Ransomware Impacts

McKnights Senior Living, March 4, 2022

A Canadian national indicted in 2020 in a $27 million ransomware fraud case affecting the senior living industry recently was extradited to the United States to face those charges.

Sebastien Vachon-Desjardins was indicted on conspiracy to commit computer fraud and wire fraud, intentional damage to a protected computer, and transmitting a demand in relation to damaging a protected computer.

Read full McKnights Senior Living article.

Crosscut, March 14, 2022

With limited IT resources, smaller public agencies in the state are among recent targets for ransomware attacks.

Read full Crosscut article.

Security Week, March 14, 2022

The most recent cyberattack – and most impactful – targeted South Denver Cardiology Associates and resulted in the data of more than 287,000 patients being exfiltrated.

The Colorado firm identified the attack on January 4 and later discovered that an unknown party had access to certain systems in its network between January 2 and January 5, 2022.

Read full Security Week article.

SC Media, March 11, 2022

Alabama-based Norwood Clinic notified 228,103 patients that their data was potentially accessed or acquired after a cyberattack in October 2021.

Upon discovery, the systems were secured and the security team worked to “safely restore its systems and operations.” The notice does not disclose whether the attack was caused by ransomware. The investigation determined the hackers gained access to servers containing patient information during the incident.

Read full SC Media article.

SC Media, March 10, 2022

Securing the healthcare sector is a crucial part of national security. Particularly as the spread of COVID-19 wanes and is replaced by heightened geopolitical tensions, advocating for and investing in critical cybersecurity defenses will protect patients, and the country, from harm.

Read full SC Media article.

American Hospital Association, March 9, 2022

Health-ISAC is issuing a threat bulletin regarding ongoing and increased Conti Ransomware activity provided in an updated Joint Cybersecurity Advisory (AA21-265A) by the United States Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the United States Secret Service (USSS). Conti Ransomware affiliates remain active in which reported cyber attacks stemming from their ransomware-as-a-service (RaaS) operations against US and international organizations are increasing.

Read full AHA article.

CPO Magazine, March 4, 2022

Irish Foreign Minister Simon Coveney described the incident as a “very serious attack.” Similarly, Irish Minister of State Ossian Smyth claimed it was “possibly the most significant cybercrime attack on the Irish State.”

Read full CPO Magazine article.

HIMSS, March 4, 2022

The U.S. Department of Health & Human Services has issued a Health Sector Cybersecurity Coordination Center (HC3) analyst note regarding the Russia-Ukraine cyber conflict and potential threats to the U.S health sector.

Read full HIMSS article.

Info Security Magazine, March 3, 2022

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to the US health sector over the possibility of collateral cyber-attacks linked to Russia’s invasion of Ukraine.

In a notice issued Tuesday, HC3 said that the conflict had “as expected, spilled over into cyber space,” and identified three potential threat groups which could possibly target American healthcare organizations.

Read full Info Security Magazine article.

Gov Info Security, March 2, 2022

A West Virginia-based healthcare entity that reported a phishing breach in December affecting nearly 399,000 individuals this week reported a separate security incident that appears to have potentially involved ransomware.

Read full Gov Info Security article.

Health IT Security, March 2, 2022

Sophos disclosed an unusual case of two separate ransomware gangs targeting one healthcare organization simultaneously.

Read full Health IT Security article.

Gov Info Security, March 1, 2022

HHS HC3: Beware of 3 Main Threat Groups, 2 Wiper Malware Variants

Federal authorities are warning that while they are unware of specific cyberthreats to the U.S. healthcare and public health sector related to Russia’s attack on Ukraine, entities in those sectors should stay proactive and vigilant to at least three main potential threat groups and two wiper malware variants.