Latest News Articles
| Title | Description |
|---|---|
| ‘Lock it down and piss people off’: How quick thinking stopped a ransomware attack from crippling a Florida hospital |
Erie News Now, January 16, 2022 It was approaching midnight on Sunday and the head of IT at a Florida hospital had a problem. The emergency room of Jackson Hospital, a 100-bed facility on Florida’s panhandle, called to report that it couldn’t connect to the charting system that doctors use to look up patients’ medical histories. Jamie Hussey, Jackson Hospital’s IT director, soon realized that the charting software, which was maintained by an outside vendor, was infected with ransomware and that he didn’t have much time to keep the computer virus from spreading. |
| ‘Cyber insecurity’ in healthcare is leading to increased patient mortality rates |
Tech Republic, September 12, 2022 A new report finds that ransomware attacks are delaying procedures and tests, resulting in poor patient outcomes and increased complications from medical procedures. |
| #StopRansomware: Cuba Ransomware |
CISA, December 1, 2022 The Federal Bureau of Investigation (FBI) and CISA released a joint Cybersecurity Advisory (CSA) #StopRansomware: Cuba Ransomware to provide network defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Cuba ransomware. |
| #StopRansomware: Daixin Team |
CISA, October 21, 2022 Alert (AA22-294A) The FBI, CISA, and Department of HHS are releasing this joint CSA to provide information on the “Daixin Team,” a cybercrime group that is actively targeting U.S. businesses, predominantly in the Healthcare and Public Health (HPH) Sector, with ransomware and data extortion operations. |
| #StopRansomware: Hive Ransomware, CISA Alert (AA22-321A) |
CISA, November 17, 2022 This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. |
| 10 biggest healthcare data breaches of 2021 impact over 22.6M patients |
SC Media, December 21, 2021 The biggest healthcare data breaches reported in 2021 each impacted more than 1 million patients, with more than 22.64 million patients affected overall. Considering the runner-up incident claimed 1.2 million breach victims, the year has seen some of the largest cybersecurity impacts in healthcare’s history. |
| 10 more anesthesia practices added to healthcare management breach tally |
SC Media, November 9, 2022 The Department of Health and Human Services breach reporting tool shows at least 10 more anesthesia practices have been added to the “data security incident” at a healthcare management company, first reported in October. |
| 10 nations coordinate shutdown of ransomware VPN service |
SC Media, January 18, 2022 On Monday, law enforcement agencies in 10 nations, including the FBI in the United States, shut down a 15-server VPN service used to anonymize ransomware attacks. |
| 11 hospitals, health systems that experienced data breaches in June |
Becker’s Health IT, June 22, 2022 Several health systems have reported data breach incidents that have compromised patient data and IT systems during June. |
| 134K Common Ground plan members added to vendor’s ransomware fallout |
SC Media, August 31, 2022 Common Ground Healthcare Cooperative recently informed 133,714 plan members that their data was likely accessed during a hacking incident and subsequent ransomware attack of its mailing vendor, OneTouchPoint. |
| 2 Health Plans Report Major Breaches Following Attacks |
Data Breach Today, May 19, 2022 Two recent apparent ransomware attacks on health plans – one allegedly involving Conti, and the other Hive, have potentially affected hundreds of thousands of individuals. One of the health plans is already facing legal fallout. |
| 2 Latest Health Data Hacks Affect Over 200,000 Individuals |
Gov Info Security, March 23, 2022 A public health department in Washington state and a medical specialty practice in New Jersey are among the latest healthcare entities reporting major hacking incidents affecting tens of thousands of individuals’ sensitive health information. |
| 2022 Verizon Breach Report: Alarming Rise in Ransomware |
Gov Info Security, June 2, 2022 The 15th edition of the annual Data Breach Investigations Report, published by Verizon on May 24, sheds light on the impact of common forms of cyberattacks on the international security landscape. The data analyzed in the report has been gathered from law enforcement agencies, forensics and law firms, Computer Emergency Response Teams, Information Sharing and Analysis Centers, and government agencies of several countries. |
| 3 Health Data Hacks Affect 1.4 Million Individuals |
Info Risk Today, May 24, 2022 Hacking incidents recently reported as major data breaches by three different types of health sector entities – a children’s hospital, a managed care plan and a government contractor – have in total compromised the sensitive information of more than 1.4 million individuals. |
| 320K Impacted in EHR Vendor Breach, Ransomware Hits Health Systems |
Health IT Security, November 9, 2021 An EHR vendor breach exposed the PHI of 320K, while unauthorized email access and ransomware disrupted the operations of other health systems. |
| 39 Ransomware Groups Targeted Healthcare in the Past 18 Months |
Cybersecurity News, December 17, 2021 A dozen ransomware groups targeted healthcare despite making promises to not go after the sector, CyberPeace Institute data revealed. |
| 39 Ransomware Groups Targeted Healthcare in the Past 18 Months |
Health IT Security, December 17, 2021 A dozen ransomware groups targeted healthcare despite making promises to not go after the sector, CyberPeace Institute data revealed. |
| 4 Healthcare Cybersecurity Challenges and How to Combat Them |
Campus Safety, November 17, 2021 As the healthcare industry becomes more technologically connected, the risk of cyber theft also increases. Digital technologies make it easier and more efficient to deliver patient care and provide better outcomes. However, the rise of digital technologies and the growing interconnectedness between different healthcare systems come with increasing healthcare cybersecurity threats. |
| 46% of All Ransomware Attacks Happen in the United States, NordLocker Says |
Digital Transactions, September 27, 2022 One country—the United States—accounts for 46% of all ransomware attacks, a sobering statistic revealed in a new report from NordLocker, a European cybersecurity provider. |
| 5 more organizations added to Eye Care Leaders attack total, now biggest PHI breach of 2022 |
SC Media, June 23, 2022 The impact from the Eye Care Leaders ransomware attack continues to expand, with five more covered entities reporting impacts to patient data in the last week. |
| 560 Healthcare Providers Fell Victim to Ransomware Attacks in 2020 |
Health IT Security, January 19, 2021 In 2020, Emsisoft data shows 560 healthcare provider facilities fell victim to ransomware attacks, of an overall 2,354 US entities hit by the malware variant. |
| 7 health systems affected by data breaches in the last 30 days |
Becker’s Health IT, November 21, 2022 From a third-party data breach to phishing schemes that compromised employee email accounts, seven health systems have been affected by a cybersecurity incident since Oct. 27. |
| A Cybersecurity Diagnosis for the Healthcare Sector with Breach-Likelihood |
MENA FN, December 13, 2021 For more than the past decade, healthcare has been the biggest target of data breaches. The total average cost has increased to $9.23 million in 2021 from $7.13 million the previous year, demonstrating a 29.5% rise. Cyberattacks in healthcare are unfortunately not limited to their financial, regulatory, and reputational impact since they have a direct consequence on lives. |
| A New Era of Ransomware |
Cyber Security Intelligence, July 20, 2022 For months, Costa Rica has been on the frontlines of unprecedented ransomware attacks that have impacted just about every aspect of life. Essential services have been crippled, teachers have been unable to collect their paychecks, doctors have been prevented from tracking the spread of COVID-19, all while international trade has ground to a halt. |
| A ransomware attack on a debt collection firm is one of 2022’s biggest health data breaches |
Yahoo! News, July 13, 2022 The Colorado-based Professional Finance Company, known as PFC, which contracts with “thousands” of organizations to process customer and patient unpaid bills and outstanding balances, disclosed on July 1 that it had been hit by ransomware months earlier in February. |
| A small Canadian town is being extorted by a global ransomware gang |
MSN, July 22, 2022 The Canadian town of St. Marys, Ontario, has been hit by a ransomware attack that has locked staff out of internal systems and encrypted data. |
| Aaron Weismann on ransomware attacks |
Becker’s Health IT, September 12, 2022 Ransomware and other cyberattacks are part of our world, and health system CIOs need to be prepared for them. Aaron Weismann, chief information security officer at Main Line Health system in Radnor Township, Pa., stopped by the “Becker’s Healthcare Digital Health + Health IT” podcast to discuss ransomware attacks. |
| Additional 15K added to Eye Care Leaders’ already record-setting breach tally |
SC Media, November 18, 2022 Another 15,000 patients have been added to the breach tally of the Eye Care Leaders ransomware attack from nearly one year ago. |
| Additional Healthcare Firms Disclose Impact From Netgain Ransomware Attack |
Security Week, January 17, 2022 Healthcare providers Caring Communities and Entira Family Clinics are warning patients that their personal information may have been exposed in a data breach that hit tech vendor Netgain Technology more than a year ago. In late November 2020, Netgain, which provides managed IT services to organizations in sectors such as accounting, healthcare, and legal, fell victim to a ransomware attack that also resulted in the compromise of customer data. |
| Adopt NIST cybersecurity standards, health care leader urges |
SC Media, October 5, 2021 At a basic level, the health care sector is a human-focused business with highly advanced technologies and a public expectation to drive innovation — often within stringent resources. Despite a tremendous amount of endpoints and advanced technologies, providers must protect themselves using The Health Insurance Portability and Accountability Act Security Rule. |
| Adopting Defense In Depth Strategies to Combat Healthcare Cyberattacks |
Health IT Security, January 11, 2022 The AHA’s John Riggi and Attivo Networks’ Carolyn Crandall share insights on how organizations can navigate current healthcare cyberattack threats by using defense in depth strategies. |
| Aesto Health, Aon PLC, Alameda Health System Suffer Healthcare Data Breaches |
Health IT Security, June 10, 2022 Three organizations suffered healthcare data breaches and reported them to HHS recently. All three incidents described below involved unauthorized access to certain systems or email accounts. |
| After Hive cyberattack, Partnership HealthPlan confirms data theft affecting 855K |
SC Media, May 31, 2022 Following reports of network downtime after a cyberattack in March, Partnership HealthPlan of California has since confirmed the Hive ransomware group stole a trove of health information ahead of the ransomware deployment. Reports show 854,913 patients were impacted. |
| After widespread hospital attacks, targeting of health care industry continues to rise |
SC Media, January 5, 2021 A wave of ransomware attacks against hospitals in the United States and United Kingdom late last year shocked the conscious of many cybersecurity professionals. Things have only gotten worse for the health care industry since then. |
| Agencies urge health sector to protect against ransomware threat |
American Hospital Association, November 18, 2022 The FBI, Cybersecurity & Infrastructure Security Agency, and Department of Health and Human Services yesterday recommended actions to reduce the risk of compromise from Hive ransomware, which has victimized over 1,300 health care and other organizations since last June. |
| AI and open-source intelligence can mitigate ransomware and cryptocurrency risks |
SC Media, November 18, 2022 The Second International Counter Ransomware Initiative (CRI) Summit held recently at the White House turned the spotlight on the need to counter cybercriminal and other threat actors’ efforts to use the cryptocurrency ecosystem to garner payments and mask illicit activity. Read full SC Media article. |
| AIIMS Delhi turns manual following ransomware attack |
Healthcare IT News, November 28, 2022 On 23 November, the All India Institute of Medical Sciences in New Delhi, India reported an IT outage due to a suspected ransomware attack. |
| Alert (AA22-223A), #StopRansomware: Zeppelin Ransomware |
CISA, August 11, 2022 The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Zeppelin ransomware IOCs and TTPs associated with ransomware variants identified through FBI investigations as recently as 21 June 2022. |
| American Dental Association hit by new Black Basta ransomware |
Bleeping Computer, April 26, 2022 The American Dental Association (ADA) was hit by a weekend cyberattack, causing them to shut down portions of their network while investigating the attack. |
| Another 1.3M patients added to data breach tally of ransomware attack on Eye Care Leaders |
SC Media, June 16, 2022 Approximately 1.29 million patients of Texas Tech University Health Sciences Center have been added to the ongoing fallout from the Eye Care Leaders ransomware attack and data theft from December 2021. |
| Are Medical Devices at Risk of Ransomware Attacks? |
The Hacker News, January 3, 2022 In May 2017, the first documented ransomware assault on networked medical equipment happened. The worldwide ransomware assault WannaCry compromised radiological and other instruments in several hospitals during its height, after a software failure caused by a cyberattack on its third-party vendor’s oncology cloud service, cancer patients having radiation therapy at four healthcare institutions had to reschedule appointments. |
| Are Ransomware Payments Covered by Cyberinsurance? |
Security Boulevard, November 19, 2021 There seems to be a pattern in data breach and other cyberattack cases: After a breach, a company turns to its insurer for coverage. Sometimes they have specialized cyberinsurance, sometimes not. But often, even if they have paid for what they believe to be comprehensive cybersecurity risk insurance, the insurer refuses to pay the claim. |
| As fewer victims pay ransoms, Conti gang looks to sell victim data |
SC Media, October 26, 2021 Conti is changing its business model. Rather than post leak data as a threat, Conti is now offering stolen data from victims who have not paid ransoms for sale to outside buyers. It may be the next evolution for ransomware gangs left with boatloads of unmonetized data after victims have become dramatically less likely to pay ransoms over just the past quarter. |
| As VMFH network outage hits Day 4, concerns of ransomware attack on health giant grow |
MSN, October 6, 2022 Concerns are growing over the source and possible ripple effect of a cyber event that’s hobbled one of the Puget Sound area’s main health systems and kept its online network down for four days straight. |
| Associated Eye Care Discloses Impact From 2020 Netgain Ransomware Attack |
Security Week, July 11, 2022 Montana-based Associated Eye Care Partners (AEC) has started informing patients that their personal data might have been compromised during an old ransomware attack targeting Netgain. |
| At Half-Year Mark, Ransomware, Vendor Breaches Dominate |
Gov Info Security, July 14, 2022 Ransomware incidents and breaches involving business associates affecting millions of individuals dominate the hundreds of major health data breaches reported so far this year to federal regulators. The trends underscore a troubling weakness for the healthcare industry, which depends on third parties to process claims, handle billing and otherwise operate the administrative side of medical care. |
| Attack dwell times drop, ransomware TTPs evolve, China ramps up espionage activity |
CSO, April 19, 2022 M-Trends 2022 report delivers detailed assessment of the evolving global cyber threat landscape highlighting prevalent attack vectors and most targeted industries. |
| Attack sophistication means health care cybersecurity requires digital resilience |
SC Media, August 6, 2021 Cybercriminals have not taken a vacation during the pandemic and have continued to modify their tactics to great success. Recent security incidents reflect the nature of the threat landscape and serve as a reminder that even entities with strong cybersecurity practices can be exploited. |
| Australia’s Medibank drops after ransomware attack in IT network |
Reuters, October 17, 2022 Shares of Medibank Private Ltd (MPL.AX) dived nearly 5% on Monday even after the Australian health insurer assured clients that normal business operations have resumed following an attempted ransomware attack on its network. |
| Australia’s Medibank Health Insurance Data Held for Ransom, 200 GB of Medical Records Stolen |
CPO Magazine, October 24, 2022 Cybersecurity woes for major Australian firms continue as health insurance giant Medibank experienced a data breach that saw 200 GB in medical records stolen by a hacker and held for ransom. |
| AZ Ransomware Attack Leads to Unrecoverable EHRs, Data Loss |
Health IT Security, September 10, 2021 An Arizona medical center will have to rebuild thousands of patient records after a ransomware attack resulted in corrupted EHRs and data loss. Read full Health IT Security article.
|
| Bad Actors Target Small Clinics With Healthcare Ransomware Attacks |
Health IT Security, September 30, 2021 Cybercriminals continue to target small healthcare facilities with ransomware attacks, causing EHR downtime and care disruptions. |
| Barracuda report reveals spike in ransomware to more than 1.2 million per month |
MSN, August 25, 2022 Barracuda, a provider of cloud-first security solutions, has released its fourth-annual threat research report on ransomware. The new report looks at ransomware attack patterns that occurred between August 2021 and July 2022. |
| Battling Ransomware in Healthcare |
Gov Info Security, April 29, 2022 The healthcare industry continues to be targeted by ransomware gangs, but there are efforts underway to help improve the health sector’s information security resiliency. |
| Beaumont Health Latest Victim of Accellion Data Breach |
Health IT Security, September 3, 2021 Nearly nine months after the Accellion data breach, Beaumont Health in Michigan joined a list of over 11 healthcare organizations impacted by the cyberattack. |
| Before CommonSpirit Health, 9 other healthcare ransomware attacks in 2022 |
Becker’s Health IT, October 14, 2022 Chicago-based CommonSpirit Health, the nation’s second-largest nonprofit health system, said Oct. 12 that it was experiencing a ransomware attack that has led to EHR shutdowns and canceled appointments and procedures at its hospitals across the country. |
| Biggest Healthcare Data Breaches Reported This Year, So Far |
Health IT Security, September 2, 2022 The healthcare sector suffered about 337 breaches in the first half of 2022 alone, according to Fortified Health Security’s mid-year report. More than 19 million records were implicated in healthcare data breaches in the first six months of the year. |
| BioTel Heart vendor breach left patients’ information public for nearly a year |
Becker’s Health IT, April 5, 2021 BioTel Heart began informing 38,575 patients that a vendor data breach may have left their personal information exposed for nearly a year. In a data breach notice, BioTel Heart said that on Jan. 28, the healthcare provider was informed about the data breach. It launched an investigation and learned that patients’ personal information was accessible to the public between Oct. 17, 2019, and Aug. 9, 2020. |
| BlackCat, LockBit 3.0 ransomware target healthcare with customizable tactics, triple extortion |
SC Media, December 13, 2022 Healthcare cybersecurity leaders are being urged to review the IOCs and the recommended proactive measures for defending against BlackCat and LockBit 3.0 ransomware variants given the continued targeting of healthcare environments. |
| BlackMatter Ransomware Attacks Threaten Healthcare, HC3 Says |
Health IT Security, September 9, 2021 HC3, HHS’s cybersecurity arm, released a threat brief breaking down the BlackMatter ransomware group’s origins, threat tactics, and likely targets. |
| BlackMatter Ransomware Attacks Threaten Healthcare, HC3 Says |
Health IT Security, September 9, 2021 HC3, HHS’s cybersecurity arm, released a threat brief breaking down the BlackMatter ransomware group’s origins, threat tactics, and likely targets. |
| BlackMatter Ransomware Group No Longer Active, HC3 Says |
Health IT Security, February 1, 2022 BlackMatter ransomware group, which orchestrated cyberattacks against healthcare organizations, appears to have shut down operations. |
| Breach update shows 2.6M individuals affected by Smile Brands data theft |
SC Media, April 26, 2022 In an update to its initial September 2021 breach notice, Smile Brands has assessed that the ransomware attack and subsequent data theft impacted approximately 2.6 million individuals. Smile Brands is a dental support services vendor. |
| Broader investment in cybersecurity beginning to pay dividends |
The Register, April 7, 2022 An increased willingness on the part of enterprises to invest in cybersecurity may finally be starting to make a difference, according to US law giant BakerHostetler. |
| Building a cyber-resilient healthcare organisation |
Express Healthcare, November 18, 2021 Mark Brown, MD-Cybersecurity, Information and Resilience, British Standards Institution (BSI) talks about the immediacy of cybersecurity in primary healthcare. |
| CA Attorney General Calls Out Unreported Healthcare Data Breaches |
Health IT Security, August 26, 2021 After multiple ransomware attacks went unreported, California’s attorney general issued a bulletin to providers reminding them to report healthcare data breaches. |
| California health plan facing network disruptions after alleged Hive ransomware attack |
SC Media, April 1, 2022 Partnership HealthPlan of California (PHC) is currently experiencing computer system disruptions and working to recover its network with support from third-party forensic specialists. Multiple reports allege the Hive ransomware group is behind the attack. |
| Canadian extradited to U.S. in $27 million ransomware case affecting senior living |
McKnights Senior Living, March 4, 2022 A Canadian national indicted in 2020 in a $27 million ransomware fraud case affecting the senior living industry recently was extradited to the United States to face those charges. Sebastien Vachon-Desjardins was indicted on conspiracy to commit computer fraud and wire fraud, intentional damage to a protected computer, and transmitting a demand in relation to damaging a protected computer. |
| Canadian health, energy sectors increasingly targeted by ransomware attacks |
MSN, December 6, 2021 Canada’s cyber defence agency says more than half of Canadian ransomware victims in 2021 were in critical sectors like health care, energy and manufacturing. Now, the Communications Security Establishment (CSE) and the RCMP are urging Canadian businesses to upgrade their cyber security — and to report any ransomware attacks, even if they decide to pay the hackers. |
| Canadian healthcare provider’s unpatched Exchange server exploited twice by ransomware gangs |
IT World Canada, March 1, 2022 Two ransomware gangs separately exploited an unpatched on-premises Microsoft Exchange server at a Canadian healthcare provider last year to steal and hold data hostage, although security updates to prevent successful attacks had been issued months earlier. |
| Canadian province health care system disrupted by cyberattack |
Bleeping Computer, November 1, 2021 The Canadian province of Newfoundland and Labrador has suffered a cyberattack that has led to severe disruption to healthcare providers and hospitals. The attack took place on October 30th, causing regional health systems to shut down their networks and cancel thousands of medical appointments. |
| Capital Region Medical Center targeted in cyber attack |
News Tribune, December 23, 2021 Capital Region Medical Center broke its silence Wednesday on an incident that left its network and phone systems down over the past six days. CRMC discovered a disruption early Friday morning to its network systems. It disabled its network as a security measure and initiated an investigation into the incident. Investigators determined the breach was because of a cybersecurity incident. |
| Challenges remain for healthcare cybersecurity |
Tech HQ, January 5, 2022
|
| CHI Health begins bringing computer systems back up after ransomware attack |
Omaha World-Herald, October 18, 2022 CHI Health announced Tuesday that the health system is in the process of restoring electronic systems that were taken offline after a ransomware attack. |
| CIS Launches No-Cost Ransomware Service for U.S. Hospitals |
Center for Internet Security (CIS), February 18, 2021 The nonprofit Center for Internet Security announced this week that it had launched a no-cost ransomware protection service for private hospitals in the United States. The Malicious Domain Blocking and Reporting service, which is already available for public hospitals, health departments and healthcare organizations, uses Enterprise Threat Protector software from the cybersecurity vendor Akamai to proactively identify, block and mitigate targeted threats. |
| CISA and FBI Warn of Zeppelin Ransomware Threat to Healthcare Organizations |
HealthTech, August 18, 2022 As part of their ongoing efforts to help healthcare organizations prevent cyberattacks, the FBI and Cybersecurity and Infrastructure Security Agency released a new cybersecurity advisory (CSA) warning health IT leaders about a recent ransomware threat known as Zeppelin. |
| CISA Announces Joint Ransomware Task Force |
Security Boulevard, May 25, 2022 Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly announced the formation of a joint ransomware task force, plans for which were originally outlined in the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). |
| CISA forms public-private partnership to fight ransomware, work on cyber defense strategy |
SC Media, August 5, 2021 The Cybersecurity and Infrastructure Security Agency announced Thursday the formation of a new committee that will bring government and industry together to work on cybersecurity issues. The move continues the Biden administration’s more proactive stance on cyber that began in May. |
| CISA Launches Campaign to Reduce the Risk of Ransomware |
Cybersecurity & Infrastructure Security Agency (CISA), January 21, 2021 The Cybersecurity and Infrastructure Security Agency (CISA) announced the Reduce the Risk of Ransomware Campaign today, a focused, coordinated and sustained effort to encourage public and private sector organizations to implement best practices, tools and resources that can help them mitigate this cybersecurity risk and threat. |
| CISA Launches Platform, Joint Effort to Fight Ransomware |
Government CIO, August 03, 2021 More education and information-sharing will boost the fight against ransomware, according to federal cyber leaders.
|
| CISA Observes Increased Critical Infrastructure Ransomware Threats |
Health IT Security, February 11, 2022 CISA, the FBI, and the NSA observed ransomware attacks against 14 of the 16 US critical infrastructure sectors last year. |
| CISA Releases Guidance on Protecting PII From Ransomware Attacks |
Health IT Security, August 30, 2021 CISA released a fact sheet on protecting PII from ransomware attacks in light of recent high-profile cyberattacks that put personal data in jeopardy. |
| CISA Warns Critical Infrastructure of Holiday Ransomware Risks |
Health IT Security, November 23, 2021 CISA warned US critical infrastructure entities to stay vigilant against ransomware and other cyber threats during the upcoming holiday. |
| CISA, FBI Alert Healthcare Sector of Cuba Ransomware Tactics |
Health IT Security, December 5, 2022 The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint cybersecurity advisory to warn critical infrastructure organizations of tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Cuba ransomware. |
| CISA, FBI, FinCEN Warn of MedusaLocker Ransomware Cyber Risks |
Health IT Security, July 7, 2022 CISA, the FBI, the Department of Treasury, and FinCEN brought attention to MedusaLocker ransomware in a recent alert and warned organizations to apply proper mitigations. |
| CISA: Iranian Government-Sponsored Threat Actors Targeting Healthcare |
Health IT Security, November 17, 2021 The US and its allies are warning healthcare entities about Iranian government-sponsored threat actors targeting Microsoft Exchange and Fortinet vulnerabilities. |
| CISOs Call for Healthcare Cybersecurity Federal Assistance |
Health IT Security, October 20, 2021 A survey of CISOs and other healthcare IT leaders revealed that healthcare cybersecurity is lacking in federal assistance and resources needed to combat cyber threats. |
| City has spent $2 million recovering from ransomware attack, city officials say |
Tulsa World, December 19, 2021 Eight months and $2 million in repairs and upgrades later, the city’s computer system is back up and running at full speed, city officials said. A ransomware attack in late April damaged about 40% of the city’s 471 servers and about 20% of the city’s 5,000 desktop and laptop computers. |
| CommonSpirit confirms network accessed a week before ransomware attack |
SC Media, December 5, 2022 CommonSpirit Health issued an update on the ransomware attack that brought down multiple hospitals across the country for more than a month, confirming the threat actors first gained network access weeks before the attack and patient data was, indeed, accessed. |
| CommonSpirit cyberattack spurs IT outages at CHI Memorial, hospitals across US |
SC Media, October 5, 2022 A cyberattack deployed against CommonSpirit has led to IT outages at hospitals across the U.S., including multiple CHI Memorial hospitals in Chattanooga, Tennessee. Local media outlets report the incident has also caused disruptions at hospitals run by Virginia Mason Franciscan Health (VMFH) in Seattle. |
| CommonSpirit Health says majority of EHRs back online after ransomware attack |
Becker’s Health IT, November 10, 2022 Chicago-based CommonSpirit Health says the EHRs in most of its markets are back up and running following a ransomware attack that has plagued the health system in recent weeks. |
| CommonSpirit says ransomware attack exposed patient information |
Healthcare Dive, December 5, 2022
|
| CommonSpirit’s Ransomware Incident Taking Toll on Patients |
Healthcare Info Security, October 13, 2022 The cybersecurity incident roiling the fourth-largest hospital system in the United States is a ransomware infection, CommonSpirit Health confirmed Wednesday. |
| Compromised Medical Records, Ransomware Attacks Trouble Healthcare |
Health IT Security, November 4, 2021 One California health center’s communication system remains down three weeks after a cyberattack while ransomware and PHI exposure continue to impact healthcare. |
| Conti ransomware attack on Irish healthcare system may cost over $100 million |
ZD Net, February 24, 2022 An Irish news outlet is reporting that the country’s healthcare system will have to spend more than $48 million recovering from a widespread ransomware attack by the Conti group that took place last year. |
| Conti, Karma Ransomware Groups Target 1 Healthcare Org Simultaneously |
Health IT Security, March 2, 2022 Sophos disclosed an unusual case of two separate ransomware gangs targeting one healthcare organization simultaneously. |
| Conti’s Ransomware Toll on the Healthcare Industry |
Krebson Security, April 18, 2022 One of the most ruthless and successful Russian ransomware groups — publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But new information confirms this pledge was always a lie, and that Conti has launched more than 200 attacks against hospitals and other healthcare facilities since first surfacing in 2018 under its earlier name, “Ryuk.” |
| Coos health clinics shut down by ransomware attack |
The Conway Daily Sun, September 23, 2021 A ransomware attack this week shut down Coos County Family Health Services, a main provider of health services in the Androscoggin Valley. Coos County Family Health CEO Ken Gordon said the attack affected essentially all of its systems — phone, computer and email. |
| Costa Rica public health system targeted by ransomware |
ABC News, May 31, 2022 Another attempted hacking of a Costa Rican government agency’s computer system has led the country’s public health agency to shut down its systems to protect itself, complicating the medical care of thousands. |
| Costa Rican Health Agency Hit by Apparent Hive Attack |
Gov Info Security, June 1, 2022 Costa Rica’s national public health services agency has been hit by a cyberattack allegedly launched by ransomware group Hive. The incident comes weeks after an attack reportedly carried out by another Russian-based ransomware group, Conti, targeted several Costa Rican government agencies, including the same health agency. |
| Could allowlisting reduce the impact of ransomware, cyberattacks on health care? |
SC Magazine, July 12, 2021 A recent IDC report confirmed the health care sector is more vulnerable to the consequences of cyberattacks than other industries and the most likely to suffer application downtime, with 53% of covered entities reporting downtime after an attack. |
| Critical infrastructure industries struggle to protect themselves from cyberattacks |
SC Media, December 3, 2021 The nation’s critical infrastructure industries face a great deal of work to identify and protect, detect and respond, and ultimately recover from cyberattacks, even as signs of some progress emerge. |
| CSA Issues Guidance on Third-Party Risk Management in Healthcare |
Health IT Security, July 21, 2022 Drafted by the Health Information Management Working Group, the Cloud Security Alliance (CSA) released new guidance on third-party risk management in healthcare. |
| CSA Offers Guidance on Preventing Ransomware in the Healthcare Cloud |
Health IT Security, September 23, 2021 New guidance from the Cloud Security Alliance warns organizations about the prevalence of ransomware in the healthcare cloud and shows how to mitigate risk. |
| Cyber Command chief acknowledges US military ‘imposing cost’ on ransomware groups |
SC Media, December 6, 2021 Gen. Paul Nakasone, director of the National Security Agency and U.S. Cyber Command, acknowledged the U.S. had begun “imposing cost” on ransomware groups in an interview with the New York Times, all but explicitly saying that the U.S. was taking offensive hacking operations against criminal groups it had previously reserved for state actors. |
| Cyber criminals increasingly relying on ransomware-as-a-service, report says |
FCW, September 13, 2022 A new report reveals threat actors are using the same ransomware as in previous years – but relying on new malware-free intrusion methods and ransomware-as-a-service offerings to evade popular mitigation techniques. |
| Cyber Signals: Defend against the new ransomware landscape |
Microsoft, August 22, 2022 Microsoft published their second edition of Cyber Signals, spotlighting security trends and insights gathered from Microsoft’s 43 trillion security signals and 8,500 security experts. In this edition, they pull back the curtain on the evolving cybercrime economy and the rise of Ransomware-as-a-service (RaaS). Instead of relying on what cybercriminals say about themselves through extortion attempts, forum posts, or chat leaks, Microsoft threat intelligence gives us visibility into threat actors’ actions. |
| Cyber Threats to Health, Education Sectors Increase with Ransomware, Limited Security Resources |
Homeland Security Today, May 25, 2022 The healthcare sector and supporting critical infrastructure sectors “can no longer look at the challenges through just a cyber and/or physical lens but must consider all threats to operational resilience,” while the education sector suffers from equity issues reflected in reduced cyber protection capabilities in under-funded K-12 districts and colleges, experts told lawmakers. |
| Cyber Vulnerability is Healthcare’s Modern Malaise |
ET Healthworld, September 8, 2021 The healthcare industry makes for an easy target for malicious actors, given its relative nascency to cyber threats and the resultant lax cybersecurity practices. |
| Cyberattack devastates health system |
The Hamilton Spectator, November 2, 2021 Health Minister Dr. John Haggie could not confirm media reports that a ransomware attack has gutted the province’s electronic health system, but did say the system provider has said it is the result of some third-party infiltration. Read full The Hamilton Spectator article.
|
| Cyberattack drives Johnson Memorial into EHR downtime procedures |
SC Media, October 4, 2021 Johnson Memorial Health is currently operating under electronic health record downtime procedures, after a cyberattack struck its computer network on Oct. 2. The health system operates a number of primary care sites, specialist offices, and other facilities across three Indiana counties. |
| Cyberattack on Norwood Clinic compromises data tied to 228K patients |
SC Media, March 11, 2022 Alabama-based Norwood Clinic notified 228,103 patients that their data was potentially accessed or acquired after a cyberattack in October 2021. Upon discovery, the systems were secured and the security team worked to “safely restore its systems and operations.” The notice does not disclose whether the attack was caused by ransomware. The investigation determined the hackers gained access to servers containing patient information during the incident. |
| Cyberattack, network outage on French hospital renews patient safety concerns |
SC Media, August 24, 2022 A cyberattack deployed on the French hospital Center Hospitalier Sud Francilien (CHSF) on Sunday, Aug. 21 has grabbed headlines, as the ransomware threat actors have issued a $10 million demand to unlock the impacted servers. |
| Cyberattacks Increasing Against Health Care Providers |
Hematology Advisor, January 28, 2022 Cyberattacks have been in on the upswing since the start of the COVID-19 pandemic. According to a recent white paper from CrowdStrike and Medigate, 82% of health systems experienced some form of cyberattack from March 2020 to September 2021, and 34% of the reported attacks involved ransomware. |
| Cyberattacks on Healthcare Spike 45% Since November |
Threat Post, January 5, 2021 The relentless rise in COVID-19 cases is battering already frayed healthcare systems — and ransomware criminals are using the opportunity to strike. |
| Cybercriminals accessed Maryland orthopedic center’s emails for a year, affecting 125,000 |
Becker’s Health IT, April 5, 2021 On March 25, the Bethesda, Md.-based Centers for Advanced Orthopaedics began notifying 125,291 patients, employees and dependents of a cyberattack that took place over a yearlong breach. In a news release, the orthopedics center said that on Sept. 17, 2020, it identified unusual email activity and launched an investigation with assistance from cybersecurity experts. The investigation found that multiple employee email accounts were accessed by a cybercriminal between October 2019 and September 2020. |
| Cybergroups targeting the healthcare sector |
Becker’s Hospital Review, November 9, 2022 HHS, the Cybersecurity and Infrastructure Security Agency, and the FBI have urged healthcare organizations to take certain actions to protect their systems from hacker groups who have been known to create cyberespionage campaigns aimed at exfiltrating data from hospitals and health systems. |
| CyberSaint Finds Local Government and Utilities Overwhelming Most Likely to Pay Ransoms in “State of Ransomware Attacks Report” |
Yahoo! Finance, February 10, 2022 CyberSaint, the developer of the leading platform delivering cyber risk automation, announced today the release of the firm’s “State of Ransomware Attacks Report,” which identifies which sectors pay the most in ransom, have the propensity to pay, and delves into the future of ransomware. |
| Cybersecurity concerns grow in hospitals across Maryland |
The Star Democrat, November 23, 2021 Maryland hospitals are seeing an uptick in ransomware and other cybersecurity threats, mirroring a national trend, and a federal agency is investigating a dozen breaches among healthcare providers in the state. There are seven breaches currently under investigation from this year alone but there are 12 current investigations regarding Maryland health care providers in the last 24 months. |
| Cybersecurity firm uncovers hack attacks on defense, healthcare and energy sectors |
yahoo! news, November 8, 2021 Foreign hackers are suspected of compromising organizations in the technology, defense, healthcare, energy and education industries in the U.S. and other countries, cybersecurity firm Palo Alto Networks said late Sunday. |
| Cybersecurity for healthcare systems, medical devices more critical than ever |
Today’s Medical Developments, June 11, 2021 Rise in ransomware attacks forcing hospitals to harden cybersecurity. Read full Today’s Medical Developments article.
|
| Cybersecurity Unplugged: Improving Healthcare Security |
Healthcare Info Security, November 26, 2021 According to a recent report, 92 ransomware attacks occurred at healthcare organizations in the past year, a 470% increase from 2019. In response to questions about improving the integrity of healthcare systems, Dan Bowden, Sentara Health CISO, explains why we’re lagging so far behind in healthcare security. |
| Cybersecurity: Lessons Learned from Ransomware Attack with UVM Health |
American Health Association, April 6, 2022 In this special Cybersecurity podcast we have the opportunity to talk to leaders of an AHA member hospital who was a victim of a major ransomware attack in the Fall of 2020. Dr. Stephen Leffler, President and Chief Operating Officer and Dr. Douglas Gentile, Chief Medical Information Officer, join us from the University of Vermont Medical Center in Burlington, Vermont. John previously interviewed them about lessons learned and best practices during the attack which they are willing to share on today’s podcast. |
| Data breach at Georgia Health System |
Info Security Magazine, August 11, 2021 A health system in Georgia has begun notifying patients of a six-month-long data breach that culminated in a ransomware attack. |
| Data of 1.2M patients stolen prior to third-party vendor ransomware attack |
SC Magazine, July 9, 2021 Practicefirst Medical Management Solutions and PBS Medcode recently notified 1.2 million patients that their data was accessed and stolen from its network, ahead of a ransomware attack deployed on Dec. 25, 2020. |
| Dead System Admin’s Credentials Used for Ransomware Attack |
Healthcare Info Security, January 28, 2021 Operators of the Nefilim ransomware used the credentials of a deceased system administrator to plant their crypto-locking malware in about 100 vulnerable systems during one attack, according to a recent report published by security firm Sophos. |
| Delaware physician group latest spine practice to suffer ransomware attack |
Becker’s ASC Review, May 31, 2022 Christiana Spine Center, a nine-physician group in Newark, Del., was hit by a ransomware attack that could have exposed patients’ protected health information. |
| Destructive Malware Used to Target Ukraine Poses Threat to Healthcare |
Health IT Security, February 28, 2022 HermeticWiper and WhisperGate, destructive malware variants used to target Ukraine, pose an increased threat to healthcare. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint advisory to warn organizations about HermeticWiper and WhisperGate malware, two destructive malware variants that have been used to target organizations in Ukraine. |
| Diagnosing healthcare’s cyber hygiene problem |
CBC Radio, November 12, 2021 According to a global survey of IT professionals from 328 healthcare organizations, 34 percent reported that they were hit by ransomware in 2020 — and most institutions in the sector remain ill-equipped to deal with similar attacks. |
| DOJ Seizes $500K From Maui Ransomware Following Healthcare Cyberattacks |
Health IT Security, July 20, 2022 The US Department of Justice (DOJ) seized and forfeited approximately $500,000 from North Korean-backed Maui ransomware actors, who committed multiple healthcare cyberattacks, according to a DOJ press release. |
| Emerging Tech Shapes the Next Generation of Military Health Care |
GOVERNMENT CIO MEDIA & RESEARCH, April 19, 2021 Automation and AI can support medical decision-making on the battlefield, but security remains crucial. |
| Employees cause more cyber breaches in healthcare than other industries, report finds |
Healthcare Dive, May 24, 2022 Cybersecurity breaches in healthcare hit a high last year, compromising a record volume of patient data. External threats like ransomware continue to drive concerns in the industry, with stressors like chronically underfunded security measures, the potential for Russian cyberattacks and the rise of an “exceptionally aggressive” ransomware group in 2022. |
| Enterprise healthcare providers warned of Lorenz ransomware threat |
SC Media, November 21, 2022 The Department of Health and Human Services Cybersecurity Coordination Center is warning larger, enterprise healthcare organizations of the potential threat posed by the Lorenz ransomware threat group. |
| Enterprise healthcare providers warned of Lorenz ransomware threat |
SC Media, November 21, 2022 The Department of Health and Human Services Cybersecurity Coordination Center is warning larger, enterprise healthcare organizations of the potential threat posed by the Lorenz ransomware threat group. The human-operated campaign is well-known for its big-game hunting of larger organizations and has claimed victims in both the healthcare and public health sectors. |
| Entity-Level Encryption: The Only Defense Against Ransomware |
Forbes, June 23, 2021 Ransomware is one of the fastest-growing forms of cybercrime. It begins when ransomware criminals gain access to a company’s network and, like a virus, spread their malware, infecting all the company’s computers. From there, the malware encrypts all the company’s data, making the information unreadable, shutting down the business until a ransom is paid, often in the millions of dollars. |
| Eskenazi Health remains on diversion days after ransomware attack |
MSN , August 10, 2021 Eskenazi Health remains on diversion for patients coming by ambulance nearly a week after an attempted ransomware attack that led the hospital to shut down its entire computer network. |
| Even More Patient Data May Have Been Stolen in 2021 Ransomware Attack: Scripps Health |
NBC San Diego, March 24, 2022 Almost one year after a devastating ransomware attack on Scripps Health, patients have received a letter advising additional personal information may have been compromised. |
| Evolving Ransomware Threats on Healthcare |
Gov Info Security, August 22, 2022 With a constant need to do more with less, digital transformation is crucial to healthcare organizations’ ability to deal with issues like staffing shortfalls and the increased need for services while providing better patient outcomes. |
| Experts warn that Hive ransomware gang can detect unpatched servers |
Venture Beat, April 25, 2022 The Hive threat group has been targeting organizations across the finance, energy and healthcare sectors as part of coordinated ransomware attacks since June 2021. During the attacks, the group exploits ProxyShell vulnerabilities in MSFT Exchange servers to remotely execute arbitrary commands and encrypt the data of companies with this unique ransomware strain. |
| Exploring Zero Trust Security in Healthcare, How It Protects Health Data |
Health IT Security, October 22, 2021 A zero trust security model can help healthcare organizations safeguard their interconnected networks and devices while protecting sensitive health data. |
| Eye Care Leaders fallout grows: 543K Wolfe Clinic patients added to breach tally |
SC Media, September 20, 2022 The Wolfe Clinic recently disclosed to the Department of Health and Human Services that the data of 542,776 of its patients was among the information accessed, deleted, and possibly taken during the ransomware attack on Eye Care Leaders in December. |
| Facing the Health Ransomware Threat |
Kellyn Wagner Ramsdell is a Senior Cyber Threat Intelligence Analyst at MITRE. She began her career in local government combining intelligence analysis and incident response, often in response to ransomware attacks.
Why should health organizations be concerned about ransomware? In the first five months of 2021, the Department of Health and Human Services (HHS) identified 48 ransomware infections impacted healthcare organizations in the United States. For healthcare victims of ransomware infections, Sophos states the average cost in 2020 often exceeded $1.27 million and continued long after the infection was resolved. Many healthcare victims of ransomware face long-term recovery costs, including costs to rebuild networks and lawsuits from patients. Ransomware started impacting patient care in 2015 and healthcare remains a profitable sector for ransomware operators. As these groups professionalized, they have been further able to monetize attacks against healthcare providers. Since 2019, some ransomware operators have been stealing data before encrypting it, and then demanding a ransom to prevent the public release of that data. This double extortion tactic has proven to be especially damaging to healthcare organizations. As these groups continue to look at opportunities to monetize their operations, healthcare organizations will remain a prime target. Those interested in learning more about how the groups have evolved can read our latest resource, “The Evolution of Ransomware.” How can organizations prepare for a ransomware attack? Review the Ransomware Resource Center for key resources to help understand and prepare for potential threats. The best defense against ransomware is secure networks and systems. The Designing Defenses section of this site provides resources specific to ransomware defense. The next steps are to build robust detections that allow defenders to identify adversary activity in their environment. Information on writing and implementing these detections is available on the Cyber Analytics Repository page. Having a well-developed and well-exercised response plan is the best way to mitigate the impact of a ransomware attack. Many of the resources for building an incident response plan are available on the Incident Preparedness and Response page. For a plan to be useful in an attack, it needs to be exercised. Organizations can review guidance for tabletop exercises on the Cyber Tabletop Exercises page. The steps above are just initial starting points for an organization looking to defend itself from ransomware. There are abundant resources on this site which provide guidance on many aspects of ransomware prevention and response. How is MITRE helping defenders understand and protect against ransomware? MITRE specializes in bringing together diverse perspectives to solve problems. In the case of ransomware, MITRE views it from the lens of responder, malware analysis, defensive cyber operations, cyber threat intelligence, risk management, and many others. We’re applying these perspectives as we work to develop resources and solutions to tackle the ransomware challenge. Many of these resources are available in this Ransomware Resource Center. MITRE also develops and maintains MITRE ATT&CK®, a knowledge base that describes cyber adversary behavior. Through the framework, MITRE has been tracking and publishing details on various ransomware groups and their common tactics, techniques, and procedures. Learning about specific adversary actions gives defenders concrete strategies to defend against and to disrupt ransomware operators. Our latest resource ”The Evolution of Ransomware” outlines the history of ransomware and the threat it poses against health organizations.
Approved for Public Release; Distribution Unlimited. Public Release Case Number 21-3419 |
| FACT SHEET: Biden Administration Announces Further Actions to Protect U.S. Critical Infrastructure |
White House, July 28, 2021 The Biden Administration continues to take steps to safeguard U.S. critical infrastructure from growing, persistent, and sophisticated cyber threats. Recent high-profile attacks on critical infrastructure around the world, including the ransomware attacks on the Colonial Pipeline and JBS Foods in the United States, demonstrate that significant cyber vulnerabilities exist across U.S. critical infrastructure, which is largely owned and operated by the private sector. As we have seen, the degradation, destruction, or malfunction of systems that control this infrastructure can have cascading physical consequences that could have a debilitating effect on national security, economic security, and the public health and safety of the American people. |
| FACT SHEET: Ongoing Public U.S. Efforts to Counter Ransomware |
The White House, October 13, 2021 This week the National Security Council is facilitating an international counter-ransomware event with over 30 partners to accelerate cooperation on improving network resilience, addressing the financial systems that make ransomware profitable, disrupting the ransomware ecosystem via law enforcement collaboration, and leveraging the tools of diplomacy to address safe harbors and improve partner capacity. |
| FBI and CISA warn: This ransomware is using RDP flaws to break into networks |
ZD Net, July 1, 2022 Several US law enforcement agencies have shone a spotlight on MedusaLocker, one ransomware gang that got busy in the pandemic by hitting healthcare organizations. |
| FBI IC3: Healthcare Sector Faced Most Ransomware Attacks Last Year |
Health IT Security, March 24, 2022 The healthcare sector fell victim to ransomware far more than any other critical infrastructure sector last year, the FBI’s 2021 Internet Crime Report found. |
| FBI Identifies BlackCat/ALPHV Ransomware Indicators of Compromise |
Health IT Security, May 2, 2022 The FBI issued a flash alert warning organizations of BlackCat/ALPHV ransomware, a group linked to the notorious Darkside/BlackMatter ransomware groups. |
| FBI Investigates Georgia Health System Ransomware Attack |
Government Technology, June 24, 2021 Nearly a week after a ransomware attack was first detected at St. Joseph’s/ Candler, the Savannah, Ga., area’s largest health-care system is still not yet back to normal as officials work with the FBI on the incident. |
| FBI recommends action to protect vulnerable medical devices from cyberattacks |
American Hospital Association, September 12, 2022 The FBI today released recommendations to help protect medical devices from cyberattacks that can threaten health care operations, patient safety, and data privacy and integrity, citing a growing number of unpatched medical device vulnerabilities. |
| FBI releases alert about Hive ransomware after attack on hospital system in Ohio and West Virginia |
MSN, August 27, 2021 FBI releases alert about Hive ransomware after attack on hospital system in Ohio and West Virginia. |
| FBI says Conti ransomware gang has hit 16 U.S. health and emergency networks |
SC Media, May 21, 2021 The Federal Bureau of Investigation said that the same group of online extortionists blamed for striking the Irish health system last week have also hit at least 16 U.S. medical and first response networks in the past year. |
| FBI says one ransomware group has hit 49 critical infrastructure entities |
SC Media, December 3, 2021 The FBI is warning industry that one ransomware group has been behind the compromise of at least 49 critical infrastructure entities, spanning the government, financial, healthcare, manufacturing and information technology sectors. |
| FBI tells Congress ransomware payments shouldn’t be banned |
CNN, July 28, 2021 Congress should not attempt to address the threat of ransomware by making ransom payments to cybercriminals illegal, a top FBI official told US lawmakers Tuesday. |
| FBI Warns Egregor Ransomware Actors Actively Extorting Entities |
Cybersecurity News, Janury 7, 2021 A Wednesday FBI private industry notification warns entities that the threat actors behind Egregor ransomware are actively targeting and exploiting a range of global businesses. |
| FBI Warns Healthcare of Cuba Ransomware in Latest Flash Alert |
Health IT Security, December 9, 2021 Cuba ransomware actors have compromised 49 entities in five critical infrastructure sectors including healthcare, a new FBI flash alert warned. |
| FBI warns ransomware assault threatens US health care system |
AP News, October 29, 2020 Federal agencies warned that cybercriminals could unleash a wave of data-scrambling extortion attempts against the U.S. health care system, an effort that, if successful, could paralyze hospital information systems just as nationwide cases of COVID-19 are spiking. |
| FBI Warns That Cuba Ransomware Gang Made $44 Million After Compromising 49 Critical Infrastructure Entities in Five Sectors |
CPO Magazine, December 17, 2021 The Federal Bureau of Investigation (FBI) warned that the Cuba ransomware gang earned more than $43.9 million in ransom after compromising at least 49 critical infrastructure entities. |
| FBI, CISA Warn of North Korean Ransomware Threat Targeting Healthcare Organizations |
HealthTech, July 26, 2022 Healthcare organizations can take steps to strengthen their security posture and mitigate the impacts of Maui ransomware attacks. |
| FBI: Ransomware attacks are piling up the pressure on public services |
ZD Net, April 1, 2022 Cyber criminals are targeting healthcare, emergency services and local government because they know people’s everyday lives rely on these critical services. |
| FBI: These hackers are targeting healthcare records and IT systems with ‘Maui’ ransomware |
ZD Net, July 7, 2022 The FBI has attributed recent Maui ransomware attacks on US healthcare organizations to a North Korean state-sponsored hacking group. |
| FDA Updates Medical Device Cyber Response Playbook |
Bank Info Security, November 15, 2022 Federal officials released updated guidance for preparing and responding to medical device cybersecurity incidents, including ransomware, as cyberattacks against the healthcare sector continue to surge. |
| FDA Updates Medical Device Cyber Response Playbook |
Gov Info Security, November 15, 2022 The new Food and Drug Administration’s Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook is a refresh of guidance released in 2018. |
| FDA Warns of Apache Log4j Cybersecurity Vulnerabilities in Medical Devices |
Campus Safety, December 21, 2021 The FDA encourages manufacturers to communicate with healthcare customers and follow recommendations provided by CISA. |
| Federal government still in the dark on ransomware |
FCW, November 18, 2021 A top Department of Homeland Security (DHS) official said he was unable to provide a “definitive assessment” to lawmakers as to whether Russian-linked cyberattacks have decreased since President Joe Biden discussed ransomware with Russian President Vladimir Putin in a June summit meeting and during an hour-long phone call in July. |
| Feds Alert Healthcare, Other Sectors of Growing Hive Threats |
Gov Info Security, November 18, 2022 As of this month, Hive actors – who follow a Ransomware-as-a-Service model – have hit more than 1,300 companies worldwide, collecting about $100 million in ransom payments, says a Thursday joint alert from the Cybersecurity and Infrastructure Security Agency, the FBI and the Department of Health and Human Services. |
| Feds Warn Health Sector of Ukraine-Russia Conflict Threats |
Gov Info Security, March 1, 2022 HHS HC3: Beware of 3 Main Threat Groups, 2 Wiper Malware Variants Federal authorities are warning that while they are unware of specific cyberthreats to the U.S. healthcare and public health sector related to Russia’s attack on Ukraine, entities in those sectors should stay proactive and vigilant to at least three main potential threat groups and two wiper malware variants. |
| Feds Warn Healthcare Over Cobalt Strike Infections |
Gov Info Security, October 10, 2022 If every second hack seems to involve malicious use of penetration testing tool Cobalt Strike, it’s not just your imagination. Russian hackers deployed Cobalt Strike’s command-and-control function during their attack against SolarWinds’ network management software. |
| Feds Warn Healthcare Sector of Web Application Attacks |
Data Breach Today, July 22, 2022 Federal authorities are advising healthcare sector entities to batten down their patient portals and other common web applications from cyberattacks. |
| Feds warn of ongoing Hive ransomware threat, ‘especially healthcare’ |
SC Media, November 17, 2022 A new joint alert details the spate of cyberattacks and data extortion efforts of the Hive ransomware group to support entities with identifying known IOCs and attack methods, with a particular focus on the health and public health sectors. |
| Fertility Clinic Hit with Ransomware |
Info Security, February 17, 2022 A fertility clinic based in New York City is notifying patients that their personal data may have been compromised and possibly stolen during a recent cyber-attack. |
| FIN12 hits healthcare with quick and focused ransomware attacks |
Bleeping Computer, October 7, 2021 While most ransomware actors spend time on the victim network looking for important data to steal, one group favors quick malware deployment against sensitive, high-value targets. It can take less than two days for the FIN12 gang to execute on the target network a file-encrypting payload – most of the time Ryuk ransomware. |
| FIN12 Ransomware: Why It’s a Healthcare Threat, How to Prevent an Attack |
Health IT Security, November 2, 2021 FIN12 is efficient, unpredictable, and unafraid of targeting the healthcare sector, Mandiant experts warn. |
| Florida Orthopaedic reaches $4M settlement over 2020 health data theft |
SC Media, August 16, 2022 Florida Orthopaedic Institute reached a $4 million settlement with the 647,000 patients affected by a server hack and subsequent ransomware attack in 2020. The data theft incident was the fifth-largest healthcare data breach that year. |
| Fortified Health Security Releases 2022 Horizon Report |
AP News, January 27, 2022 Report reflects on a year of recovery and relentless targeting while detailing cybersecurity challenges healthcare organizations will continue to face in 2022. |
| FortiGuard labs reports ransomware not slowing; continues to be relentless and more destructive |
Engineering News, February 28, 2022 Sophistication, Speed, and Diversity of Attack Techniques Demonstrates Importance of Strengthening Entire Cyber Kill Chain. |
| French hospital hit by $10M ransomware attack, sends patients elsewhere |
Bleeping Computer, August 22, 2022 The Center Hospitalier Sud Francilien (CHSF), a 1000-bed hospital located 28km from the center of Paris, suffered a cyberattack on Sunday, which has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries. |
| From insider threats to system breaches: 7 health systems affected by data breaches in July |
Becker’s Health It, July 21, 2022 Several health systems have reported data breach incidents that have compromised patient data and IT systems during July. |
| Georgia St. Joseph’s/Candler health system shifts to downtime procedures amid ransomware attack |
SC Media, June 22, 2021 A ransomware attack against Georgia-based St. Joseph’s/Candler on June 17 spurred network outages and forced clinicians into EHR downtime procedures. Five days later, the workforce is continuing to use paper records for patient appointments. |
| Global Healthcare Cyber Security Market Size, Share & Trends Analysis Report 2021-2028 – ResearchAndMarkets.com |
Yahoo! Finance, December 13, 2021 The global healthcare cyber security market size is expected to reach USD 39.9 billion by 2028 and is expected to expand at a CAGR of 18.0% from 2021 to 2028. |
| Growing Body of Data Shows High Healthcare Breach Risk |
Health IT Security, August 1, 2022 It’s no secret that the healthcare industry has a cybersecurity crisis. Week after week, new headlines appear detailing new hacks, millions of dollars in ransoms, and PHI that’s been taken from secure servers and is now floating around the dark web. According to Kaiser Health News, over 20 million patients have had their data exposed in the first half of this year. |
| GuidePoint Research and Intelligence Team (GRIT) Releases New Ransomware Trends Report |
Yahoo! Finance, July 21, 2022 GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, today announced the release of GuidePoint Research and Intelligence Team’s (GRIT) quarterly ransomware report. This report is based on data obtained from publicly available resources, including threat groups themselves, and provides an accurate representation of the ransomware threat landscape. In the second quarter, GRIT tracked 30 ransomware groups and 581 publicly posted victims. |
| H-ISAC Report Identifies Top Cyber Threats Concerning Healthcare Execs |
Health IT Security, March 30, 2022 H-ISAC and Booz Allen Hamilton’s latest report identified ransomware, phishing, and third-party breaches as the top cyber threats concerning healthcare executives. |
| H-ISAC TLP White Threat Update: UPDATE: Joint Cybersecurity Advisory – Conti Ransomware |
American Hospital Association, March 9, 2022 Health-ISAC is issuing a threat bulletin regarding ongoing and increased Conti Ransomware activity provided in an updated Joint Cybersecurity Advisory (AA21-265A) by the United States Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the United States Secret Service (USSS). Conti Ransomware affiliates remain active in which reported cyber attacks stemming from their ransomware-as-a-service (RaaS) operations against US and international organizations are increasing. |
| H-ISAC warns actors abusing RTLO in phishing campaign against health care |
SC Media, August 11, 2021 A recent Health Information Sharing and Analysis Center (H-ISAC) alert warns that threat actors are targeting the health care sector with phishing attacks that leverage legitimate right-to-left override (RTLO) Unicode to appear benign and evade detection. |
| Hacker group claims it breached a Missouri hospital system |
Becker’s Health IT, July 1, 2022 A cybercriminal group is taking responsibility for an alleged ransomware attack on a Missouri hospital system, legal news website JDSupra reported June 30. |
| Hacker group publishes stolen data from French hospital |
Becker’s Health IT, September 27, 2022 One of the most active ransomware groups targeting the healthcare sector, LockBit, has published 12 gigabytes of patient and staff data from a 1,000-bed French hospital, Bank Info Security reported Sept. 26. In August, Centre Hospitalier Sud Francilien underwent a cybersecurity attack that compromised Social Security numbers, lab reports and other health data from its systems. |
| Hackers claim they stole Stanford Medicine data, posted info online: 4 things to know |
Becker’s Health IT, April 5, 2021 Stanford University is investigating claims that hackers stole personal data from its medical school and published the information online. |
| Hackers Demand $10 Million After Ransomware Attack on a French Hospital, Patients Referred To Other Facilities |
CPO Magazine, August 31, 2022 French hospital Center Hospitalier Sud Francilien (CHSF) suffered a cyber attack that disrupted operations forcing the facility to postpone appointments and refer patients elsewhere. |
| Hackers Dump Australian Health Records Online After Insurer Refuses to Pay Ransom |
MSN, November 9, 2022 Stolen health records for millions of Australians have been publicly released on the dark web following a threat by hackers 24 hours earlier to do precisely that. Last month, the unknown hackers demanded a ransom from Medibank, a private insurance provider in Australia, which the company refused to pay. |
| Hackers Dump More Health Data, as Feds Share Ransomware Factsheet |
Health IT Security, February 8, 2021 The Conti ransomware hacking group recently released two massive healthcare data dumps tied to Leon Medical Centers and Nocona General Hospital on the dark web for sale. The leaks follow a newly released National Cyber Investigative Joint Task Force (NCIJTF) ransomware factsheet. |
| Hackers leak French hospital patient data in ransom fight |
Tech Xplore, September 26, 2022 Hackers who crippled a French hospital and stole a trove of data last month have released personal records of patients online, officials have confirmed. The cyberattackers demanded a multimillion dollar ransom from the Corbeil-Essonnes hospital near Paris a month ago, but the institution refused to pay. |
| Hackers Target Colombia’s Healthcare System With Ransomware |
Infosecurity, December 1, 2022 Colombian healthcare provider Keralty reported a ransomware attack on Sunday, which affected its systems as well as two of its subsidiaries: EPS Sanitas and Colsanitas. |
| Hacking group behind widespread ransomware attacks disappears online |
The Washington Post, July 13, 2021 A cybercriminal group that took responsibility for a massive ransomware attack that affected hundreds of businesses this month has disappeared from sight online. |
| HC3 Alerts Healthcare Sector of Monkeypox-Themed Phishing Scheme |
Health IT Security, September 22, 2022 The Health Sector Cybersecurity Coordination Center (HC3) warned the healthcare sector of a new monkeypox-themed phishing scheme targeting healthcare providers. Threat actors are using the latest public health threat to convince users to click on a link. The campaign has a subject line of “Data from (Victim Organization Abbreviation): “Important read about -Monkey Pox– (Victim Organization) (Reference Number)” and utilizes an “Important read about Monkey Pox” theme. |
| HC3 Details APT41 Cyberattack Tactics, Risks to Healthcare Cybersecurity |
Health IT Security, September 26, 2022 Long-running Chinese state-sponsored threat group APT41 continues to pose a danger to healthcare cybersecurity, the HHS Health Sector Cybersecurity Coordination Center (HC3) suggested in a recent brief. The group has been active since at least 2012. In the past decade, APT41 has repeatedly gone after healthcare and pharmaceutical organizations, along with a variety of other sectors across 14 countries. |
| HC3 Identifies Top 10 Ransomware Threat Actors in Q3 2021 for Healthcare |
Health IT Security, October 20, 2021 HC3 identified the top 10 global and US threat actors in Q3 2021, including Conti, REvil/Sodinokibi, and Hive. |
| HC3 Warns Health Sector Against LockBit Ransomware Variant |
Health IT Security, October 6, 2021 LockBit Ransomware launched in September 2019 and claimed responsibility for an August 2021 attack on Accenture. |
| HC3 warns healthcare organizations of BlackCat ransomware variant |
Becker’s Health IT, December 14, 2022 The Health Sector Cybersecurity Coordination Center, or HC3, is warning healthcare organizations to be on the lookout for the BlackCat ransomware variant. Known to be in operation since November 2021, BlackCat has already targeted the healthcare and public health sector and is expected to continue, according to the Dec. 12 HC3 analyst note. It is “part of one of the most sophisticated ransomware-as-a-service operations in the global cybercriminal ecosystem,” HC3 said. |
| HC3 Warns Healthcare Sector About Cybercriminal Syndicate Evil Corp |
Healthcare Innovation, September 1, 2022 The Health Sector Cybersecurity Coordination Center recently released a threat profile on Evil Corp, a cybercriminal syndicate based out of Russia, that is considered a serious threat to the U.S. healthcare sector. |
| HC3, H-ISAC Urge Healthcare Sector to Prepare for Russian Cyberattacks |
Health IT Security, March 25, 2022 Echoing the President’s statements, HC3, H-ISAC, and other organizations have encouraged critical infrastructure entities to prepare for Russian cyberattacks. |
| HC3: Healthcare Adversaries Are Actively Leveraging Log4j Vulnerabilities |
Cybersecurity News, January 24, 2022 HC3 issued a detailed brief regarding Log4j vulnerabilities, which are being actively exploited by known healthcare adversaries. |
| HC3: Ransomware Groups Leveraged Remote Access, Encryption Tools in Q1 |
Health IT Security, May 9, 2022 The Health Sector Cybersecurity Coordination Center (HC3) observed ransomware groups increasingly turning to legitimate tools such as Cobalt Strike and Mimikatz during ransomware intrusions in the first quarter of 2022. |
| Health care organizations funnel dollars into security as pandemic, medical developments drive surge in attacks |
SC Media, April 1, 2021 Organizations move on plans to strengthen security policies, increase training, invest in technology. |
| Health Care Organizations Warned of Aggressive Ransomware Threat |
National Law Review, April 28, 2022 Ransomware is the “business pandemic.” Warnings have been issued by multiple agencies around the world to alert businesses to increase their protection and awareness. Most recently, the Department of Health and Human Services (HHS) has issued a warning to health care organizations related to what it calls “an exceptionally aggressive” ransomware group known as Hive. |
| Health care ransomware attacks: Oklahoma health system driven to EHR downtime |
SC Media, June 16, 2021 Stillwater Medical Center was hit with a ransomware attack on June 13 and is currently operating under electronic health record downtime as it attempts to bring its systems back online. The health system operates a number of care sites, specialist offices, hospitals and clinics in Oklahoma. |
| Health Care Ransomware Strains Have Hospitals in the Crosshairs |
SECURITY INTELLIGENCE, April 23, 2021 The language of digital attacks shares a lot with the language of disease: ‘viruses’ ‘infect’ computers, and stopping their spread can be like trying to keep down a contagious disease. |
| Health care sees largest data breach costs at $9.23M, while 76% fail to secure supply chain |
SC Media, July 28, 2021 The average cost of a data breach in the health care sector tops $9.23 million, the highest of all 17 sectors analyzed for the IBM Security 2021 Cost of a Data Breach Report. Meanwhile, a new CynergisTek report shows 76% of providers are failing to secure their supply chains, one of the sector’s biggest blindspots. |
| Health care system faces ‘very real’ threat of ransomware attacks |
News Center Maine, June 16, 2021 Criminals usually target hospitals for medical records, since they can sell for 200 to 500 dollars on the dark web compared to 14 dollars for financial records. |
| Health Cos. Must Prepare For Growing Ransomware Threat |
Health Law Advisor, June 23, 2021 Ransomware attacks have become big business, and they are on the rise. And entities in the health care and life sciences space have become primary targets of opportunity for attackers. Read full Health Law Advisor article.
|
| Health Ministry of Brazil Hit by Two Ransomware Attacks in One Week; Vaccination Data Stolen & Taken Offline |
CPO Magazine, December 21, 2021 While it is far from uncommon for an organization to announce that it has been hit by a ransomware attack, two in one week is an unusual event. Brazil’s Health Ministry is looking at extended downtime for the system that processes Covid-19 vaccination data as it attempts to recover from this exact situation, dealing with two major attacks that came just four days apart. |
| Health sector deals with ransomware, data breaches as COVID cases rise |
SC MEDIA, August 20, 2021 Ransomware actors are having a productive week with several ongoing outages in the health care sector, including Memorial Health System and Eskenazi Health. What’s worse, the pervasive threat is continuing to disrupt the health sector, as it continues to battle another COVID-19 wave. |
| Health Sector Suffered 337 Healthcare Data Breaches in First Half of Year |
Health IT Security, July 19, 2022 Fortified Health Security’s mid-year report on the state of healthcare cybersecurity observed slight shifts in healthcare data breach trends in the first half of 2022. The HHS Office for Civil Rights data breach portal showed that there have been 337 healthcare data breaches impacting more than 500 individuals each in the first half of this year, signifying a slight decrease from 368 at this time last year. |
| Health systems want government help fighting off the hackers |
Yahoo! News, June 22, 2022 Cyberattacks on health systems mushroomed during the pandemic — and 2022 could be their worst year yet. |
| Health-ISAC calls for ‘intelligence-led’ security, as actors continue to target healthcare |
SC Media, March 24, 2022 Healthcare security leaders must adopt better communication tactics for obtaining financial investments and building cyber resilience through an “intelligence-led information security program,” using threat intel to impart risks to the board, such as the new cyber threat report from Health-ISAC, according to its chief security officer. |
| Healthcare can’t ignore ransomware’s impact on care quality, patient morbidity |
SC Media, December 8, 2021 Recent lawsuits and media coverage have hyped the correlation between patient mortality and ransomware or cyberattacks. The sensationalized headlines serve to induce awareness, but are missing the point, explained Saif Abed, M.D., director of cybersecurity advisory services for AbedGraham Group during the opening keynote of the SCHealth eConference. |
| Healthcare Companies Seek to Manage Risk of Ransomware Attacks, According to Report |
National Law Review, February 15, 2022 Healthcare companies continue to face increased risks of ransomware attacks on their operations. According to the recently released BD Cybersecurity Annual Report for 2021, such attacks are also increasingly sophisticated. Management can take important steps to minimize the risks of this form of cybercrime. |
| Healthcare cyberattacks led to worse patient care, increased mortality, study finds |
Healthcare Dive, September 8, 2022 More than 20% of the healthcare organizations recently surveyed by the Ponemon Institute reported increased patient mortality rates after experiencing a cyberattack, according to a study out Thursday from the research group and Proofpoint, a cybersecurity compliance company. |
| Healthcare Cyberattacks, Vendor Mishaps Result in PHI Exposure |
Health IT Security, January 19, 2022 Third-party vendor errors and healthcare cyberattacks continue to jeopardize patient privacy and cause PHI exposure. Whether PHI exposure results from healthcare cyberattacks, employee errors, or vendor mistakes, the consequences of a healthcare data breach can be detrimental to patient privacy and security. |
| Healthcare cybersecurity investment critical to national security, says CISA official |
SC Media, March 10, 2022 Securing the healthcare sector is a crucial part of national security. Particularly as the spread of COVID-19 wanes and is replaced by heightened geopolitical tensions, advocating for and investing in critical cybersecurity defenses will protect patients, and the country, from harm. |
| Healthcare Data Breach at GA Cardiology Practice Impacts 71K |
Health IT Security, October 27, 2022 On August 15, Ascension St. Vincent’s Coastal Cardiology in Brunswick, Georgia, was alerted to a healthcare data breach involving “recently acquired Ascension St. Vincent’s Coastal Cardiology’s legacy systems including the electronic medical record.” “No Ascension networks or systems, including the practice’s current electronic medical record, were affected by this incident,” the announcement noted. |
| Healthcare Data Breach Lawsuits On the Rise, Report Shows |
Health IT Security, April 11, 2022 As healthcare data breaches continue to impact small and large organizations across the country, accompanying data breach lawsuits are becoming increasingly common. Law firm BakerHostetler’s latest data security incident report showed an increase in duplicative lawsuits, often resulting in steep defense and settlement costs. |
| Healthcare Data Breach Lawsuits On the Rise, Report Shows |
Health IT Security, April 11, 2022 BakerHostetler saw an uptick in data breach lawsuits in the weeks following incident notification, especially against healthcare organizations. |
| Healthcare Data Breaches Continue as New Year Begins |
Health IT Security, January 6, 2022 As a new year begins, threat actors are continuing to overwhelm providers and patients with healthcare data breaches. Some experts predict that ransomware actors will favor data exfiltration over encryption this year and that they will shift their focus to APIs and other attack vectors in order to throw off victims. |
| Healthcare data breaches cost an average of $10.1M, more than any other industry |
SC Media, July 29, 2022 With an average of $10.1 million, a data breach in the healthcare sector costs more than any other industry. In fact, the industry has faced the highest average cost of a breach for the last 12 years, according to the annual IBM Cost of a Data Breach Report. |
| Healthcare Data Breaches Impact 147k Illinoisans |
Info Security, February 16, 2022 The protected health information (PHI) of nearly 150,000 residents of Illinois may have been exposed in data breaches at two separate healthcare organizations. South Shore Hospital (SSH) in Chicago and the Family Christian Health Center (FCHC) in Harvey, Illinois, have begun notifying Illinoisans that the security of their data may have been compromised. |
| Healthcare faces COVID-induced triple threat as cyber awareness peaks |
SC Media, October 27, 2021 A shift has occurred in the healthcare sector over the course of the COVID-19 pandemic, pressing the limits of what providers can accomplish under the most overwhelming circumstances, and not just in terms of patient care. |
| Healthcare fintechs targeted by cyber criminals |
Healthcare Dive, September 8, 2022 Companies that process payments for physician groups, hospitals and other healthcare providers are more vulnerable to hacks, information system breaches and ransom demands than their peers in other segments of the industry, cybersecurity professionals warn. |
| Healthcare Industry Remains a Top Victim of Ransomware Attacks |
Health IT Security, November 29, 2022 Ransomware attacks continue to be the most prolific threat that organizations face across all infrastructure verticals, with the healthcare sector as a top target, according to the GuidePoint Security Q3 GRIT Ransomware report. |
| Healthcare Organizations Bear the Brunt of Cyberattacks Amid Pandemic |
DARK READING, January 6, 2021 Hospitals and other healthcare organizations bore the brunt of cyberattacks last year, all the while struggling to cope with the challenges posed by the COVID-19 pandemic. According to a new report this week from Check Point Software, attacks on healthcare entities worldwide jumped 45% in the past two months as attackers tried to take advantage of the pandemic by disrupting operations and extorting ransoms from organizations under tremendous pressure to provide uninterrupted services. |
| Healthcare organizations now must report cyberattacks to DHS |
Becker’s Health IT, March 17, 2022 Healthcare organizations will be required to report any cyberattacks to the Department of Homeland Security, under a law signed March 15 by President Joe Biden, Bloomberg reported March 16. |
| Healthcare Organizations: Moving to High Alert for Ransomware |
CSO ONLINE, April 13, 2021 Numerous healthcare facilities were attacked in the last year, including one incident in Germany that lead to a death when ransomware locked systems and a patient needing critical care was turned away. |
| Healthcare orgs in California, Arizona send out breach letters for nearly 150 000 after SSNs accessed during ransomware attacks |
ZD Net, September 10, 2021 LifeLong Medical Care and Queen Creek Medical Center were both hit with ransomware attacks over the past year. |
| Healthcare Ransomware Attack at Indiana ENT Office Impacts 45K |
Health IT Security, August 26, 2021 Indiana-based CarePointe ENT suffered a healthcare ransomware attack that may have exposed the PII and PHI of over 48,000 individuals. |
| Healthcare Ransomware Attack in CA Involves PHI of 57K |
Health IT Security, September 7, 2021 San Andreas Regional Center in California experienced a healthcare ransomware attack that may have exposed the PHI of over 57,000 individuals. |
| Healthcare Ransomware Attack Leads to EHR Downtime in IN |
Health IT Security, August 26, 2021 A healthcare ransomware attack in Indiana resulted in EHR downtime and potential exposure of patient and employee PII after bad actors released data online. |
| Healthcare Ransomware Attack Targets Practice Management Vendor |
Health IT Security, July 05, 2021 Practice management vendor Practicefirst announced a 2020 healthcare ransomware attack that may have exposed patient and employee PII. |
| Healthcare ransomware attacks are increasing – how to prepare |
Venture Beat, September 6, 2022 Sophos’ recent study, “The State of Ransomware in Healthcare 2022,” finds a 69% jump in the volume of cyberattacks and a 67% increase in their complexity just this year. |
| Healthcare ransomware attacks are increasing – how to prepare |
Venture Beat, September 6, 2022 Cybercriminals are becoming skilled at using legitimate tools to launch more severe, weaponized ransomware attacks on healthcare providers. In addition, they’re avoiding detection by relying on Living off the Land (LotL) techniques that turn attacks into a prolonged digital pandemic. |
| Healthcare ransomware: Proactive risk management is a ‘business opportunity’ |
SC Media, February 25, 2022 Healthcare has always been a prime target for ransomware actors given its penchant for paying hackers’ demands to maintain care operations. Put simply, when patient care is on the line, waiting for rescue and resuming business makes it difficult for any disruptions to IT systems. |
| Healthcare sector saw largest increase in IoT malware attacks in 2021 |
SC Media, February 17, 2022 The healthcare sector saw the largest increase in target IoT malware attacks in 2021, according to the latest annual SonicWall Cyber Threat Report. Compiled from data collected from 1.1 million global sources, researchers saw a 71% increase in IoT malware against healthcare clients. |
| Healthcare’s Data Extortion Problem, and How to Prepare for Ransomware |
HEALTH IT SECURITY, April 12, 2021 Data extortion attempts are now occurring in at least 70 percent of all ransomware attacks. How can healthcare providers best combat these pervasive tactics? |
| HHS 405(d) Urges Healthcare Sector to Prioritize Log4j Vulnerability |
Health IT Security, December 22, 2021 The Log4j vulnerability poses a serious threat to the healthcare sector, and most legacy systems cannot be patched. |
| HHS alert warns KillNet hacktivist group targeted US healthcare entity |
SC Media, December 22, 2022 The pro-Russian hacktivist group known as “KillNet” targeted a U.S. healthcare entity. The attack should serve as a warning to provider organizations to be on the alert and shore up defenses to prevent a similar outcome, according to the latest Department of Health and Human Services Cybersecurity Coordination Center alert. |
| HHS alerts health care sector to biomanufacturing malware threat |
American Hospital Association, November 30, 2021 The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) last week advised biotechnology companies specifically and the health care and public health sector generally to review a new report on a malware threat aggressively spreading through the biomanufacturing industry and take appropriation action to protect their information infrastructure. According to HC3, the malware is used to deliver ransomware, “possibly as a diversion for the actual purpose of the attack — intellectual property theft. |
| HHS cybersecurity center warns of new ransomware threat |
Healthcare Dive, November 14, 2022 The HHS’ Health Sector Cybersecurity Coordination Center is cautioning the healthcare industry that Venus ransomware operators are targeting remote desktop services to encrypt Windows devices. At least one health organization in the United States has been a victim, according to the cybersecurity center, also known as HC3. |
| HHS HC3 Warns of Vishing, Other Social Engineering Scams |
Gov Info Security, August 22, 2022 Social engineering poses significant data security threats to healthcare and public sector entities, federal authorities warn, urging entities to take steps to avoid falling victim. |
| HHS IDs 5 most prolific cybergangs targeting healthcare |
Becker’s Health IT, May 10, 2022 The majority of ransomware attacks on the healthcare and public health sector in the first quarter of 2022 were conducted by five ransomware-as-a-service groups, according to a May 5 HHS trend report. |
| HHS Issues Briefing for Health Sector Regarding Russia-Ukraine Cyber Conflict |
HIMSS, March 4, 2022 The U.S. Department of Health & Human Services has issued a Health Sector Cybersecurity Coordination Center (HC3) analyst note regarding the Russia-Ukraine cyber conflict and potential threats to the U.S health sector. |
| HHS Issues Threat Warning to US Healthcare Sector |
Info Security Magazine, March 3, 2022 The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to the US health sector over the possibility of collateral cyber-attacks linked to Russia’s invasion of Ukraine. In a notice issued Tuesday, HC3 said that the conflict had “as expected, spilled over into cyber space,” and identified three potential threat groups which could possibly target American healthcare organizations. |
| HHS outlines threats to electronic health and medical records, remediation guidance |
SC Media, February 18, 2022 The Department of Health and Human Services Cybersecurity Coordination Center (HC3) released new guidance outlining the biggest threats to the electronic medical record (EMR) and electronic health record (EHR) systems and best practice mitigation. |
| HHS outlines threats to electronic health and medical records, remediation guidance |
SC Media, February 18, 2022 The Department of Health and Human Services Cybersecurity Coordination Center (HC3) released new guidance outlining the biggest threats to the electronic medical record (EMR) and electronic health record (EHR) systems and best practice mitigation. |
| HHS reports third-party vendor incident compromised health data of 254K |
SC Media, December 15, 2022 The Department of Health and Human Services Centers for Medicare and Medicaid Services is currently notifying 254,000 out of its 64 million Medicare beneficiaries that their data was compromised after a ransomware attack on one of its third-party vendors. |
| HHS shares Log4j remediation guide, urges healthcare to assume compromise |
SC Media, January 21, 2022 The Department of Health and Human Services Cybersecurity Coordination Center (HC3) issued a nearly 50-page guide on the threat and potential impact of the Log4j vulnerability found in the Apache Foundation logging tool. |
| HHS Shares Resources for Avoiding Ransomware Attacks |
ACR, June 16, 2021 The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is encouraging organizations to familiarize themselves with the growing threat of ransomware — malicious software that blocks access to a computer system until an amount of money (ransom) is paid — and to take steps to avoid the threat. HHS recently provided links to online government resources to help healthcare facilities protect their computer systems from the ransomware threat, including: |
| HHS to providers: Learn from mistakes made in cyberattack that shut down Ireland health system |
SC Magazine, February 4, 2022 The Department of Health and Human Services urges healthcare provider organizations to review key mistakes made by the Ireland Health Service Executive prior to, during, and in response to its months-long network outage brought on by systems hack in mid 2021. |
| HHS Underscores Risk of Hive Ransomware |
Health IT Security, April 20, 2022 HHS’s Health Sector Cybersecurity Coordination Center (HC3) issued an analyst note regarding Hive ransomware group, the notorious cybercrime group responsible for multiple attacks against the healthcare sector. |
| HHS urges prompt patch of critical Citrix flaw after healthcare entities exploited |
SC Media, December 19, 2022 Provider organizations are being urged to prioritize patching of a critical vulnerability in the Citrix Application Delivery Controller and Gateway platforms, as threat actors have already compromised multiple healthcare entities by exploiting the flaw. |
| HHS Warns Health Sector About LockBit 2.0 Threats – Again |
Gov Info Security, February 9, 2022 Federal authorities are again warning healthcare and public health sector entities about potential threats posed by the ransomware-as-a-service group LockBit 2.0, despite the cybercrime gang’s claim that it does not target healthcare organizations. |
| HHS Warns Healthcare Sector About LockBit 2.0 Threats |
Gov Info Security, October 7, 2021 Ransomware Variant Updated; Group Claimed Credit for Accenture Attack. Federal regulators are warning healthcare and public health sector organizations of potential attacks by the ransomware group LockBit 2.0 and its affiliates. |
| HHS Warns Healthcare Sector of LockBit 3.0, BlackCat Ransomware |
Health IT Security, December 14, 2022 The HHS Health Sector Cybersecurity Coordination Center (HC3) issued two new analyst notes detailing the tactics and indicators of compromise for LockBit 3.0 and BlackCat. The LockBit ransomware family and the BlackCat ransomware variant have been observed targeting the healthcare sector. Healthcare organizations should remain vigilant and apply recommended mitigations to reduce risk. |
| HHS Warns of Threats to Electronic Health Records |
Gov Info Security, February 18, 2022 Healthcare entities should implement a more “proactive preparedness” approach for protecting their electronic health record/electronic medical record systems, which are an increasingly attractive target for cyberattacks and other breaches, federal regulators warn. |
| HHS warns Royal ransomware threat targeting healthcare providers |
SC Media, December 8, 2022 Since the emergence of the human-operated ransomware threat group known as Royal in September, the Department of Health and Human Services Cybersecurity Coordination Center has been made aware of targeted cyberattacks against the healthcare sector. Royal-based attacks have steadily increased in appearance over the last three months with ransom demands ranging from $250,000 to more than $2 million. |
| HHS, FBI, CISA Warn Healthcare of Ongoing Hive Ransomware Threats |
Health IT Security, November 18, 2022 HHS, the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory about Hive ransomware actors. The ransomware actors have been repeatedly targeting critical infrastructure, especially the healthcare sector since they were first observed in June 2021. |
| HHS: Amid Russian threat, hospitals need 4-6 week business continuity plan |
SC Media, March 21, 2022 Echoing recent healthcare industry stakeholder groups, the Department of Health and Human Services is urging provider organizations to review and bolster defenses to guard against possible fallout from the Russian invasion of Ukraine. As a general rule, business continuity plans should cover between four to six weeks of continuity in the wake of an attack. |
| HHS: Health Sector Should Prepare for Russia-Ukraine Threats |
Gov Info Security, March 18, 2022 Federal authorities are advising healthcare sector entities to take precautions, including enhancing their cybersecurity posture and being prepared to implement four- to six-week business continuity plans, as they continue to face potential cyber incidents related to the Russia-Ukraine war. |
| HHS: HIPAA can ‘substantially mitigate’ most common healthcare cyberattacks |
SC Media, March 17, 2022 The bulk of cyberattacks against the healthcare sector could be “prevented or substantially mitigated” by following the Health Insurance Portability and Accountability Act Security Rule, according to the Department of Health and Human Services Office for Civil Rights. |
| HHS: Ransomware groups will continue focus on healthcare, leveraging legacy tech |
SC Media, October 15, 2021 The latest Department of Health and Human Services Cybersecurity Coordination Center alert pointed to healthcare delivery organizations as a key target of ransomware attacks, often due to its heavy reliance on outdated and legacy technologies, as well as limited security resources. |
| Highmark Health, WellDyneRx, Others Report Healthcare Data Breaches |
Health IT Security, July 13, 2022 WellDyneRx, Highmark Health, Carolina Behavioral Health Alliance, and two others disclosed healthcare data breaches recently. |
| HIMSS21: Your healthcare organization is crippled by ransomware. Should you pay the attackers? |
Fierce Healthcare, August 10, 2021 Cyberattacks have ramped up in recent years, and there’s now a strong chance that any given health organization will, at some point, be hit with ransomware. |
| HIPAA Violations On the Rise as Ransomeware Attacks Increase |
Endocrinology Advisor, July 29, 2022 Cybercrime continues to increase, with a sharp rise in the number of attacks involving ransomware, according to the Verizon 2022 Data Breach Investigation Report (DBIR). |
| Hive Ransomware Racks up $100 Million in Ransom Payments, Over 1,300 Companies Victimized |
CPO Magazine, November 22, 2022 Hive ransomware, one of the biggest ransomware-as-a-service (RaaS) strains circulating since 2021, has at this point brought in $100 million in ransom payments according to a new alert released by the Cybersecurity and Infrastructure Security Agency (CISA). The total victim count is at least 1,300 organizations, and the group is notorious for spitefully dumping other types of ransomware on target systems when they refuse to make payment. |
| Holiday, Weekend Ransomware Attacks Pose Threats to Healthcare Cybersecurity |
Health IT Security, November 17, 2022 Although security professionals may take holidays and weekends off, threat actors do not. New research from Cybereason found that holiday and weekend ransomware attacks resulted in greater revenue losses and lengthier recovery times for victim organizations. |
| Homeland Security Secretary Backs Call for Mandatory Disclosure of Ransomware Payments |
NEXTGOV, April 29, 2021 DHS Secretary Alejandro Mayorkas said the department will work with a task force developed by the private sector on ways to tamp down the increase in ransomware attacks.
|
| Hospital Ransomware Attacks Go Beyond Health Care Data |
Security Intelligence, November 24, 2021 The health care industry has been on the front lines a lot lately. Along with helping control the effects of COVID-19, it has been a prime target for ransomware. In a 2021 survey conducted of 597 health delivery organizations (HDOs), 42% had faced two ransomware attacks in the past couple of years. Over a third (36%) attributed those ransomware incidents to a third party, such as what happened earlier this year with Kaseya. The effects go beyond stolen health care data, although that is important, too. What does it mean when a health care organization faces an attack? And what can they do to protect themselves? |
| Hospital, Health Department Still Recovering From Attacks |
Gov Info Security, February 7, 2022 What Steps Can Other Entities Take to Lessen Post-Attack Restoration Pain? |
| Hospital: Patient information may have been stolen in St. Joseph’s/Candler ransomware attack |
MSN, August 11, 2021 Leaders with St. Joseph’s/Candler said some employee and patient information may have been taken during June’s ransomware attack. |
| How a ransomware attack exacerbated St. Michael’s workforce shortage |
Becker’s Health IT, December 5, 2022 Silverdale, Wash.-based St. Michael Medical Center experienced an October ransomware attack that exacerbated the hospital’s short staffing issues that have been persisting for months, Kitsap Sun reported Dec. 2. The hospital was a part of the ransomware attack that plagued Chicago-based CommonSpirit facilities, and due to the attack, St. Michael’s had to shut down its Epic EHR system. |
| How Can Congress Aid Healthcare Cybersecurity, Fight Ransomware? |
Health IT Security, July 22, 2021 Witnesses testified before Congress this week, noting that the healthcare sector needs help battling cyberattacks and ransomware. |
| How Criminals Extort Healthcare Victims With Ransomware |
Healthcare Info Security, December 14, 2022 Ransomware operations have become expert at finding ways to make a victim pay, and healthcare organizations are no exception. But experts say there are multiple steps healthcare sector entities in particular can take to better protect themselves and ensure that in the event of an attack, they can quickly restore systems and never have to consider paying a ransom. |
| How hackers used ransomware to undermine healthcare everywhere |
Security Magazine, July 30, 2021 As COVID-19 ravaged hospitals’ patient care units last year, opportunistic criminals saw an opportunity to pluck low-hanging fruit: Hacking groups decided to breach and ransom healthcare institutions during a time of global crisis. |
| How Health Facilities Can Prevent, Mitigate Ransomware in 2021 |
Health IT Security, August 13, 2021 Ransomware is continuing to impact the healthcare industry, which has seen a rise in cyber-attacks since the start of the pandemic. |
| How Healthcare Cyberattacks Can Impact Patient Safety, Care Delivery |
Health IT Security, September 8, 2022 Along with documented financial losses and reputational harm, healthcare cyberattacks have been known to endanger patient safety and adversely impact care delivery. |
| How Kelsey-Seybold Clinic recovered from a ransomware attack |
Healthcare IT News, June 23, 2021 The provider’s CISO and CTO offers some best practices for pulling through an attack – and describes how to bolster cyber defenses so it doesn’t happen again. |
| How precise email analysis reduces healthcare ransomware threats |
FED Scoop, August 4, 2021 The healthcare industry has come under intensified attacks by malicious actors over the last year amid new opportunities to target institutions during the COVID-19 pandemic. |
| How Ransomware Is Affecting Healthcare |
Joanne Fitzpatrick is a lead cybersecurity engineer in MITRE’s Cyber Solutions Innovation Center. She works closely with a range of government sponsors to increase their situational awareness and improve their resiliency to cyber attacks. She began her career at MITRE working on network architectures and security for Air Force systems.
Why are healthcare facilities such prime targets for ransomware attacks? Hospitals and healthcare organizations, large and small, are at particular risk for ransomware. One study showed more than 500 attacks in 2020 alone, with major health systems in Texas, Minnesota, and Vermont recently coming under attack. Patient care and business systems, such as communications, billing, and electronic health records, are often disrupted, even to the point of re-routing patients to other facilities and cancelling surgeries. Today, hospitals and healthcare centers are especially vulnerable because COVID has reduced ICU bed capacities, and medical professionals are serving COVID patients while managing existing caseloads. The pandemic has publicized the health systems’ struggles worldwide. It’s worth noting that an adversary does not need to infiltrate an entire healthcare information system (HIS) to negatively impact an organization’s ability to deliver health services, a primary objective. They may choose to gain access to one subsystem, module, or critical file, such as the scheduling process for operating rooms. Upon gaining access, the adversary could encrypt it, prohibiting the organization from accessing or using the schedule. They would then complete the attack by demanding funds in return for the necessary software to decrypt/unlock the module or files. Not all health organizations are equal. What do we know about how ransomware affects hospitals and health facilities in rural or underserved areas? Great question. We tend to hear about large organizations in the media when an attack has happened. However, hospitals and health facilities in rural or underserved areas are just as vulnerable as larger, more urban organizations. Adversaries don’t adhere to rules, and don’t want to be predictable in their attack behavior. Impeding an organization from successfully providing their services to their local communities is simply a pathway to demand a ransom. Since they primarily want to extort money from an organization, they don’t really care about its size, location, or nature of their databases. From the perspective of hospitals and health facilities in rural or underserved areas, however, their ability to protect themselves from a ransomware attack, or to be able to operate through such attacks, may be more limited than their larger counterparts because their IT infrastructure may be less mature and their resources may be more limited. Are there considerations for organizations with small or underfunded IT/security staff? There are two key considerations. First, such organizations typically have smaller IT and security departments, with a handful of talented people wearing many hats, and each responsible for several major operational IT areas. Staff tend to be experienced in the operations of their own organization, but often have little access to growth/training/professional development on cybersecurity issues, such as threats and attacks. Lack of time or budget is usually the reason. Additionally, there is little-to-no extra staff available to dedicate to specialty cyber topics, such as threat modeling or attack surface assessments. Second, we recognize that both small and large healthcare organizations may be targets for adversaries. Size does not matter. We’ve witnessed successful attacks at all types of health organizations. Adversaries may even exploit a smaller hospital as part of their attack navigation to exploit a larger, partnering organization. For these reasons, we’ve build the Ransomware Resource Center to help all kinds of health organizations, whatever their size and wherever they are in their planning. How can the Ransomware Resource Center help healthcare organizations? We hope the Ransomware Resource Center will make two key contributions. It will inform hospitals and healthcare organizations about how to prepare, respond to, and recover from such an attack. It also will share freely with the broader community the unbiased guidance and best practices that MITRE cybersecurity and cyber resiliency professionals have provided for years to our many federal government sponsors. What is unique about the security needs of healthcare providers, suppliers, and support organizations? In general, their needs are similar to those of other types of business with regards to structure and process flows. However, expectations for healthcare systems are different from other sectors (such as banking or retail, for example) because human well-being and lives are at stake. Emergency rooms, maternity, and much else demands 24/7 functionality. In this way, the security needs of healthcare delivery are more like some of MITRE’s military sponsors where the safety of human life and local populations is paramount. Where should you start if you work at a smaller organization, or don’t have the benefit of a fully-staffed information security team? Many healthcare organizations choose to start with an assessment that asks and answers some key questions: What are our most important assets? What are the strengths and vulnerabilities of our current system? What are the roles and responsibilities around the organization if we come under attack? MITRE has created numerous cyber tools that help organizations ask and answer these important questions. Three in particular, Cyber Tabletop Exercises, the Crown Jewels Analysis (CJA), and the Cyber Operations Rapid Assessment (CORA) are well-suited to healthcare organizations. We’ve used them extensively in helping many organizations understand where they are in facing cyber adversaries, and then pointing the way to their necessary and feasible next steps. How can MITRE assist organizations seeking to become more resilient? To learn more about MITRE and the ways we can work with you, contact us at HealthCyber@mitre.org. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation. |
| How ransomware runs the underground economy |
CSO, August 31, 2021 Ransomware gangs are adopting all the core elements of legitimate businesses—including defined staff roles, marketing plans, partner ecosystems, and even venture capital investments—and some hallmarks of more traditional criminal enterprises. |
| How Rural Hospitals Can Tackle Healthcare Cybersecurity Risks |
Health IT Security, September 28, 2022 Ransomware, phishing, and breaches are all top-of-mind concerns for healthcare cybersecurity leaders, regardless of organization size or location. But for small, rural hospitals, managing cyber risk can be an even more intimidating task. |
| How Security Training Can Combat the Threat of Ransomware |
Health Tech, July 29, 2021 Preparedness, security tools and a recovery plan are key to helping healthcare organizations overcome cybersecurity attacks. |
| How to Maintain Business Continuity in the Age of Ransomware |
Cloud Security Alliance, July 20, 2022 It’s worth making the connection between ransomware and your overall business continuity strategy. Ransomware has been a scourge for years, but the attacks are only growing more sophisticated, capable of hitting multiple sites and bringing your entire organization to a halt. |
| HSCC Creates Operational Continuity Checklist For Navigating Cyberattacks |
Health IT Security, May 2, 2022 The Healthcare and Public Health Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) released a checklist to help healthcare staff and executives preserve operational continuity while recovering from a serious cyberattack. |
| HSE ‘missed opportunities’ to detect malicious activity before ransomware attack |
Yahoo! News, December 10, 2021 A report into the Health Service Executive (HSE) ransomware attack has found there were “several missed opportunities” to detect malicious activity. An independent review, carried out by PricewaterhouseCoopers, found that the HSE failed to respond to several alerts after a phishing email was opened, weeks before the system was crippled by a ransomware attack. |
| IBM Security: Cost of Data Breach Hitting All-Time Highs |
Security Week, July 27, 2022 A study commissioned by IBM Security says the global average cost of a data breach reached an all-time high of $4.35 million and warned that the absence of zero trust principles at studied organizations are pushing those costs even higher. |
| Improving Cybersecurity to Protect Your Patients and Practice |
Physician’s Weekly, October 21, 2021 Inadequate cybersecurity presents great risks to physicians, as healthcare is among the most targeted industries. Healthcare clinics and hospitals face cyberattacks almost daily. According to tech research company Comparitech, ransomware attacks rose a whopping 470% from 2019 to 2020, with more than 600 healthcare institutions and more than 18 million individual patient records falling victim to attacks. Hackers are particularly drawn to healthcare institutions due to their often archaic security software, as well as their tendency to under-prioritize cybersecurity. |
| Increased Mortality Rates Linked to Cyber-Attacks Against Healthcare Organizations |
Info Security, September 11, 2022 A recent report, which surveyed 641 healthcare IT and security practitioners, found that 89% of them experienced an average of 43 attacks in the past 12 months, with more than 20% suffering one of the following types of attacks: cloud compromise, ransomware, supply chain, and phishing. |
| Indiana health system diverts ambulances, reverts to paper records amid ransomware attack |
Becker’s Health IT, October 6, 2021 Hackers are demanding ransom from Johnson Memorial Hospital as the Franklin, Ind.-based health system grapples with an ongoing cyberattack, according to an Oct. 5 WTHR 13 report. The health system has reverted to using paper and pen after the ransomware attack took its computer systems offline. |
| Indiana hospital suspends IT systems in response to ongoing cyberattack |
SC Media, September 30, 2021 Late Wednesday night, Schneck Medical Center in Indiana was hit with a cyberattack that impacted operations, leading the security team to suspend access to all IT applications across the hospital network, according to a posting on the hospital’s website. The latest posting shows the attack is causing intermittent issues with the phone systems. Meanwhile, patients are reporting access issues on the hospital’s social media page. The provider’s website remains online. |
| Infant Fatality Could Be First Recorded Ransomware Death |
Info Security Magazine, October 1, 2021 A tragic case making its way through the courts in the US could prove to be the first recorded death due to ransomware. |
| Infusion Pump Vulnerabilities Point to Gaps in Medical Device Security |
Health IT Security, August 27, 2021 McAfee researchers discovered significant gaps in medical device security that may allow hackers to administer deadly doses of medications through an infusion pump. |
| Inside the Battle Against Ransomware Attacks |
NBC Washington, February 4, 2022 Survey results show less than half of respondents have ransomware incident response plan. |
| Insurers run from ransomware cover as losses mount |
The Hindu, November 19, 2021 Faced with increased demand, major European and U.S. insurers and syndicates operating in the Lloyd’s of London market have been able to charge higher premium rates to cover ransoms. |
| Intelligence Driven Exercises and Solutions (IDEAS): An uncomplicated approach for solving complicated problems |
Q&A with Theresa Fersch Theresa Fersch is a Principal Systems Engineer with 15 years of exercise design and development expertise.
What is IDEAS? As part of our continued focus on solving problems for a safer world, MITRE recognizes that one of our nation’s greatest challenges is that threats and adversaries are constantly evolving. Technology advances by leaps and bounds, our adversaries are becoming faster and stronger, and disruptions are becoming even more disruptive. To stay ahead of the game, we must continuously be checking and refining our assumptions, methods, and strategies. Tabletop exercises are a form of serious games that have long been used by the Department of Defense (DOD), Department of Homeland Security (DHS), the Intelligence Community (IC), and other government agencies to sharpen their focus on a problem set and their understanding of the people, processes, and technologies associated with them. Based on our previous experience, MITRE experts have developed a methodology for implementing and scaling table top exercises we call Intelligence Driven Exercises and Solutions or IDEAS. Why is MITRE unique? Over the last 15 years, I have led a small team of diverse subject matter experts (SME) at MITRE in tackling some of our nation’s greatest challenges by compiling lessons learned and best practices in tabletop exercise development to create a scalable and tailored methodology that can be applied to any problem set or industry. So how did we do this? We began with traditional tabletop exercise and wargaming methodologies and enhanced them by applying systems engineering principles and making a few key changes. We have leveraged MITRE’s culture of speed and adaptability to identify areas within these tried-and-true methods that can be standardized, replicated, and repeated. Our collaborative focus has helped us learn that by cross-pollinating expertise or applying different types of expertise to the problem set, we can identify new threats or vulnerabilities, and therefore new solutions, that might not necessarily be explored by those who are deeply familiar with the problem. By encouraging participation from specific subject matter experts, IDEAS leads build high performance teams to uniquely tailor each exercise and ensure a high degree of relevance to the problem set being explored. Our exercises and solutions provide an environment wherein participants can safely and boldly explore dynamic problem sets in unique ways to bolster understanding, identify areas for improvement, develop actionable recommendations, and harvest lessons learned. Applying to cyber in the healthcare sector While IDEAS began as an exercise methodology for the intelligence community, MITRE has since applied this method to numerous industries and sectors. To date, we have developed and conducted exercises ranging across cybersecurity, healthcare, economics, transportation, intelligence, international relations, defense, supply chain, and emergency management. Most recently, MITRE has been working with Health Delivery Organizations (HDOs) across the country to build and conduct exercises with a focus on stressing, improving, and validating responses to cyberattacks. Cyberattacks can have devastating impacts not only from a business continuity perspective, but from a patient health and safety perspective as well. We work with HDOs to fully understand their ecosystems: the roles and responsibilities of key security and emergency response personnel involved, the processes, procedures, and plans currently in place, and their technical capabilities and systems. This vital information, combined with MITRE’s extensive expertise in cybersecurity, informs exercise development to produce exercises that are relevant, realistic, and effective at exercising an HDO’s response to cyberattacks. We exercise concepts such as:
It is our goal to ensure everyone who works with us is fully prepared to handle cyber attacks on their healthcare systems. Interested in conducting table top exercises at your organization? Learn more about how MITRE can help support your organization: https://healthcyber.mitre.org/blog/resources/cyber-tabletop-exercises/ |
| Inventive Ransomware Group Focused On Healthcare Data |
Cyber Security Intelligence, October 7, 2021 Ransomware groups have increased their attacks on hospitals and health service providers as Coronavirus pandemic persists and this is because of the sensitive information they carry, including information like social security numbers, financial and other personal data. A new ransomware gang called Vice Society claims it has obtained confidential patient data following an attack in August on California’s United Health Centers, which suffered a ransomware attack that disrupted several locations. The stolen data includes insurance benefits, financial documents and laboratory test results and Vice Society has now begun leaking the stolen data. |
| IoT Malware Attack Volume Up 123% in Healthcare |
Health IT Security, July 28, 2022 SonicWall observed a 123% spike in IoT malware attack volume in healthcare, but a decrease in the number of organizations targeted. |
| Ireland HSE Cyberattack is a Cautionary Tale For US Healthcare Orgs |
Health IT Security, February 7, 2022 HC3 urged US healthcare organizations to learn from the May 2021 Conti cyberattack attack against the Ireland HSE that led to a nationwide IT outage. |
| Irish Healthcare Ransomware Hack Cost Over 80 Million Euros |
Bank Info Security, December 13, 2022 A ransomware attack on the Irish healthcare system in 2021 has caused 80 million euros in damages and counting as the government continues to notify victims of the incident that their personal information was illegally accessed and copied. |
| Irish Healthcare System Requires More Than $100 Million To Recover From the Conti Ransomware Attack |
CPO Magazine, March 4, 2022 Irish Foreign Minister Simon Coveney described the incident as a “very serious attack.” Similarly, Irish Minister of State Ossian Smyth claimed it was “possibly the most significant cybercrime attack on the Irish State.” |
| Is Your Healthcare Organization Following These Four Ransomware Best Practices? |
Security Boulevard, August 24, 2021 Healthcare is the most targeted sector for data breaches and ransomware attacks were responsible for almost 50% of all healthcare data breaches in 2020, according to the US Department of Health and Human Services Cyber Security Program 2021 Forecast. While ransomware has been a favorite among attackers for years now, the rate continues to rise each year. |
| Italian vaccination registration system down in apparent ransomware attack |
NBC News, August 2, 2021 Hackers have attacked the vaccination registration system in one of Italy’s largest regions, temporarily blocking residents from booking new vaccination appointments, officials said. |
| Jackson Hospital Suffers Patient Data Exfiltration Incident |
Health IT Security, February 23, 2022 Recent data breaches included data exfiltration at Florida-based Jackson Hospital and improper PHI access by an employee at Michigan Medicine. |
| Johns Hopkins CISO: Complexity of health care requires ‘adversarial security’ model |
SC Media, October 4, 2021 High-profile ransomware attacks left health care in the spotlight in the last year as a vertical that struggles to manage its security posture amid dire circumstances. But Darren Lacey, chief information security officer and director of IT compliance for Johns Hopkins University and Johns Hopkins Medicine sees it a bit differently. |
| Kaiser Permanente Discloses Data Breach at WA Health Plan, 69K Impacted |
Health IT Security, June 13, 2022 Kaiser Permanente notified 69,589 individuals of a data breach that occurred at the Kaiser Foundation Health Plan of Washington. According to a notice on its website, Kaiser Permanente discovered on April 5 that an unauthorized party had gained access to an employee’s emails. |
| Karakurt ransomware group targeting healthcare providers, HHS warns |
SC Media, August 24, 2022 Provider organizations are being warned to be on the alert for cyberattacks levied by the Karakurt ransomware group after at least four cyberattacks by the threat actors against the healthcare sector in the last three months. |
| Kentucky Hospital Still Struggles One Week After Cyberattack |
Health Info Security, January 26, 2022 A regional Kentucky hospital is the latest healthcare entity struggling to recover after a recent cyber incident brought down its phone systems, internet services, email and other systems. |
| Keralty ransomware attack impacts Colombia’s health care system |
Bleeping Computer, November 30, 2022 The Keralty multinational healthcare organization suffered a RansomHouse ransomware attack on Sunday, disrupting the websites and operations of the company and its subsidiaries. |
| Keystone Health breach exposed health details of 235k people |
Cyber News, October 19, 2022 Pennsylvania-based healthcare service provider Keystone Health suffered a major data breach exposing the protected health information (PHI) of close to a quarter of a million people. |
| Kronos Cyberattack Takes Down Healthcare Workforce Management Services |
Health IT Security, December 16, 2021 HR management solutions provider Kronos was the target of a recent cyberattack that is now impacting healthcare workforce management and payroll services. |
| Law Enforcement Health Benefits Plan Ransomware Attack Impacts 85K |
Health IT Security, March 31, 2022 Ransomware impacted 85K at Law Enforcement Health Benefits, and a California health plan is temporarily unavailable after detecting anomalous activity. |
| Lawmakers press Biden officials on cyber reporting, CISA’s future as threats from nations, ransomware evolve |
SC Media, November 15, 2022 The future of the Cybersecurity and Infrastructure Security Agency, requests for a speedier implementation of new cyber incident reporting regulations, and a potential congressional authorization for the newly established Cyber Safety Review Board were all floated by members of the House Homeland Security Committee as they pressed Biden administration officials Tuesday on their cybersecurity plans for the coming year. |
| Lawmakers want to know how the health sector is fighting ransomware |
SC Media, August 15, 2022 Sen. Angus King, I-Maine, and Rep. Mike Gallagher, R-Wis., are calling for an urgent meeting with the Department of Health and Human Services to operationalize collaboration throughout the healthcare sector to defend against the ongoing threat of ransomware attacks. |
| Lawsuit: Health System Failed to Heed Ransomware Warnings |
Gov Info Security, September 15, 2021 A proposed class action lawsuit filed this week against St. Joseph’s/Candler Health System in the wake of a recent ransomware breach affecting 1.4 million individuals alleges that the Georgia-based healthcare entity was “reckless” and “negligent” in safeguarding patients’ information. |
| Lawsuits allege death, morbidity from cyberattacks: Is this the next phase of medical malpractice? |
SC Media, October 6, 2021 Last week, a headline caught mainstream media’s attention: a lawsuit claimed a ransomware attack led to the death of her newborn. A lawsuit filed in the same timeframe alleged a patient’s care was diminished due to network outages at a hospital’s vendor. |
| Lengthy Healthcare Cyberattack Recovery Disrupts MD Department of Health |
Health IT Security, February 9, 2022 The Maryland Department of Health just entered month three of the healthcare cyberattack recovery process as data breaches continue to torment healthcare organizations. |
| Lessons Learned from Ireland’s Healthcare System Ransomware Attack |
Security Boulevard, January 26, 2022 In May 2021 Ireland’s public healthcare system, the Health Services Executive (HSE), was hit with a ransomware attack that proved to be extremely costly and disrupted healthcare for months. A detailed post-mortem of the attack, produced by consulting firm PriceWaterhouseCoopers, (PWC) runs to 150 pages. The report includes not only a description of what happened, but an analysis of mitigating factors and recommendations as well. There’s a lot that can be learned from this attack and from the PriceWaterhouseCoopers report. |
| Listen: How ransomware put the health sector on notice |
SC Media, September 8, 2021 Ransomware is not new in a sense that malware can encrypt files and do bad things, said Eric Decker, a chief information security officer in the health care industry. But around 2015 or 2016, he said organized crime began to leverage it as a tool in far more disruptive and destructive ways. |
| LockBit 3.0 Ransomware |
HHS, December 12, 2022 HC3: Analyst Note. Report: 202212121700 LockBit 3.0 is the newest version of the LockBit ransomware that was first discovered in September 2019. The ransomware family has a history of using the Ransomware-as-a-service (RaaS) model and typically targets organizations that could pay higher ransoms. Historically, this ransomware employs a double extortion technique where sensitive data is encrypted and exfiltrated. The actor requests payment to decrypt data and threatens to leak the sensitive data if the payment is not made. |
| LockBit Remains Most Prolific Ransomware in Q3 |
Info Security Magazine, November 16, 2022 The infamous LockBit ransomware variant remained the most widespread in the third quarter of 2022, accounting for over a fifth (22%) of detections, according to a new report from Trellix. |
| Lorenz Ransomware |
HHS, November 21, 2022 HC3: Analyst Note. Report: 202211211700 Lorenz is human-operated ransomware that has been in operation for approximately two years. In that time, HC3 is aware of the compromise of healthcare and public sector targets. It is used to target larger organizations in what is called “big-game hunting”, and publishes data publicly as part of pressuring victims in the extortion process. Lorenz is known to target organizations globally using customized code, and can demand hundreds of thousands of dollars in ransoms. |
| Man Charged For Involvement in LockBit Ransomware Campaign |
Health IT Security, November 15, 2022 Dual Russian and Canadian national Mikhail Vasiliev was charged for his alleged involvement in the global LockBit ransomware campaign, the Department of Justice (DOJ) announced. LockBit has been known to target healthcare in the past. |
| Man charged with taking part in ransomware campaign targeting healthcare |
Becker’s Health IT, November 11, 2022 A dual national of Canada and Russia has been charged with being part of a ransomware gang that has targeted the healthcare industry. |
| Many Cloud Attacks End in Financial Loss for Healthcare Sector |
Health IT Security, November 15, 2022 Numerous cloud attacks are successfully exploiting the healthcare sector for financial gain, according to a newly released 2022 Cloud Security Report by cybersecurity vendor Netwrix. |
| Many Healthcare Orgs Suffer IT Outages After Ransomware Attacks |
Health IT Security, October 18, 2022 A Trend Micro study found that 86 percent of surveyed healthcare organizations hit by ransomware attacks had experienced IT outages. |
| Maryland Health Department Confirms Attack Was Ransomware |
Gov Info Security, January 13, 2022 Maryland officials have confirmed that a December cyberattack on the state’s health department, which is still disrupting some services that were taken offline during recovery, involved ransomware. Officials say the state has not paid a ransom and has activated its cyber insurance policy. |
| Medibank refuses to pay ransom for hacked data affecting 9.7 million customers |
SC Media, November 7, 2022 Medibank, Australia’s largest health insurer, announced Monday that it will not pay a ransom to the hacker behind the recent data theft affecting 9.7 million customers. |
| Medical Center Ransomware Attack Affects 700,000 |
Gov Info Security, June 14, 2022 An Arizona medical center that suffered a ransomware attack in April has begun notifying 700,000 individuals of a data breach compromising sensitive medical and personal information. |
| Medtechs need to up their cybersecurity threat modeling game, FDA says |
Medtech Dive, August 13, 2021 Medtech companies must design and develop devices that “have far more robust security built in” to keep pace with emerging cybersecurity threats and vulnerabilities, said Suzanne Schwartz, director of CDRH’s Office of Strategic Partnerships and Technology Innovation. To do that, Schwartz says medtechs need better threat models that lay out what hackers might do to target a device and how to protect it. |
| Memorial Health Faces Lawsuit After Hive Ransomware Cyberattack |
Health IT Security, January 26, 2022 Hive ransomware group claimed responsibility for an August 2021 cyberattack against Memorial Health System, and victims are now demanding answers. |
| Memorial Health System Confirms Data Breach |
Info Security, January 21, 2022 A cyber-attack on an Ohio-based health system may have exposed the protected health information (PHI) of 216,478 patients. |
| MercyOne says it has begun restoring systems following ransomware attack |
MSN, October 21, 2022 More than two weeks after a ransomware attack crippled its parent company, MercyOne health system is beginning to restore certain systems that were taken offline. |
| Mespinoza, Pysa ransomware an ongoing threat to the healthcare sector, HHS warns |
SC Media, January 7, 2022 A new Department of Health and Human Services Cybersecurity Program alert is reminding the healthcare sector of ongoing cyberattacks by the Mespinoza cybercriminal group, which has highly targeted the healthcare sector over the last two years with Pysa ransomware and other cyber threats. |
| Mespinoza, Pysa Ransomware Pose Threat to Healthcare Cybersecurity |
Health IT Security, January 11, 2022 HC3 warned the sector of Mespinoza, a cybercriminal group that operates Pysa ransomware and has a history of targeting healthcare entities. |
| Mid-Size Orgs Continue to Be Targeted in Healthcare Cyberattacks |
Health IT Security, December 2, 2021 Small to mid-size organizations and outpatient facilities continue to be targets for healthcare cyberattacks that often lead to PHI exposure. |
| Millions of Patients Receive Healthcare Data Breach Notifications |
Health IT Security, November 24, 2021 Utah Imaging Associates began notifying nearly 600K of a healthcare data breach, and Eskenazi Health began notifying over 1.5 million individuals. |
| Minnesota clinic transitions to Allina Health’s EHR after ransomware attack |
Becker’s Health IT, March 31, 2021 Apple Valley (Minn.) Clinic, part of Minneapolis-based Allina Health, recently transitioned to the health system’s EHR platform following a ransomware attack on its tech services vendor that exposed nearly 158,000 patients’ information. |
| Minnesota’s Lake Region Healthcare Recovering From Ransomware Attack |
IT Health Security, Janury 7, 2021 A ransomware attack struck Minnesota-based Lake Region Healthcare just before Christmas, resulting in some system disruptions; “activist” data leaks and two email hacks complete this week’s breach roundup. |
| Mon Health Reports Breach Soon After Phishing Incident |
Gov Info Security, March 2, 2022 A West Virginia-based healthcare entity that reported a phishing breach in December affecting nearly 399,000 individuals this week reported a separate security incident that appears to have potentially involved ransomware. |
| More Major Hacking Incidents Added to HHS Breach Tally |
Data Breach Today, April 28, 2022 Five of the 10 largest health data breaches so far in 2022 – affecting millions of individuals – have been added to the federal tally in just the last month as the latest wave of major hacking/IT incidents being reported to regulators continues to grow. |
| More than 90% of cyberattacks are made possible by human error |
Tech Xplore, June 9, 2022 In a ransomware attack, a company’s computer systems are locked, and the attacker demands a ransom in cryptocurrency in return for unlocking the system. Malware infects a network of objects connected to the Internet of Things to steal the personal data of its users. Talking about cybersecurity is talking about technology. However, it is increasingly common to study cyber risk as part of an interdisciplinary approach. After all, threats are technological, but they also have to do with behavioral, social and ethical factors. |
| Most of the 10 largest healthcare data breaches in 2022 are tied to vendors |
SC Media, December 12, 2022 Ninety percent of 10 largest healthcare data breaches reported this year were caused by third-party vendors, much like in 2021. The fallout for many of these cyberattacks resulted in impacts for multiple connected providers, with two of these vendor incidents affecting hundreds of providers. |
| Most organizations that paid a ransom were hit with a second ransomware attack |
SC Media, June 8, 2022 Cybereason on Tuesday released a report that found some 80% of organizations that paid a ransom were hit by ransomware a second time — and 68% said the second attack came less than one month later and the threat actors demanded a higher ransom amount. |
| Most Patients Unaware of the Magnitude Healthcare Ransomware Attacks |
Health IT Security, November 10, 2021 Half of potential patients said they would change hospitals if their provider was hit by a healthcare ransomware attack, but most are unaware of recent attacks. |
| MultiCare Notifies 23K of Third-Party Breach |
Health IT Security, December 23, 2022 MultiCare Health System in Washington suffered a third-party data breach that originated at its mailing service provider, Kaye-Smith. As previously reported, the breach at Kaye-Smith impacted other healthcare organizations, including 31,573 individuals at St. Luke’s Health System in Idaho. The breach impacted more than 23,000 individuals at MultiCare. |
| N.L. health-care cyberattack is worst in Canadian history, says cybersecurity expert |
CBC, November 4, 2021 ‘It has real impacts on human life and safety’. One cybersecurity expert says the cyberattack on the Newfoundland and Labrador health-care system may be the worst in Canadian history, and has implications for national security. |
| Navajo Nation hospital the latest victim of brutal wave of ransomware attacks |
Yahoo.com, March 3, 2021 When Rehoboth McKinley Christian Health Care Services in Gallup, New Mexico, was hit with a cyberattack earlier this year, the hospital’s staff had to revert to pen and paper to keep things running. Read full Navajo Nation hospital ransomware attack article on Yahoo.com. |
| New ‘BianLian’ Ransomware Variant on the Rise |
Dark Reading, August 22, 2022 Novel ransomware was created with the Go open source programming language, demonstrating how malware authors increasingly are opting to employ the flexible coding language. |
| New Report Shows What Data Is Most at Risk to and Prized by Ransomware Attackers |
IT Wire, July 3, 2022 A new report reveals how attackers think, what they value, and how they apply the most pressure on victims. The report released today by Rapid7 investigates the trend, pioneered by the Maze ransomware group, of double extortion, examining the contents of initial data disclosures intended to coerce victims to pay ransoms. |
| New York ambulance service discloses data breach after ransomware attack |
Bleeping Computer, September 17, 2022 Empress EMS (Emergency Medical Services), a New York-based emergency response and ambulance service provider, has disclosed a data breach that exposed customer information. According to the notification, the company suffered a ransomware attack on July 14, 2022. |
| NHS supplier continues to face IT challenges – The problem with government-run IT |
Electro Pages, September 13, 2022 What was initially said to be a small problem has now clearly become a serious issue, and paperwork from healthcare professionals continues to pile up. What exactly happened to NHS services, why are they facing numerous issues, and does this raise concerns for government-related services? |
| NIST Updates Healthcare Cybersecurity, HIPAA Security Rule Guidance |
Health IT Security, July 22, 2022 The National Institute of Standards and Technology (NIST) issued updated healthcare cybersecurity and HIPAA Security Rule guidance to aid organizations in safeguarding protected health information (PHI). NIST is seeking comments on the draft publication until September 21. |
| No end in sight to NHS ransomware attacks? |
Digital Journal, September 26, 2022 It has been a few weeks since a major National Health Service (NHS) software supplier was hit with a ransomware attack, as The Guardian has reported. Parts of the health sector are dealing with the subsequent disorder caused, especially for medical paperwork and patient care. It is estimated, in a BBC News report, that it may take the service another 12 weeks to recover. |
| November was the second busiest month for ransomware attacks this year |
SC Media, December 5, 2022 With LockBit malware claiming attacks on defense giant Thales and German firm Continental, November closed with the distinction of having the second most reported ransomware attacks this year, according to a new report. |
| OneTouchPoint Discloses Data Breach Impacting Over 30 Healthcare Firms |
Security Week, July 29, 2022 Mailing and printing services vendor OneTouchPoint has disclosed a data breach impacting more than 30 healthcare providers and health insurance carriers. |
| Ongoing ransomware, data theft, leaks pummel health care organizations |
SC Media, September 28, 2021 Ransomware attacks and data theft are continuing to prove problematic for the health care sector, leading to a number of breach notices reported to the Department of Health and Human Services and dark web postings of stolen health information. |
| Opinion: We at Scripps Health were victims of a ransomware attack. Here’s what we’ve learned. |
The San Diego Union-Tribune, June 10, 2021 This past year, we’ve witnessed doctors, nurses and hospitals on the front lines of the COVID-19 pandemic performing heroically in the face of the most difficult circumstances seen in a century. Just as it seems hospitals and health-care systems may be rounding a corner on coronavirus, the cybersecurity threat has been covertly plaguing our hospital systems and critical care facilities. |
| OSU Data Breach Impacts Veterans, More Ransomware Attacks |
Health IT Security, June 24, 2021 Other recent healthcare data breaches include a ransomware attack in Mississippi and a breach at an Iowa eye clinic. |
| Out-of-hours ransomware attacks have a greater impact on revenue |
IT Pro, November 18, 2021 Seven in ten security pros called in to handle attacks were intoxicated, report finds. Ransomware attacks at weekends and holidays are throwing victims into disarray, according to a study released by security company Cybereason. |
| Outdated IoT healthcare devices pose major security threats |
CSO, January 31, 2022 Ransomware has emerged to become the worst nightmare in healthcare and hospital devices running on outdated Windows versions or open-source software like Linux are the easy targets, according to research by Cynerio. |
| Outdated IoT healthcare devices pose major security threats |
CSO, January 31, 2022 Ransomware has emerged to become the worst nightmare in healthcare and hospital devices running on outdated Windows versions or open-source software like Linux are the easy targets, according to research by Cynerio. |
| Outpatient Facilities Now Top Targets for Healthcare Data Breaches |
Health IT Security, August 30, 2021 Cyber criminals are shifting their healthcare data breach targets away from hospitals and onto outpatient facilities and business associates, a new report shows. |
| Over 500,000 Patients Hit by Data Breaches at Healthcare Firms in Alabama, Colorado |
Security Week, March 14, 2022 The most recent cyberattack – and most impactful – targeted South Denver Cardiology Associates and resulted in the data of more than 287,000 patients being exfiltrated. The Colorado firm identified the attack on January 4 and later discovered that an unknown party had access to certain systems in its network between January 2 and January 5, 2022. |
| Pandemic Plus Ransomware Is ‘Perfect Storm’ for Healthcare |
Gov Info Security, October 22, 2021 Disturbing findings from a recent study examining the impact of ransomware attacks on patient care must serve as a wake-up call for the healthcare sector to intensify its preparedness to deal with such incidents, say Larry Ponemon of research firm Ponemon Institute and Ed Gaudet of security risk management firm Censinet. The two companies conducted and sponsored the research. |
| Partnership Health Plan of California IT Systems Still Down |
Gov Info Security, March 30, 2022 An apparent ransomware attack and alleged data theft by the Hive cybercriminal group has left a California nonprofit managed care health plan provider struggling to recover its IT services for more than a week so far. |
| Patients of a Vermont Hospital Are Left ‘in the Dark’ After a Cyberattack |
NY Times, November 26, 2020 A wave of damaging attacks on hospitals upended the lives of patients with cancer and other ailments. “I have no idea what to do,” one said. Cyberattacks on America’s health systems have become their own kind of pandemic over the past year as Russian cybercriminals have shut down clinical trials and treatment studies for the coronavirus vaccine and cut off hospitals’ access to patient records, demanding multimillion-dollar ransoms for their return. |
| Paying Ransomware Actors: ‘It’s a Business Decision’ |
Healthcare Info Security, June 22, 2022 Two to three times a month, Paul Furtado of Gartner gets called in to help somewhere in the world with an active ransomware incident. |
| Paying the ransom is still the most common response to a ransomware attack |
Real Wire, September 27, 2022 New research from Databarracks reveals 44% of organisations that suffered a ransomware attack, paid the ransom. 34% recovered from backups, while 22% used ransomware decryption tools. |
| Phishing scheme targets unemployment insurance benefits and PII |
Federal Trade Commission, August 4, 2021 Have you gotten an alarming text message about your unemployment insurance benefits from what seems to be your state workforce agency? You’re not alone. Identity thieves are targeting millions of people nationwide with scam phishing texts aimed at stealing personal information, unemployment benefits, or both. |
| Post-mortem of New Zealand health board cyberattack: Practice incident response plans |
SC Media, December 7, 2022 An assessment of the monthslong outage at New Zealand Waikato District Health Board last year revealed that despite being prepared and clear awareness of cybersecurity priorities, the response was dogged by a lack of practiced preparedness and a number of other missteps. |
| Practice Management Software Vendor Practicefirst Affected by Healthcare Ransomware Attack |
Hemidal Security, July 7, 2021 New York-based Practicefirst Medical Management Solutions, a medical management company that processes data for health care providers, declared that a 2020 healthcare ransomware attack may have exposed personally identifiable information (PII) of patients and work staff.
|
| PracticeMax Ransomware Attack Impacts 258K at FL Urgent Care Center |
Health IT Security, August 1, 2022 Fast Track Urgent Care Center, which has a network of urgent care centers in Tampa Bay, Florida, began notifying 258,411 individuals of a 2021 ransomware attack that originated at its billing vendor, PracticeMax. |
| President Biden Signs into Law the Cyber Incident Reporting Act, Imposing Reporting Requirements for Cyber Incidents and Ransomware Payments |
National Law Review, March 18, 2022 On March 15, 2022, President Biden signed into law the 2022 Consolidated Appropriations Act containing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the “Cyber Incident Reporting Act”). |
| PwnedPiper threatens thousands of hospitals worldwide, patch your systems now |
Tech Republic, August 2, 2021 Nine critical vulnerabilities in a popular hospital pneumatic tube software could give attackers control of infrastructure and allow them to launch additional attacks that cripple healthcare operations. |
| Q&A: How Infrastructure Upgrades Helped Sky Lakes Medical Center Survive a Ransomware Attack |
Health Tech, October 13, 2021 The community hospital’s John Gaede, information services director, and Nick Fossen, technology systems manager, explain how a security partnership and infrastructure modernization prepared the healthcare organization for the future. |
| Q&A: Mount Sinai’s Chris Frenz on Best Practices for Zero-Trust Implementation |
Health Tech, September 9, 2021 Healthcare organizations should take the time to map out the assets and traffic within their environment when creating a new security framework. |
| Quantum Ransomware Attack on Finance Company Impacts 657 Healthcare Organizations and Millions of Patients |
CPO Magazine, July 18, 2022 Professional Finance Company Inc. (PFC), disclosed that it suffered a ransomware attack in February that affected over 600 healthcare organizations. |
| RaaS, double extortion driving ransomware attacks, pushing up industrial cybercrime |
Industrial Cyber, June 23, 2022 Tenable says that the advent of ransomware-as-a-service (RaaS) is one of the main reasons why ransomware has advanced from a fledgling threat into a force to be reckoned with. The service model has significantly lowered the barrier of entry, allowing cybercriminals who lack the technical skills to commoditize ransomware. |
| Ransomware actors steal data of 400K patients from LA Planned Parenthood |
SC Media, December 2, 2021 Planned Parenthood Los Angeles filed a breach notice with the California Attorney General, notifying 400,000 patients that their data was exfiltrated during a weeklong hack launched by ransomware threat actors. |
| Ransomware and Phishing Remain IT’s Biggest Concerns |
Dark Reading, June 17, 2022 Security teams — who are already fighting off malware challenges — are also facing renewed attacks on cloud assets and remote systems. |
| Ransomware and Targeted Attacks in the Healthcare Sector |
Security Boulevard, September 23, 2021 A recent report published by SonicWall indicates that ransomware has increased by 151% in the first half of 2021, compared with the same time period in 2020. With a reported 304.7 million attempted ransomware attacks, and some of the major attacks reported so far in 2021, it’s clear that there are no signs of ransomware slowing down any time soon. |
| Ransomware attack affects 750,000 Personal Touch patients, employees across U.S. |
Becker’s Health IT, April 5, 2021 Personal Touch Holding Corp., the parent company of Personal Touch Home Care centers across the U.S., recently began notifying 753,107 patients and employees of a ransomware attack on its cloud-stored business records. The data breach occurred between Jan. 20 and Jan. 27. On Jan. 27, Lake Success, N.Y.-based Personal Touch became aware of the cyberattack on the private cloud hosted by its service providers, a news release said. |
| Ransomware attack alert! The tell-tale signals to look for |
Computing, March 31, 2021 Patterns of unusual behaviour are the clearest signal of an attack, not programmes or files. |
| Ransomware Attack at Lamoille Health Partners Impacts 59K |
Health IT Security, August 19, 2022 Lamoille Health Partners disclosed a ransomware attack that impacted 59,381 individuals. According to a notice on its website, the Vermont-based organization discovered suspicious activity on June 13 and later discovered that an unauthorized party had locked some of its files. |
| Ransomware attack confirmed at MercyOne’s parent company, CommonSpirit Health |
Yahoo!, October 14, 2022 One of the largest hospital chains in the country has confirmed a ransomware attack has caused hospital-wide outages across multiple health systems this month, including facilities in Iowa. |
| Ransomware attack exposed info of 210K MultiCare patients, providers, workers |
Becker’s Hospital Review, March 9, 2021 More than 200,000 patients, providers and employees of Tacoma, Wash.-based MultiCare began receiving notice that their personal info had been exposed in a recent ransomware attack. |
| Ransomware Attack Forces Indiana Hospital to Turn Ambulances Away |
Yahoo News, August 5, 2021 Hackers are going after U.S. hospitals with a fresh wave of cyberattacks this week just as coronavirus cases surge around the country. |
| Ransomware attack halts services at Osaka hospital |
The Asahi Shimbun, November 1, 2022 A major hospital here suspended routine medical services after a ransomware cyberattack shut down the facility’s electronic medical record system, officials said on Oct. 31. Osaka General Medical Center in the city’s Sumiyoshi Ward is still performing emergency operations, but it has stopped providing outpatient services and postponed other surgeries, hospital officials said at a news conference. |
| Ransomware Attack Has Varying Impacts Across CommonSpirit Facilities |
Health IT Security, October 24, 2022 CommonSpirit Health is still in the process of responding to and recovering from a cyberattack that began in early October and impacted multiple facilities within the health system. |
| Ransomware attack hits more than 59,000 patients at Vermont health center |
Becker’s Health IT, August 22, 2022 A Vermont health center recently experienced a ransomware attack that affected 59,381 patients, it reported Aug. 11 to the HHS Office of Civil Rights. |
| Ransomware attack knocks out systems at Ohio and W. Virginia healthcare provider |
SILICON ANGLE, August 17, 2021 The Memorial Health System, a healthcare provider in Ohio and West Virginia, has been struck by a ransomware attack that knocked systems offline and forced hospital staff to use paper charts. |
| Ransomware attack on Ascension St. Vincent’s legacy EMR spurs breach notice |
SC Media, October 31, 2022 A “security event” deployed against several legacy systems, including an electronic medical record (EMR), at Ascension St. Vincent’s Coastal Cardiology in Georgia has led to the possible compromise of personal and health information tied to an undisclosed number of patients. |
| Ransomware attack on billing vendor leads to data theft for 942K patients |
SC Media, August 23, 2022 Practice Resources recently notified 942,138 patients that their data was accessed or stolen ahead of a ransomware attack deployed in April. The New York-based vendor provides billing and professional services to a range of healthcare entities. |
| Ransomware Attack on Eye Clinic Chain Affects 500,000 |
Info Risk Today, June 24, 2021 Wolfe Eye Clinic, which operates diagnostic and surgical centers in 40 Iowa communities, is notifying 500,000 current and former patients that their data may have been inappropriately accessed during a recent ransomware attack. But the organization refused to pay a ransom. Read full Info Risk Today article.
|
| Ransomware Attack on GA Health System Impacts Staff, Patients’ PHI |
Health IT Security, August 11, 2021 A Georgia healthcare system sustained a cyberattack, with hackers targeting patients’ and staff members’ PHI. |
| Ransomware attack on health care company, CaptureRx, exposes multiple providers |
SC Media, May 10, 2021 A ransomware attack against CaptureRx, a drug-related administrative service provider in San Antonio, Texas, resulted in the exposure of the health information of patients or customers at several health care providers across the U.S., reports ZDNet. |
| Ransomware attack on Quest’s ReproSource impacts data of 350K patients |
SC Media, October 12, 2021 Approximately 350,000 patients were recently notified that their data was potentially accessed or acquired during a ransomware attack on ReproSource Fertility Diagnostics, a clinical laboratory for fertility specialists and a subsidiary of Quest Diagnostics. |
| Ransomware attack on Yuma Regional Medical leads to data theft for 700K patients |
SC Media, June 15, 2022 Yuma Regional Medical Center in Arizona recently notified 700,000 patients that their personal and health data was stolen ahead of an April ransomware attack. |
| Ransomware attack recovery costs top $1.85M in healthcare |
SC Media, June 1, 2022 It costs about $1.85 million to recover systems after a ransomware attack in healthcare, the second highest across all sectors. The hefty price tag, as well as the serious impact to critical operations and patient care, could be driving the spike in providers paying the ransom demand, according to a new Sophos report. |
| Ransomware attack wipes out Arizona clinic’s EHR, corrupts 35,000 patients’ records |
Becker’s Health IT, September 9, 2021 Queen Creek, Ariz.-based Desert Wells Family Medicine recently began notifying 35,000 patients that their EHR data was compromised by a ransomware attack. |
| Ransomware Attacks Across the Globe Locked 68 Healthcare OT Facilities |
The Fast Mode, November 30, 2021 Last month saw an alarming rise in cyber attacks against healthcare facilities. Ransomware attacks across the globe locked 68 care providers out of their respective networks during Q3 of this year alone, threatening patient safety and privacy. Experts fear that patients will suddenly be unable to receive critical care at a targeted facility without a holistic whole-facility cybersecurity approach. |
| Ransomware attacks against healthcare organizations nearly doubled in 2021, report says |
Thomson Reuters, July 5, 2022 Two-thirds (66%) of healthcare organizations were hit by ransomware attacks last year, up from 34% in 2020, according to a new report from cybersecurity firm Sophos. The near-doubling of cyber-incidents demonstrates how attackers have become “considerably more capable at executing the most significant attacks at scale.” |
| Ransomware attacks cost healthcare orgs $20.8B in 2020 |
Becker’s Health IT, July 28, 2021 Ransomware attacks skyrocketed amid the pandemic when hospitals increased their use of remote work and moved more hospital data online, according to a July 21 report by cybersecurity consulting firm CynergisTek. |
| Ransomware attacks increasing in Oregon, nationwide, FBI says |
Oregon Live, June 30, 2022 FBI agents with the bureau’s Cyber Task Force in Oregon helped investigators identify three suspected Russian government hackers accused of compromising the computer network of a company that runs a nuclear power plant in Kansas. |
| Ransomware attacks on healthcare organizations cost nearly $21B last year, study finds |
Becker’s Hospital Review, March 12, 2021 Six-hundred clinics, hospital and healthcare organizations were attacked by 92 individual ransomware attacks, affecting 18 million patient records in 2020. The costs of these attacks are almost $21 billion, a Comparitech study found. The report highlighted ransomware attacks published by HHS that affected more than 500 people. Data breaches affecting fewer than 500 people were included if the breach was reported elsewhere, a limitation the researchers said “only scratch[es] the surface of the problem.” |
| Ransomware Attacks on Healthcare Organizations Increased 94% in 2021, According to Sophos Global Survey |
Albawaba, June 8, 2022 Sophos, a global leader in next-generation cybersecurity, has published a new sectoral survey report, “The State of Ransomware in Healthcare 2022.” The findings reveal a 94% increase in ransomware attacks on the organizations surveyed in this sector. In 2021, 66% of healthcare organizations were hit; 34% were hit the previous year. |
| Ransomware Attacks on Healthcare System Goes Way Beyond Just Data |
Cyware Social, November 28, 2021 The healthcare sector has been under relentless pressure due to COVID-19 and cyberattacks. Healthcare facilities collect a lot of data, which makes them a lucrative target for cybercriminals. While healthcare facilities witness ransomware attacks, it is not just the health data that is affected. |
| Ransomware attacks put availability of medical devices at risk: FDA cyber chief |
Med Tech Dive, October 1, 2021
|
| Ransomware attacks rose 47 percent in July |
MSN, August 25, 2022 Ransomware attacks rose 47 percent from June to July, with the majority of attacks targeting the industrials sector, according to a report released on Thursday by cybersecurity firm NCC Group. |
| Ransomware attacks, a growing threat that needs to be countered |
United Nations Office on Drugs and Crime, October 18, 2021 The United Nations Office on Drugs and Crime (UNODC) delivered a practical regional training on ransomware investigations to law enforcement officers, computer security incident response teams, and prosecutors from Malaysia, the Philippines and Thailand. The increased digitalization of society, compounded by the COVID-19 outbreak, has contributed to a recent 600% rise in cybercrimes in Southeast Asia. |
| Ransomware attacks, IP, data theft top cybersecurity concerns for global, Indian pharma firms |
ET HealthWorld, June 23, 2022 For leading pharma companies, cybersecurity investments have increased by a minimum of 25-30 per cent between 2019 and 2021. The pandemic and the rising number of targeted attacks have prompted certain pharma companies to double their cybersecurity investments over the past 18 months. |
| Ransomware Attacks: CISA Shares Operational Tech Asset Security Guide |
Health IT Security, June 10, 2021 In response to ongoing ransomware attacks targeting operational tech assets and control systems of critical infrastructure entities, CISA published a guide to mitigation and response. |
| Ransomware attacks: This is the data that cyber criminals really want to steal |
ZD Net, June 20, 2022 There are certain types of data that criminals target the most, according to an analysis of attacks. |
| Ransomware caused American Dental Association outage, led to stolen data |
SC Media, July 28, 2022 The American Dental Association recently began notifying state regulators that the “cybersecurity incident” it reported in April was actually a ransomware attack, which led to the theft of member data. |
| Ransomware Disrupts Indian Premier Hospital for 2nd Day |
Healthcare Info Security, November 24, 2022 India’s premier healthcare institute reported a massive cyberattack on its servers on Wednesday. All patient care services were affected and were still operating manually on Thursday. |
| Ransomware gang behind Ireland attack also hit US health and emergency networks |
MSN, May 23, 2021 The ransomware attack that hobbled the Irish healthcare system was far from an isolated incident. BleepingComputer and Gizmodo note that the FBI has issued a flash alert warning that the ransomware group behind the Ireland attack also targeted “at least” 16 healthcare and emergency networks, including police and 911 dispatch centers. The group used Conti ransomware that steals files, encrypts systems and pressures victims into paying through a portal lest their data be sold or published online. |
| Ransomware gang creates site for employees to search for their stolen data |
Bleeping Computer, June 14, 2022 The ALPHV ransomware gang, aka BlackCat, has brought extortion to a new level by creating a dedicated website that allows the customers and employees of their victim to check if their data was stolen in an attack. |
| Ransomware gang threatens 1m-plus medical record leak |
The Register, September 14, 2022 Two recent ransomware attacks against healthcare systems indicate cybercriminals continue to put medical clinics and hospitals firmly in their crosshairs. Daixin Team has taken credit for a September 1 assault on Texas-based OakBend Medical Center, causing a shutdown of the organization’s communication and IT systems as well as exfiltrating internal data. |
| Ransomware Gang Uses Log4Shell |
Healthcare Info Security, June 24, 2022 Log4Shell is the vulnerability that keeps giving. Yet another ransomware group is at work exploiting a bug present in a ubiquitous open-source data-logging framework. |
| Ransomware group blurs lines between crime, state-sponsored activities, HHS alert warns |
SC Media, August 30, 2022 The Department of Health and Human Services Cybersecurity Coordination Center warns “Evil Corp should be considered a significant threat to the U.S. health sector.” An HC3 alert details the ongoing risk posed by the highly capable cybercrime syndicate based out of Russia. |
| Ransomware group claims responsibility for cyber-attack on metro healthcare organization |
KFOR, Oklahoma’s News, March 28, 2022 A ransomware group called Suncrypt is claiming responsibility for a cyber-attack against the OKC Indian Clinic, a metro nonprofit healthcare organization. |
| Ransomware groups continue assault on healthcare orgs as COVID-19 infections increase |
MSN, September 13, 2021 Ransomware groups have shown no signs of slowing down their assault on hospitals, seemingly ramping up attacks on healthcare institutions as dozens of countries deal with a new wave of COVID-19 infections thanks to the potent Delta variant. |
| Ransomware Groups Continue to Leverage Old Vulnerabilities |
Health IT Security, May 18, 2022 Ransomware groups are continually going after old vulnerabilities and tried-and-true attack methods to exploit victims. |
| Ransomware groups don’t abide by promises not to target healthcare |
SC Media, December 10, 2021 It may not be wise to count on criminals to self-regulate. That is one implication of a new CyberPeace Institute blog researching ransomware groups whose wares have been used in attacks on healthcare facilities since May 2020. Of the 39 groups they have tracked, 12 had previously issued statements saying they would not target healthcare. |
| Ransomware groups keep healthcare in sights, selling access on the dark web |
SC Media, May 6, 2022 Data from the Department of Health and Human Services Cybersecurity Program shows the rate of initial access brokers selling access to healthcare networks to ransomware groups and affiliates has remained constant from the end of 2021 through the first half of the year. |
| Ransomware in Healthcare: The Costly Reality of Withstanding Hackers |
HIT Consultant, August 13, 2021 How much larger a percentage of U.S. gross domestic product (GDP) can healthcare command? This isn’t a rhetorical question, even if it may be difficult to come up with a direct answer. |
| Ransomware in healthcare: The inevitable truth |
MedCity News, October 30, 2020 The best path forward for healthcare organizations is first to understand the characteristics, causes, and indicators of ransomware attacks and then be proactive in taking preventative measures. |
| Ransomware Incidents Among Largest Breaches on Federal Tally |
Gov Info Security, November 3, 2021 Analysis of Latest Health Data Breaches on the HHS OCR ‘Wall of Shame’. Ransomware incidents are becoming a major cause of health data breaches affecting millions of individuals that have been reported so far in 2021, according to the latest additions to the federal tally. |
| Ransomware is a national security threat, so please tell us about attacks, says government |
ZD Net, May 11, 2022 Businesses that fall victim to ransomware attacks need to come forward and disclose them to help protect the country from cyber criminals, says cybersecurity minister. |
| Ransomware is the biggest cyber threat to business. But most firms still aren’t ready for it |
ZD Net, October 11, 2021 Many firms have no incident response plans or they don’t ever test their cyber defences, says cybersecurity chief. |
| Ransomware payments hit new records as Dark Web leaks climb |
Security Brief, April 13, 2022 Ransomware payments hit new records in 2021 as cybercriminals increasingly turned to Dark Web leak sites where they pressured victims to pay up by threatening to release sensitive data, according to research from Unit 42 by Palo Alto Networks. The average ransom demand in cases worked by the Palo Alto Networks Unit 42 security consultants rose 144% in 2021 to $2.2 million, while the average payment climbed 78% to $541,010, the report found. |
| Ransomware Prevention Best Practices for State and Local Governments |
State Tech, April 18, 2022 A recently released report, “The State of Ransomware in Government 2021,” underwritten by security firm Sophos, labeled the scourge of ransomware a “national emergency.” |
| Ransomware Protection Market to Reach $82.92 Bn, Globally, by 2031 at 17.1% CAGR: Allied Market Research |
TMC Net, July 20, 2022 Increase in penetration of ransomware-as-a-service (RaaS), rise in digitization of businesses, and the emergence of cryptocurrencies such as Bitcoin drive the growth of the global ransomware protection market. |
| Ransomware Risk in Healthcare Endangers Patients |
Threat Post, June 16, 2022 Ryan Witt, Proofpoint’s Healthcare Cybersecurity Leader, examines the impact of ransomware on patient care. |
| Ransomware strikes Scottish mental health charity |
IT Pro, March 21, 2022 The RansomEXX cyber criminals have claimed responsibility for the hack which led to more than 12GB of sensitive data being leaked to the dark web. The Scottish Association for Mental Health (SAMH) has confirmed that it has fallen victim to a ransomware attack that has affected its IT systems, including email and some phone lines. |
| Ransomware Task Force releases long-awaited recommendations |
SC Media, April 29, 2021 The Ransomware Task Force (RTF), a collaboration of more than 60 stakeholders, released its long-awaited ransomware framework on Thursday morning, advocating nearly 50 interlocking government and private sector strategies to tackle the criminal scourge.
|
| Ransomware Task Force releases SMB blueprint for defense and mitigation |
SC Media, August 4, 2022 The Institute for Security and Technology’s Ransomware Task Force (RTF) released a blueprint for small and mid-sized enterprises to face ransomware Thursday, aiming to promote hygiene in less mature network environments. |
| Ransomware Trends 2021: Industrialized Cybercrime is the New Normal |
The Fast Mode, November 26, 2021 Critical infrastructure attacks and sky-high ransoms are just the beginning. Ransomware isn’t new, but the industrial complex behind today’s biggest attacks certainly is. |
| Ransomware Trends Show Lockbit Most Active, New Tactics, Healthcare Hit Hard |
Security Boulevard, June 8, 2022 LockBit replaced Conti as the most active ransomware gang and continued to evolve its operations in the first quarter, according to a report from KELA Cybercrime Intelligence. LockBit disclosed 226 victims in the first quarter. The group’s largest number of victims were in manufacturing, technology, education and the public sectors. |
| Ransomware used to target reproductive health clinic |
Digital Journal, January 13, 2022 A recent data breach announced affected the company Planned Parenthood LA. The firm stated that sensitive data was exposed following a ransomware attack towards the end of 2021. |
| Ransomware-as-a-service group targets more than 75 organizations |
SC Media, August 26, 2022 Researchers on Thursday reported that the ransomware-as-a-service (RaaS) group known as Black Basta has compromised more than 75 organizations over the past several months. |
| Ransomware-related outages prevalent in healthcare |
SC Media, October 19, 2022 Operational outages have been experienced by 86% of healthcare organizations impacted by ransomware attacks, reports HealthITSecurity. |
| Ransomware, Response Dominate Irish Cybercrime Conference |
Healthcare Info Security, November 18, 2021 The specter of the May attack on Ireland’s national health service loomed large at the IRISSCON 2021 cybercrime conference Thursday in Dublin. The event, run by Ireland’s first computer emergency response team, the Irish Reporting and Information Security Service, or IRISS-CERT, was launched in 2009 and has run annually ever since, except when it was forced to cancel in 2020 due to the COVID-19 pandemic. |
| Ransomware, supply chain attacks compel health care organizations to act |
SC Media, March 9, 2021 If ransomware and data exfiltration attacks that targeted hospitals and vaccine researchers during the pandemic signaled a cyber hygiene crisis in health care, the SolarWinds supply chain attack demonstrated just how deep the problem goes. A new report issued this week by the CyberPeace Institute seeks to illustrate the human impact that relentless cyberattacks have on health care staffers, patients and society. Featuring a compilation of interviews, outside research and recent news stories, the report offers key recommendations for various stakeholders. |
| Ransomware: ‘Amateur’ Tactics Lead Fewer Victims to Pay |
Gov Info Security, October 31, 2022 Why are so many ransomware-wielding attackers collectively shooting themselves in the foot? Ransomware victims who opt to pay a ransom have been seeing a “decline in quality and reliability” when it comes to quickly restoring affected systems, ransomware incident response firm Coveware reports. |
| Ransomware: 2,300+ local governments, schools, healthcare providers impacted in 2021 |
ZD Net, January 18, 2022 An Emsisoft report found that more than 1,000 schools alone were disrupted by ransomware incidents. |
| Ransomware: Alphv/BlackCat Is DarkSide/BlackMatter Reboot |
Healthcare Info Security, February 7, 2022 In news that should shock no one, security researchers say the ransomware operation known as Alphv – aka BlackCat – appears to be a reboot of the notorious group known as BlackMatter, which was itself a rebrand of DarkSide. |
| Ransomware: Federal Coordination and Assistance Challenges |
U.S. Government Accountability Office, November 16, 2022 Ransomware is software that makes data and systems unusable unless ransom payments are made. State, local, tribal, and territorial government organizations—including schools—have been targeted by ransomware. This can affect vital government operations and services. Ransomware attacks on schools can cause learning loss as well as monetary loss. |
| Ransomware: Not enough victims are reporting attacks, and that’s a problem for everyone |
ZD Net, November 1, 2022 Ransomware continues to be a significant cyber threat to businesses and the general public – but it’s difficult to know the true impact of attacks because many victims aren’t coming forward to report them. |
| Reality of health care threats disconnected from cybersecurity investments |
SC Media, August 12, 2021 Despite the health care sector remaining a prime target for threat actors, many provider organizations don’t see cybersecurity investment as a priority and few name cyber as a high priority spend, according to a new report from CyberMDX in collaboration with Philips. |
| Recent Breaches Underscore High Healthcare Security Risk |
Dark Reading, September 10, 2021 Healthcare institutions in California and Arizona are sending breach notification letters after attackers compromised thousands of patients’ data. |
| Red Teams vs. Blue Teams: What’s the Difference, and How do Health IT Leaders Run These Exercises |
Health Tech, October 27, 2021 Cybersecurity threats are becoming more sophisticated, and healthcare organizations must prepare for attacks in order to mitigate damage. |
| Reduce Security Risk of Healthcare Legacy Systems, Devices |
Gov Info Security, November 1, 2021 HHS OCR: If Old Gear Cannot Be Replaced, Take Other Steps to Protect PHI. Federal regulators are reminding healthcare organizations about the critical importance of addressing security risks involving legacy systems and devices – including specialty software and gear – that are often difficult for entities to replace. |
| Relentless cyber attacks are putting financial pressure on hospitals: Fitch Ratings |
Fierce Healthcare, July 26, 2021 A historic jump in the number and severity of cyber assaults on hospitals during the last 18 months will cause “material revenue and expense pressures” on nonprofit hospitals and health systems, according to a report from Fitch Ratings. |
| Report: Cyberattacks drive 185% spike in health care data breaches in 2021 |
SC Magazine, July 13, 2021 More than 22.8 million patients have been impacted by a health care data breach so far in 2021, a whopping 185% increase from the same time period last year where just 7.9 million individuals were affected according to a new report from Fortified Health Security. |
| Report: Ransomware is a patient mortality risk, driven by COVID, third-party vendors |
SC Media, September 22, 2021 A new report from the Ponemon Institute reinforces the patient safety risks posed by ransomware attacks: 22% of surveyed providers saw an increase in the rate of mortality in their health care organization after a cyberattack. The driving factors include the COVID-19 response and security gaps within the third-party vendor ecosystem. |
| Report: Ransomware Up 50% in Education, 39% in Healthcare |
Campus Safety, February 18, 2022 A new cybersecurity report found ransomware-based data leaks increased by 50% in the education sector and 39% in the healthcare sector. |
| Reports show healthcare’s ongoing third-party vendor, vulnerability challenges |
SC Media, October 26, 2021 Healthcare organizations are much more likely than any other industries to have an incident response plan, according to new Shred-it research. However, 42% of providers surveyed for the report said they don’t have prepared recovery plans in place and may not be prepared to handle a security incident. |
| Researchers Share In-Depth Analysis of PYSA Ransomware Group |
Hacker News, April 18, 2022 An 18-month-long analysis of the PYSA ransomware operation has revealed that the cybercrime cartel followed a five-stage software development cycle from August 2020, with the malware authors prioritizing features to improve the efficiency of its workflows. |
| Responding To a Healthcare Ransomware Attack: A Step-By-Step Guide |
Health IT Security, May 6, 2022 Healthcare ransomware attacks can result in data exfiltration, financial and reputational losses, and workflow disruptions. Even the most sophisticated security programs are not immune to ransomware. The Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) found that the healthcare sector faced the most ransomware attacks in 2021 compared to other critical infrastructure sectors. |
| Responsibility for health and medical device cybersecurity must be shared |
Washington Times, May 10, 2022 Open your newspaper or laptop on any given morning nowadays and you are bound to find a fresh report about the urgent need to address the nation’s extreme vulnerability to cyberattacks at the hands of hostile foreign governments. No sector is currently less prepared, hence more at risk, than the health sector. |
| Rewards for Justice – Reward Offer for Information on Foreign Malicious Cyber Activity Against U.S. Critical Infrastructure |
U.S. Department of State, July 15, 2021 The U.S. Department of State’s Rewards for Justice (RFJ) program, which is administered by the Diplomatic Security Service, is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA). |
| Rise in Healthcare Data Breaches Driven by Ransomware Attacks |
CPO Magazine, March 18, 2021 There was a general rise in cyber crime in 2020 due to pandemic conditions, but one notable trend that stood out was a spike in the number of major healthcare data breaches. A new report from cybersecurity firm Tenable reviews the entirety of 2020’s publicly disclosed breaches (along with the first two months of 2021) and finds that this spike can be overwhelmingly attributed to ransomware attacks. |
| Risk to patient safety from cyberattacks critical, even as specifics about direct links remain elusive |
SC Media, September 9, 2021 Critical attacks against health care thrived in the last year. Now, as patient volumes continue to surge in some parts of the country, safety concerns grow increasingly dire. And yet, say experts, specific data that clearly demonstrates the impact of cyberattacks on patient care remains elusive. This reality, in fact, further complicates an already complex effort among health care providers to establish technology plans and processes that put patient safety and care first. |
| Royal overtakes LockBit as top ransomware in November as attacks increase 41% |
SC Media, December 21, 2022 Ransomware attacks rose 41% last month as threat actor groups shifted top spots, according to new research from NCC Group. |
| Rural WA agencies seek federal support to fortify against cyberattacks |
Crosscut, March 14, 2022 With limited IT resources, smaller public agencies in the state are among recent targets for ransomware attacks. |
| Sanford Health, Eskenazi Health recovering from cyberattacks in EHR downtime |
SC Media, August 5, 2021 Cyberattacks on two U.S. health systems have forced the providers into electronic health record (EHR) downtime procedures: Sanford Health in South Dakota and Eskenazi Health in Indianapolis, according to multiple local news outlets and statements from the health systems. |
| Saskatoon gynecology clinic hit with ransomware attack: report |
Saskatoon News, October 6, 2022 A ransomware attack on a Saskatoon obstetrics and gynecology clinic left the personal health information of up to 20,000 patients in the hands of malicious hackers, according to the province’s privacy watchdog. |
| SBN The State of Cybersecurity Preparedness in Healthcare |
Security Boulevard, December 21, 2021 As if healthcare didn’t have enough to worry about, with overpacked facilities and overworked staff during the COVID-19 pandemic, cyberattacks on healthcare systems and medical devices are rapidly growing in number and sophistication. Further, ransomware is making its way into healthcare, with attacks locking out IT systems and medical devices. All this means the state of cybersecurity preparedness in healthcare is at an all time low. |
| Scottish mental health charity “devastated” by heartless RansomEXX ransomware attack |
Bitdefender, March 21, 2022 Scottish mental health charity SAMH has announced that it has been left “devastated” by a ransomware attack that has seen personal information spilled out onto the net. SAMH (the Scottish Association for Mental Health) helps provide care and support for adults and young people suffering from issues with their mental health, and campaigns to influence positive social change. |
| Second FinCEN Exchange on Ransomware to Take Place in August |
FinCEN, July 15, 2021 The Financial Crimes Enforcement Network (FinCEN) today announced it will convene a FinCEN Exchange in August 2021 with representatives from financial institutions, other key industry stakeholders, and federal government agencies to discuss ongoing concerns regarding ransomware, as well as efforts by the public and private sectors. The FinCEN Exchange will build upon FinCEN’s November 2020 event on ransomware. FinCEN anticipates that this FinCEN Exchange will assist its government and private sector partners to inform next steps to address ransomware and focus resources to mitigate the threat. |
| Secretary Mayorkas Outlines His Vision for Cybersecurity Resilience |
Homeland Security, March 31, 2021 On March 31, Secretary Mayorkas outlined his vision and roadmap for the Department’s cybersecurity efforts in a virtual address hosted by RSA Conference, in partnership with Hampton University and the Girl Scouts of the USA. Read Secretary Mayorkas’ prepared remarks on the Homeland Security website. |
| Security Alert: Daixin Ransomware Targets Healthcare |
Gov Info Security, October 24, 2022 Beware ransomware and data extortion shakedowns that trace to a cybercrime group called Daixin Team, which is especially targeting the healthcare sector. |
| Security Professionals View Ransomware and Terrorism as Equal Threats |
Health IT Security, December 29, 2021 More than half of surveyed security professionals reported viewing ransomware and terrorism as equal threats, echoing the DOJ’s sentiments. |
| SecurityWeek Cyber Insights 2022: Ransomware |
Security Week, January 10, 2022 Ransomware has grown from humble beginnings as threat-based scams to a worldwide criminal phenomenon. It has been a continuous process of extortion refinement, with criminals adapting their behavior to maximize their financial return. This evolutionary process will continue. |
| Senate Report Highlights Lack of Government Data on Ransomware Payments |
Nextgov, May 24, 2022 A new report details the role cryptocurrencies play in incentivizing ransomware attacks and the government’s response. |
| Senators Introduce Healthcare Cybersecurity Act |
Health IT Security, March 28, 2022 The Healthcare Cybersecurity Act aims to promote collaboration between CISA and HHS to enhance cybersecurity efforts across the sector. |
| Several Healthcare Providers Report Recent Data Breaches |
Health IT Security, May 31, 2022 The latest data breach roundup includes recent notifications from eight healthcare providers, all of which experienced data security incidents recently. |
| Small Healthcare Practices More Vulnerable to Data Breaches, Cyberattacks |
Health IT Security, March 31, 2022 Just Under 50 percent of small healthcare organizations and 15 percent of large practices reported not having a plan of action in the event of a data breach, a survey found. |
| So-called ‘red lines’ increasingly crossed by ransomware groups in critical infrastructure attacks |
SC Media, February 10, 2022 At the beginning of 2021, SC Media noted that the next few years were likely to see ransomware actors increasingly target entities in critical infrastructure and cause disruption in the flow of goods and services that are vital to keeping modern society running. |
| Sophos 2022 Threat Report: Gravitational Force of Ransomware Black Hole Pulls in Other Cyberthreats to Create One Massive, Interconnected Ransomware Delivery System |
SOPHOS, November 9, 2021 In-depth Report Identifies Trends in Ransomware Services, Commodity Malware, Attack Tools, Cryptominers, and More That Are Impacting IT Security. |
| South Denver Cardiology cyberattack, data access impacts 287K patients |
SC Media, March 18, 2022 South Denver Cardiology Associates recently notified 287,652 patients that their protected health information was accessed ahead of a cyberattack deployed in January this year. |
| Spoofing, Phishing, Ransomware Continue to Overwhelm Health Systems |
Health IT Security, October 21, 2021 One hospital is being inundated with reports of spoofed phone calls, as others deal with unauthorized email access, phishing, and ransomware. |
| St. Michael Medical Center patient information at risk in ransomware data attack |
Des Moines Register, December 1, 2022 Personal information for patients of St. Michael Medical Center and other Virginia Mason Franciscan Health facilities may have been accessed in a cyberattack this fall, CommonSpirit Health acknowledged Thursday. |
| Still recovering, Oklahoma clinic confirms ransomware attack, data breach |
SC Media, May 10, 2022 The ongoing network disruption at Oklahoma City Indian Clinic was brought on by a ransomware attack, a newly released notification confirms. OKCIC also informed 38,239 patients that their protected health information was accessed during the incident. |
| Subcontractor Breach Affects 245K Medicare Beneficiaries |
Gov Info Security, December 16, 2022 Nearly a quarter million Medicare beneficiaries require new identifiers and ID cards following a ransomware attack on a government contractor that compromised a range of sensitive personal and health information. |
| Surgeries canceled, care diverted as Memorial Health responds to cyberattack |
SC Media, August 16, 2021 Memorial Health System in Ohio is currently operating under electronic health record (EHR) downtime procedures and diverting emergency care patients, after a cyberattack struck its network during the early hours of Sunday, Aug. 15. All radiology exams and urgent surgical cases scheduled for Aug. 16 have also been canceled as a result. |
| Suspected cyberattack in Newfoundland and Labrador’s hits ‘brain’ of health-care system |
Kelowna Now, November 1, 2021 A suspected cyberattack on Newfoundland and Labrador’s health network has led to the cancellation of thousands of medical appointments across the province and forced some local health systems to revert to paper. |
| Tackling Growing Pandemic Cyberthreats in Healthcare |
Gov Info Security, November 4, 2021 Denise Anderson, President of H-ISAC, Discusses the ‘Myriad of Threats’. As the COVID-19 pandemic persists, security threats and related risks continue to grow, including those involving healthcare insiders, says Denise. |
| Texas hospital confirms patient data theft amid network outage from ransomware attack |
SC Media, September 16, 2022 OakBend Medical Center has confirmed “sensitive information was breached within the hospital infrastructure,” after two weeks of electronic health record downtime brought on by a ransomware attack. The Texas provider is working with federal law enforcement amid the network outage. |
| Texas hospital facing communication issues, system rebuild amid ransomware attack |
SC Media, September 12, 2022 A ransomware attack deployed against OakBend Medical Center on Sept. 1 caused communication issues and IT disruptions. The Texas hospital is operating under electronic health record downtime procedures as it works to rebuild, according to an update on its website. |
| Texas hospital hit by ransomware attack |
Becker’s Health IT, September 12, 2022 Richmond, Texas-based OakBend Medical Center is notifying patients that it was the target of a ransomware attack on Sept. 1. In a notice on its website, the Texas medical center said it took all systems offline, placed them in lockdown mode and referred the attack to the FBI, CYD and Fort Bend County’s cybersecurity team to investigate the incident. |
| Texas Hospital Says Ransomware Breach Affected 500,000 |
Bank Info Security, November 11, 2022 A ransomware attack at a Texas hospital that knocked out phone and email systems for weeks is now even worse following OakBend Medical Center’s admission that hackers downloaded data from the medical records of up to 500,000 individuals. |
| Texas Medical Center Breach Affects 640,000 |
Data Breach Today, January 22, 2021 An apparent ransomware incident at a Texas healthcare organization has potentially compromised the protected health information of more than 640,000 individuals. |
| The 2021 Ransomware Survey Report |
Fortinet, November 29, 2021 Fortinet recently surveyed 455 business leaders and cybersecurity professionals worldwide to gauge their state of readiness to defend against the growing challenge of ransomware. Most are very or extremely concerned about the threat of a ransomware attack, with many seeing those attacks as a more significant challenge than other cyber threats. The majority feel prepared and report having a strategy that includes employee cyber training, risk assessment plans, offline backups, and cybersecurity/ransomware insurance. But despite these plans, two-thirds also claim to have been the victim of at least one ransomware attack. |
| The Best Defense Is a Good Offense: How to Beat Ransomware |
Info Security Magazine, March 25, 2022 Since tensions between Russia and Ukraine worsened recently, the National Cyber Security Council (NCSC) quickly warned UK businesses to ramp up their cybersecurity for fear the conflict could spill beyond national borders. This advice follows past warnings from the head of the NCSC that, of all potential threats, ransomware poses the “most immediate danger” to UK businesses in cyberspace. |
| The cyberattack with the most negative impact to patient care: ransomware |
SC Media, September 8, 2022 A study released by Proofpoint in tandem with the Ponemon Institute found that ransomware attacks are the most likely kind of cyberattack to have a negative impact on patient care. |
| The data exfiltration deluge: we’ve lost the battle, but can win the war |
SC Media, December 6, 2021 Despite organizations continuing to invest heavily in the latest cybersecurity technologies and the realization that AV software can’t defend against most new attack vectors, cyberattacks are at an all-time high. This year has witnessed an unparalleled number of attacks which have devastated infrastructure, governments and businesses alike, and are expected to cost more than $6 trillion globally. |
| The Evolution of Ransomware Extortion Schemes |
Info Security Group, November 16, 2021 As the world experienced significant upheaval, the scale of threats facing businesses during the pandemic grew exponentially. Fundamentally, threat actors did not innovate; instead, they advanced the use of tools they already had, with slight modifications, at a much larger scale to take advantage of the instability that defined the changing times. |
| The Evolving Ransomware Trends in the Healthcare Sector |
Gov Info Security, May 6, 2022 Financially motivated and state-sponsored threat actors are continuing to evolve their tactics, techniques and procedures for successful attacks, federal authorities warn in a new report spotlighting the latest ransomware trends in the healthcare and public health sector. |
| The human cost of ransomware: Disruption to Irish health service will continue for months |
ZD Net, June 24, 2021 Patients in Ireland told to continue to expect delays or cancellations to appointments after its health service was hit with ransomware in May. |
| The Ideal Ransomware Victim: What Attackers Are Looking For |
KELA, September 6, 2021 In July 2021, KELA observed threat actors creating multiple threads where they claimed they are ready to buy accesses and described their conditions. Some of them appear to use access for deploying info-stealing malware and carrying out other malicious activities. Others aim to plant ransomware and steal data. |
| The Institute for Security and Technology (IST) Launches Multi-Sector Ransomware Task Force (RTF) |
Institute for Security and Technology (IST), December 21, 2020 The Institute for Security and Technology (IST) — in partnership with a broad coalition of experts in industry, government, law enforcement, nonprofits, cybersecurity insurance, and international organizations — is launching a new Ransomware Task Force (RTF) to tackle this increasingly prevalent and destructive type of cybercrime. The RTF’s founding members understand that ransomware is too large of a threat for any one entity to address, and have come together to provide clear recommendations for both public and private action that will significantly reduce the threat posed by this criminal enterprise. |
| The internet’s ‘existential threat’: From hospitals to schools, ransomware disrupts Florida’s most vital services |
Orlando Sentinel, July 23, 2021 When Paula Sullivan took her husband to the emergency room at UF Health The Villages Hospital in early June, she remembers thinking it should be a short visit — probably no more than overnight. At 55 and struggling with ongoing cancer treatment, he often needed transfusions of platelets following chemotherapy. |
| The Million-Dollar Question: To Pay or Not to Pay Ransom? |
Security Boulevard, June 22, 2022 Ransomware is one of the most serious threats to businesses today. In fact, a recent survey found that 85% of enterprises are more concerned about the prospect of ransomware attacks than any other kind of attack. The decision of whether or not to pay the ransom or make a ransomware settlement should be carefully weighed. |
| The most prolific malware strains of 2021 are yesterday’s news with a modern twist |
SC Media, August 5, 2022 In a joint publication released this week, the U.S. Cybersecurity and Infrastructure Security Agency and the Australian Cyber Security Centre laid out 11 of the most prolific malware strains tormenting businesses, governments and critical infrastructure last year. |
| The National Cyber Investigative Joint Task Force Releases Ransomware Fact Sheet |
FBI.gov, February 4, 2021 The National Cyber Investigative Joint Task Force (NCIJTF) has released a new joint-seal ransomware fact sheet. This educational product is intended to provide the public important information on the current ransomware threat and the government’s response, as well as common infection vectors, tools for attack prevention, and important contacts in the event of a ransomware attack. |
| THE PANDEMIC REVEALED THE HEALTH RISKS OF HOSPITAL RANSOMWARE ATTACKS |
THE VERGE, August 19, 2021 In late October 2020, the University of Vermont Health Network was hit by a ransomware attack. The system couldn’t access electronic health records for nearly a month. Every computer at UVM Medical Center was infected with malware. Hospitals in the network delayed chemotherapy and mammogram appointments, just as COVID-19 cases in the United States started to tick upward in what would become an enormous winter wave. |
| The Ransomware Crime Wave Has Made Zero Trust Critical |
eWeek, July 12, 2021 Zero trust proceeds from the foundational framework that no individual, no device, no application, no thing can be trusted as secure. |
| The Ransomware Crisis Deepens, While Data Recovery Stalls |
Dark Reading, April 28, 2022 Higher probabilities of attack, soaring ransoms, and less chance of getting data back — the ransomware plague gets worse, and cyber insurance fails to be a panacea. |
| The ransomware threat is getting worse. But businesses still aren’t taking it seriously |
ZD Net, November 17, 2021 Ransomware is growing in scale and severity. It’s time to start paying attention. Ransomware is the most significant cybersecurity threat facing the country today, but many businesses still aren’t taking the threat as seriously as they should be, the National Cyber Security Centre (NCSC) has warned. |
| The real cost of ransomware is even bigger than we realised |
ZD Net, November 15, 2022 It’s well known that ransomware attacks are one of the most significant cybersecurity challenges facing the world today, and often the financial impact on victims is the most obvious and most discussed consequence. But that’s far from the only cost. |
| The rise of ransomware within healthcare |
Open Access Government, August 23, 2021 David Higgins, EMEA Technical Director, CyberArk, explores three reasons why healthcare organisations are extra vulnerable to ransomware. |
| The Security Imperative In The Healthcare Industry: Steps To Defending Telehealth And Patient Portals Against Cyber Attacks |
Forbes, October 21, 2021 The healthcare industry is one of the biggest targets for cybercriminals. In 2020, ransomware attacks alone cost the industry $20.8 billion in downtime, affecting well over 600 providers nationwide. The pandemic transformed the landscape for healthcare, with the rapid adoption of technology to support telehealth, and patient portals became the primary way to communicate with providers, access treatment plans and related documents and process payments. |
| The State of Ransomware in Healthcare 2022 |
SOPHOS News, June 1, 2022 Sophos has just launched the State of Ransomware in Healthcare 2022, an insightful report carved out of its annual study of the real-world ransomware experiences of healthcare IT professionals. This year, 5,600 IT professionals, including 381 in healthcare, from 31 countries participated in the research. |
| The State of Ransomware in Healthcare 2022 |
SOPHOS, June 1, 2022 Sophos has just launched the State of Ransomware in Healthcare 2022, an insightful report carved out of its annual study of the real-world ransomware experiences of healthcare IT professionals. This year, 5,600 IT professionals, including 381 in healthcare, from 31 countries participated in the research. |
| The state of ransomware in state and local government |
SC Media, November 11, 2022 Ransomware in state and local governments is a significant threat to all branches and departments. In the very best case scenario: A government office is targeted by a successful ransomware attack. Thanks to an excellent allocation of resources, well-orchestrated protocols and employee adherence to the protocols, effects on services and infrastructure related to the attack are minimal, and little financial damages are incurred. |
| The Week in Ransomware – December 2nd 2022 – Disrupting Health Care |
Bleeping Computer, December 2, 2022 This week’s big news was the Colombia health system being severely disrupted by a ransomware attack on Keralty, one of the country’s largest healthcare providers. Patients have had to wait upwards of twelve hours to receive care, with reports of people fainting due to the lack of medical attention. |
| The Worst Hacks and Breaches of 2022 So Far |
Wired, July 4, 2022 From cryptocurrency thefts to intrusions into telecom giants, state-backed attackers have had a field day in the year’s first half. |
| These four types of ransomware make up nearly three-quarters of reported incidents |
ZD Net, March 17, 2022 Ransomware causes problems no matter what brand it is, but some forms are noticeably more prolific than others, with four strains of the malware accounting for a combined total of almost 70% of all attacks. |
| Third-Party Vendor Ransomware Attack Impacts Humana, Anthem Members |
Health IT Security, October 27, 2021 PracticeMax, a billing and IT solutions provider, experienced a ransomware attack that impacted some Humana and Anthem members. |
| Thirty-nation ransomware summit is ‘first of many’ to marshal international action |
SC Media, October 13, 2021 The U.S. is kicking off a two-day ransomware summit with 30 other nations today, part of a broader effort by the Biden administration to marshal an international coalition to harden the global digital ecosystem’s legal and technical infrastructure against the attacks. |
| This ransomware strain just started targeting lots more businesses |
ZD Net, December 22, 2021 Gang typically targets finance, government and healthcare organizations. The relatively new Pysa ransomware was the dominant strain behind file-encrypting attacks in November and saw a 400% rise in attacks on government organizations, according to analysis by security company NCC Group. |
| This Year’s Largest Healthcare Data Breaches |
Health IT Security, November 30, 2021 More than 550 organizations reported healthcare data breaches to HHS in 2021, impacting over 40 million individuals. |
| Threat Actors Shift Tactics, Targets As Ransomware Evolves |
Health IT Security, January 25, 2022 As ransomware continues to evolve, threat actors are favoring double extortion, RaaS, and software vulnerability exploits. |
| To Combat Ransomware Attacks, Communication With C-Suite is Essential |
Health IT Security, December 22, 2021 A study from (ISC)² shows that C-suite executives are looking for clearer communication and guidance from cybersecurity leaders when it comes to combatting ransomware attacks. |
| Top 10 healthcare breaches in the U.S. exposed data of 19 million |
Bleeping Computer, December 31, 2021 The healthcare sector has been the target of hundreds of cyberattacks this year. A tally of public data breach reports so far shows that tens of millions of healthcare records have been exposed to unauthorized parties. Most of the largest data breaches result from ransomware attacks and the first ten of them account for more than half of all the healthcare records exposed in 2021. |
| Top 5 ransomware operators by income |
MSN, August 11, 2021 Jack Cable, a security architect at Krebs Stamos group, and a former U.S. Cybersecurity and Infrastructure Security Agency worker, has started a ransomware payments tracking site called Ransomewhere. |
| Top Cybersecurity Challenges Facing Healthcare Providers |
Gov Info Security, December 3, 2022 With the surge in ransomware and other major hacking incidents affecting third-party suppliers, it is more critical than ever for healthcare sector entities to diligently scrutinize threats and risks involving their vendors, says Denise Anderson, president and CEO of the Health Information Sharing and Analysis Center. |
| Top Healthcare Cybersecurity Challenges, How to Overcome Them |
Health IT Security, November 23, 2021 With a multitude of critical data and patient safety hanging in the balance, there is a unique set of healthcare cybersecurity challenges that must be carefully considered. |
| Toronto children’s hospital confirms it was hit by ransomware |
IT World Canada, December 22, 2022 The impact of the ransomware attack that hit Toronto’s Hospital for Sick Children may last for weeks. In an online statement today the hospital said it anticipates that it will be a matter of weeks before all systems are functioning as normal. There is no evidence to date that personal information or personal health information has been impacted. |
| Treasury Chief Yellen Calls Ransomware ‘Direct Threat’ to Economy |
The Crime Report, October 21, 2021 The volume of suspected ransomware payments is likely to double this year, posing a “direct threat” to the U.S. economy, says U.S. Treasury Secretary Janet L. Yellen. |
| Twice as Many Healthcare Organizations Paid Extortion After Ransomware Attacks, but Only 2% Recovered All Data |
CPO Magazine, June 9, 2022 The State of Ransomware in Healthcare 2022 report found that nearly two-thirds (66%) of healthcare organizations were hit by ransomware in 2021 compared to just over a third (34%) in 2020. |
| Two Data Breaches at WA Senior Care Nonprofit Impact 103K |
Health IT Security, December 8, 2021 Washington-based senior care nonprofit Sound Generations experienced two data breaches that impacted over 103K individuals and potentially exposed PII. |
| Two ransomware gangs, Vice Society and Magniber, said to launch attacks via PrintNightmare |
SC Media, August 13, 2021 Researchers over the past couple of days reported that two different ransomware gangs — one fairly new, the other several years old — have been actively exploiting the PrintNightmare vulnerability in the Windows Print Spooler service to launch ransomware attacks. |
| U.S. Cyber Command’s actions against ransomware draw support and criticism |
CSO, December 7, 2021 The actions, which temporarily took down REvil, raise questions about using the military to combat ransomware. |
| U.S. healthcare hit by yet another cyberattack |
Digital Journal, September 11, 2021 The U.S. medical body, California health center LifeLong Medical Care, has been struck by a ransomware attack. The attack was sufficiently wide to leak personally identifiable information of around 115,000 patients across numerous health organizations. |
| U.S. Healthcare Orgs Targeted with Maui Ransomware |
Threat Post, July 8, 2022 State-sponsored actors are deploying the unique malware–which targets specific files and leaves no ransomware note–in ongoing attacks. Several federal agencies are warning healthcare organizations that they are under threat of attacks from North Korean state-sponsored actors employing a unique ransomware that targets files with surgical precision, according to U.S. federal authorities. |
| U.S. Healthcare Orgs Targeted with Maui Ransomware |
Threat Post, July 8, 2022 Several federal agencies are warning healthcare organizations that they are under threat of attacks from North Korean state-sponsored actors employing a unique ransomware that targets files with surgical precision, according to U.S. federal authorities. |
| U.S. lacks full picture of ransomware attacks, Senate panel finds |
NNY 360, May 29, 2022 The U.S. government lacks a complete picture of ransomware attacks that routinely cripple government and private sector networks, according to an investigation by Senate Homeland Security and Governmental Affairs Committee staff. The report, released Tuesday, also found that the government lacks information on how much ransom was paid — typically in the form of cryptocurrencies — by victims of such ransomware attacks. |
| U.S., allies accuse Iran of targeting health care and transportation victims for ransomware |
The Washington Times, November 17, 2021 U.S. cyber officials and their counterparts in Australia and the U.K. on Wednesday accused Iranian government-sponsored attackers of targeting entities in the health care and transportation sectors to victimize with ransomware. |
| UC San Diego Health Hack May Have Exposed Patient Info |
Gov Tech, July 29, 2021 Earlier this week, UC San Diego Health disclosed that it experienced a data breach between December 2020 and April 2021 that could have compromised sensitive patient information. The breach occurred through phishing. |
| UF Health admits patient data may have been compromised in ransomware attack |
Village News, July 31, 2021 Two months after a ransomware attack was launched on its computer systems, UF Health-The Villages Hospital is admitting that patient data may have been compromised. |
| UMass Memorial notifies 209K patients 8 months after data breach discovery |
SC Media, October 29, 2021 Nearly eight months after discovering the hack of multiple employee email accounts, UMass Memorial Health is notifying about 209,000 patients that their personal and health information was potentially compromised. |
| Under Siege: How Healthcare Organizations Can Fight Back |
CPO Magazine, November 25, 2021 A recent spate of crippling ransomware attacks against healthcare organizations signals that these assaults remain a major threat to our healthcare system and may have led to the nation’s first ransomware-related death. |
| Understanding And Responding To Ransomware Threats |
Forbes, October 27, 2021 Police forces, healthcare providers, educational institutes, the oil industry, entire governments — no sector is immune to the ransomware epidemic. Once you’re hit, it can threaten your organization’s very existence. The threat is so pervasive, the ramifications so dire, that the U.S. Department of Justice has elevated all ransomware investigations to a similar priority class as terrorism. |
| United Health Centers ransomware attack claimed by Vice Society |
Bleeping Computer, September 24, 2021 California-based United Health Centers suffered a ransomware attack that reportedly disrupted all of their locations and resulted in patient data theft. United Health Centers is a health care provider in California with twenty-one community health centers servicing Fresno, Kings, and Tulare counties. |
| Universal Health Services Estimates $67 Million in Ransomware Losses |
Info Security Magazine, March 2, 2021 A ransomware attack on Universal Health Services (UHS) last autumn cost the company an estimated $67 million in downtime and related expenses, it has revealed. The Fortune 500 healthcare organization has tens of thousands of employees in the US and UK and annual revenues exceeding $10 billion. |
| Unpatched Vulnerabilities Remain Primary Ransomware Attack Vector |
Health IT Security, January 31, 2022 Cybercriminals continually look to unpatched vulnerabilities such as Log4j and others as primary ransomware attack vectors. |
| Upstate HomeCare notifies patients and employees of ransomware attack |
WHEC, November 24, 2021 A ransomware attack on a local company exposed the personal information of its patients and employees. Upstate HomeCare said the attack happened earlier this year, but cybersecurity experts just found its documents posted on the dark web. |
| Urgent alert warns Daixan ransomware group hit multiple healthcare providers |
SC Media, October 24, 2022 The Daixin ransomware group is actively, and successfully, targeting the healthcare sector in force, with multiple provider organizations facing extortion claims after falling victim to the actors’ tactics since June, according to an urgent joint alert from multiple federal agencies. |
| US government says North Korean hackers are targeting American healthcare organizations with ransomware |
TechCrunch+, July 6, 2022 The FBI, CISA and the U.S. Treasury Department are warning that North Korean state-sponsored hackers are using ransomware to target healthcare and public health sector organizations across the United States. |
| US healthcare org sends data breach warning to 1.4m patients following ransomware attack |
THE DAILY SWIG, August 19, 2021 The medical and financial data of 1.4 million people was potentially exposed earlier this year in the latest ransomware attack to hit a major US healthcare provider. St. Joseph’s/Candler (SJ/C), the largest healthcare network in Savannah, Georgia, says in a statement that it first detected the breach on June 17. After it isolated its systems, an investigation carried out with the help of external security firms found that the attackers had originally gained access on December 20 last year. |
| US healthcare organizations warned of cyber threats related to Russian invasion of Ukraine |
SC Media, February 24, 2022 The American Hospital Association believes there are three areas of concerns for the U.S. healthcare sector, in light of the Russian invasion on Ukraine: hospitals and health systems may be directly targeted, or become incidental victims of Russian-backed threat actors, and could see operational disruptions brought on by a cyberattack. |
| US Healthcare Targeted in Royal Cyber Attacks |
Tech Report, December 21, 2022 A new ransomware named Royal has infected Healthcare and Public Healthcare sectors in the US. It is unknown how many successful attacks have occurred but Health Sector Cybersecurity Coordination Center (HC3) have stated that ransoms from $250,000 to over $2 million USD have been demanded. |
| US lacks full picture of ransomware attacks, Senate panel finds |
Roll Call, May 24, 2022 The U.S. government lacks a complete picture of ransomware attacks that routinely cripple government and private sector networks, according to an investigation by Senate Homeland Security and Governmental Affairs Committee staff. |
| US Treasury says financial ransomware losses topped $1.2 billion last year |
SC Media, November 4, 2022 US financial institutions processed roughly $1.2 billion in ransomware-related payments last year, a nearly 200 percent increase compared to 2020, according to the Treasury Department. |
| Use of Cryptocurrency in Ransomware Attacks, Available Data, and National Security Concerns |
Homeland Security & Governmental Affairs, May 23, 2022 Ransomware is a dangerous form of cyber-attack where threat actors prevent access to computer systems or threaten to release data unless a ransom is paid. It has the power to bankrupt businesses and cripple critical infrastructure – posing a grave threat to our national and economic security. The use of cryptocurrencies has further enabled ransomware attacks, particularly because cryptocurrency is decentralized and distributed and illicit actors can take steps to obscure transactions and make them more difficult to track. |
| UVM Health Continues to Feel Effects of Ransomware Attack |
Health IT Security, June 24, 2021 Eight months after a ransomware attack that incurred costs upwards of $63 million, UVM Health continues to experience setbacks and financial losses. |
| UVM Health Delays Epic EHR Implementation After Cyberattack, COVID-19 |
EHR Intelligence, January 6, 2021 One of 2020’s worst cyberattacks resulted in University of Vermont (UVM) Health delaying its Epic EHR implementation schedule. |
| Vast majority in healthcare industry hit with a cyberattack on cloud infrastructure in the last year |
SC Media, October 27, 2022 Netwrix on Thursday reported that 61% of respondents in the healthcare industry suffered a cyberattack on their cloud infrastructure within the last 12 months, compared to 53% for other verticals. |
| Vast majority of SMBs are concerned about a ransomware attack on their business |
SC Media, November 8, 2022 OpenText Security Solutions on Monday reported that some 84% of respondents to a small- and mid-sized business (SMB) survey are concerned about a ransomware attack on their business. |
| Vendor ransomware attack exposes patient information at South Carolina practice |
Becker’s Hospital Review, March 8, 2021 Sandhills Medical Foundation notified patients that an external cloud vendor underwent a ransomware attack, exposing patients’ personal information, according to a news release. The attackers accessed Sandhills’ system on Nov. 15 and extracted Sandhills’ data before the ransomware attack was launched on Dec. 3. |
| Vendor Ransomware Breach Affects 942,000 Patients |
Healthcare Info Security, August 17, 2022 A New York-based practice management and billing vendor has notified 28 healthcare entity clients and more than 942,000 of their patients that sensitive information was compromised in a ransomware attack in April. |
| Vendor’s Ransomware Attack Hits Over 600 Healthcare Clients |
Gov Info Security, July 5, 2022 A ransomware attack on an accounts receivables management firm affects more than 650 covered entity clients – including dental practices, physician groups and hospitals, resulting in one of the largest health data breaches involving a vendor so far this year. |
| Vendor’s Ransomware Attack Hits Over 600 Healthcare Clients |
Gov Info Security, July 5, 2022 A ransomware attack on an accounts receivables management firm affects more than 650 covered entity clients – including dental practices, physician groups and hospitals, resulting in one of the largest health data breaches involving a vendor so far this year. |
| Vendor’s Ransomware Attack Is Latest Supply Chain Warning |
Gov Info Security, May 11, 2022 A recent ransomware attack on a medication management systems provider is the latest reminder of persistent cybersecurity threats and risks facing healthcare supply chain and related vendors, as well as their customers. |
| Venus Ransomware Targets Publicly Exposed Remote Desktop Services |
HHS, November 9, 2022 HC3: Analyst Note. Report: 202211091400 HC3 is aware of at least one healthcare entity in the United States falling victim to Venus ransomware recently. The threat actors behind Venus ransomware operations are known to target publicly exposed Remote Desktop Services to encrypt Windows devices. This report provides additional information, indicators of compromise, techniques and corresponding mitigations associated with Venus ransomware. |
| Virginia legislative agencies and commissions hit with ransomware attack |
ZD Net, December 13, 2021 A ransomware attack has hit agencies and commissions within the Virginia legislature, according to a statement from the governor’s office to the Associated Press. |
| What does healthcare need from government efforts? Not another framework |
SC Media, November 14, 2022 The federal government has set its sights on improving healthcare’s cybersecurity posture through collaborative partnerships. However, stakeholders are frustrated, some even angry, that their proposals appear to recycle past work rather than building on the foundation these leaders have spent their careers making. |
| What Growing Federal Scrutiny of Healthcare Cybersecurity Means for Organizations |
Health Tech, June 30, 2022 Healthcare organizations are more likely than organizations in other sectors to pay the ransom, but when they do, they may not get back all their data. And just 78 percent of healthcare organizations have cyber insurance coverage, according to Sophos’ “The State of Ransomware in Healthcare 2022.” |
| What Happens After a Ransomware Attack in the Health IT Environment? |
Health IT Security, June 9, 2021 CyberMDX’s Ido Geffen takes a hard look at ransomware attacks within a healthcare environment, including what providers are getting wrong and needed security mitigations. |
| What healthcare providers can do to strengthen cyber resiliency |
SC Media, June 17, 2022 New cyber resiliency insights from the Department of Health and Human Services Cybersecurity Coordination Center aim to support healthcare providers in bolstering enterprise cyber posture to improve response in the wake of security incidents. |
| What is Top of Mind for CISOs Right Now |
CSO, November 10, 2022 Every quarter, we interview CISOs and ask them what is top of mind and what trends or challenges they are experiencing in the threat landscape. From this, we create the CISO Insider — an actionable report that explores the top three issues that are most relevant in today’s threat landscape. This quarter, we’re exploring rising ransomware rates, the need for increased automation and better tools to empower security teams to do more with limited resources, and the opportunity for extended detection and response (XDR) to help rapidly address emergent threats. |
| When Ransomware Group REvil Vanished, Its Victims Were Stranded |
Bloomberg, July 27, 2021 Hi, this is Kartikay on the cyber team. Ransomware attacks always hurt—but perhaps never more so than when the victim is compromised through the very company they pay for IT and security services. |
| White House announces ransomware task force — and hacking back is one option |
Politico, July 14, 2021 The administration is promoting efforts to help agencies go on defense and offense against hackers whose economically paralyzing attacks pose a growing threat to the U.S. |
| White House convenes international summit to thwart ransomware threats |
MSN, October 31, 2022 The White House is hosting its second annual summit, involving dozens of countries and tech companies, to thwart the threat of ransomware attacks. |
| White House Sets Sights on New Healthcare Cybersecurity Standards |
Health IT Security, October 18, 2022 New healthcare cybersecurity standards and guidance from the White House are on the horizon, Anne Neuberger, deputy national security advisor for cyber and emerging technology in the Biden Administration, said at a recent Washington Post event. |
| Why “Ransomware Insurance” Causes Healthcare Industry to Overlook Deeper, Underlying Security Issues |
CPO Magazine, September 2, 2021 In most circumstances, insuring your organization against potential threats is a solid idea. Within this frame of logic, particularly for a healthcare organization, a sector where 34% of all organizations were hit by ransomware last year, insurance may seem like a good investment. |
| Why healthcare security needs urgent care |
Hospital Health, July 28, 2021 Increased ransomware incidents in health care require stringent protection of critical systems and data. Australia’s healthcare sector has been the target of increased cybersecurity incidents since COVID-19 forced digital care into the spotlight. Sensitive data collected by healthcare providers, as well as their increased reliance on cloud-based services and telehealth, make the industry a prime target |
| Why Hive Attacks Are the Latest Menace to Healthcare Sector |
Gov Info Security, October 26, 2021 Several characteristics of the Hive ransomware group make the threat actor particularly menacing to victims, which include healthcare sector targets, says Adam Meyers, vice president of intelligence at security firm CrowdStrike. |
| Why Is Healthcare a Target for Ransomware Attacks? |
Make Use Of, July 31, 2021 Ransomware poses a huge threat to medical institutions. Here’s why and what that means for you. |
| Why ransomware attacks in healthcare remain a problem – and how to stop them |
SC Media, September 8, 2021 If data has value, then electronic health records are a treasure trove. Today’s emboldened and ever-more-sophisticated cyber criminals know this. With many healthcare organizations again stretched thin to address raising COVID-19 case counts, there’s little doubt that we will see a steady drumbeat of new ransomware attacks, building on the record number so far this year. |
| Why Storage and Backups Are a Key Component of Healthcare Cybersecurity |
Health Tech, May 20, 2022 If there’s a healthcare organization that knows something about building a strong data security foundation, it’s Kelsey-Seybold Clinic. In fact, the multidisciplinary clinic system, with locations throughout the greater Houston area, “had ransomware before ransomware was cool,” according to CTO and CISO Martin Littmann. |
| With the holidays come greater ransomware attacks |
SC Media, November 24, 2021 It’s that time of the year. Time to celebrate. Eat well. And sadly, to deal with even more cybercrime, especially ransomware attacks, according to one firm. |
| Working with hospitals to reassess risk in the ransomware age |
SC Media, October 27, 2021 It’s an unfortunate truth that ransomware attacks have become not only more common, but also more disruptive and dangerous, especially at hospitals, where a misplayed ransomware attack could result in a fatality. |
Facing the Health Ransomware Threat – Q&A with Kellyn Wagner Ramsdell
Q&A with Joanne Fitzpatrick