcare and public health sector and is expected to continue, according to the Dec. 12 HC3 analyst note. It is “part of one of the most sophisticated ransomware-as-a-service operations in the global cybercriminal ecosystem,” HC3 said.
Health IT Security, December 14, 2022
The HHS Health Sector Cybersecurity Coordination Center (HC3) issued two new analyst notes detailing the tactics and indicators of compromise for LockBit 3.0 and BlackCat. The LockBit ransomware family and the BlackCat ransomware variant have been observed targeting the healthcare sector.
Healthcare organizations should remain vigilant and apply recommended mitigations to reduce risk.
Healthcare Info Security, December 14, 2022
Ransomware operations have become expert at finding ways to make a victim pay, and healthcare organizations are no exception. But experts say there are multiple steps healthcare sector entities in particular can take to better protect themselves and ensure that in the event of an attack, they can quickly restore systems and never have to consider paying a ransom.
Bank Info Security, December 13, 2022
A ransomware attack on the Irish healthcare system in 2021 has caused 80 million euros in damages and counting as the government continues to notify victims of the incident that their personal information was illegally accessed and copied.
Approved for Public Release; Distribution Unlimited. Public Release Case Number 21-xxxx.