Latest News Articles

TitleDescription
‘Lock it down and piss people off’: How quick thinking stopped a ransomware attack from crippling a Florida hospital

Erie News Now, January 16, 2022

It was approaching midnight on Sunday and the head of IT at a Florida hospital had a problem.

The emergency room of Jackson Hospital, a 100-bed facility on Florida’s panhandle, called to report that it couldn’t connect to the charting system that doctors use to look up patients’ medical histories. Jamie Hussey, Jackson Hospital’s IT director, soon realized that the charting software, which was maintained by an outside vendor, was infected with ransomware and that he didn’t have much time to keep the computer virus from spreading.

Read full Erie News Now article.

‘Cyber insecurity’ in healthcare is leading to increased patient mortality rates

Tech Republic, September 12, 2022

A new report finds that ransomware attacks are delaying procedures and tests, resulting in poor patient outcomes and increased complications from medical procedures.

Read full Tech Republic article.

#StopRansomware: Daixin Team

CISA, October 21, 2022

Alert (AA22-294A)

The FBI, CISA, and Department of HHS are releasing this joint CSA to provide information on the “Daixin Team,” a cybercrime group that is actively targeting U.S. businesses, predominantly in the Healthcare and Public Health (HPH) Sector, with ransomware and data extortion operations.

Read full CISA alert.

#StopRansomware: Hive Ransomware, CISA Alert (AA22-321A)

CISA, November 17, 2022

This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.

Read full CISA alert.

10 biggest healthcare data breaches of 2021 impact over 22.6M patients

SC Media, December 21, 2021

The biggest healthcare data breaches reported in 2021 each impacted more than 1 million patients, with more than 22.64 million patients affected overall. Considering the runner-up incident claimed 1.2 million breach victims, the year has seen some of the largest cybersecurity impacts in healthcare’s history.

Read full SC Media article.

10 more anesthesia practices added to healthcare management breach tally

SC Media, November 9, 2022

The Department of Health and Human Services breach reporting tool shows at least 10 more anesthesia practices have been added to the “data security incident” at a healthcare management company, first reported in October.

Read full SC Media article.

10 nations coordinate shutdown of ransomware VPN service

SC Media, January 18, 2022

On Monday, law enforcement agencies in 10 nations, including the FBI in the United States, shut down a 15-server VPN service used to anonymize ransomware attacks.

Read full SC Media article.

11 hospitals, health systems that experienced data breaches in June

Becker’s Health IT, June 22, 2022

Several health systems have reported data breach incidents that have compromised patient data and IT systems during June.

Read full Becker’s Health IT article.

134K Common Ground plan members added to vendor’s ransomware fallout

SC Media, August 31, 2022

Common Ground Healthcare Cooperative recently informed 133,714 plan members that their data was likely accessed during a hacking incident and subsequent ransomware attack of its mailing vendor, OneTouchPoint.

Read full SC Media article.

2 Health Plans Report Major Breaches Following Attacks

Data Breach Today, May 19, 2022

Two recent apparent ransomware attacks on health plans – one allegedly involving Conti, and the other Hive, have potentially affected hundreds of thousands of individuals. One of the health plans is already facing legal fallout.

Read full Data Breach Today article.

2 Latest Health Data Hacks Affect Over 200,000 Individuals

Gov Info Security, March 23, 2022

A public health department in Washington state and a medical specialty practice in New Jersey are among the latest healthcare entities reporting major hacking incidents affecting tens of thousands of individuals’ sensitive health information.

Read full Gov Info Security article.

2022 Verizon Breach Report: Alarming Rise in Ransomware

Gov Info Security, June 2, 2022

The 15th edition of the annual Data Breach Investigations Report, published by Verizon on May 24, sheds light on the impact of common forms of cyberattacks on the international security landscape. The data analyzed in the report has been gathered from law enforcement agencies, forensics and law firms, Computer Emergency Response Teams, Information Sharing and Analysis Centers, and government agencies of several countries.

Read full Gov Info Security article.

3 Health Data Hacks Affect 1.4 Million Individuals

Info Risk Today, May 24, 2022

Hacking incidents recently reported as major data breaches by three different types of health sector entities – a children’s hospital, a managed care plan and a government contractor – have in total compromised the sensitive information of more than 1.4 million individuals.

Read full Info Risk Today article.

320K Impacted in EHR Vendor Breach, Ransomware Hits Health Systems

Health IT Security, November 9, 2021

An EHR vendor breach exposed the PHI of 320K, while unauthorized email access and ransomware disrupted the operations of other health systems.

Read full Health IT Security article.

39 Ransomware Groups Targeted Healthcare in the Past 18 Months

Cybersecurity News, December 17, 2021

A dozen ransomware groups targeted healthcare despite making promises to not go after the sector, CyberPeace Institute data revealed.

Read full Cybersecurity News article.

39 Ransomware Groups Targeted Healthcare in the Past 18 Months

Health IT Security, December 17, 2021

A dozen ransomware groups targeted healthcare despite making promises to not go after the sector, CyberPeace Institute data revealed.

Read full Health IT Security article.

4 Healthcare Cybersecurity Challenges and How to Combat Them

Campus Safety, November 17, 2021

As the healthcare industry becomes more technologically connected, the risk of cyber theft also increases.

Digital technologies make it easier and more efficient to deliver patient care and provide better outcomes. However, the rise of digital technologies and the growing interconnectedness between different healthcare systems come with increasing healthcare cybersecurity threats.

Read full Campus Safety article.

46% of All Ransomware Attacks Happen in the United States, NordLocker Says

Digital Transactions, September 27, 2022

One country—the United States—accounts for 46% of all ransomware attacks, a sobering statistic revealed in a new report from NordLocker, a European cybersecurity provider.

Read full Digital Transactions article.

5 more organizations added to Eye Care Leaders attack total, now biggest PHI breach of 2022

SC Media, June 23, 2022

The impact from the Eye Care Leaders ransomware attack continues to expand, with five more covered entities reporting impacts to patient data in the last week.

Read full SC Media article.

560 Healthcare Providers Fell Victim to Ransomware Attacks in 2020

Health IT Security, January 19, 2021

In 2020, Emsisoft data shows 560 healthcare provider facilities fell victim to ransomware attacks, of an overall 2,354 US entities hit by the malware variant.

Read full Health IT Security article.

7 health systems affected by data breaches in the last 30 days

Becker’s Health IT, November 21, 2022

From a third-party data breach to phishing schemes that compromised employee email accounts, seven health systems have been affected by a cybersecurity incident since Oct. 27.

Read full Becker’s Health IT article.

A Cybersecurity Diagnosis for the Healthcare Sector with Breach-Likelihood

MENA FN, December 13, 2021

For more than the past decade, healthcare has been the biggest target of data breaches. The total average cost has increased to $9.23 million in 2021 from $7.13 million the previous year, demonstrating a 29.5% rise. Cyberattacks in healthcare are unfortunately not limited to their financial, regulatory, and reputational impact since they have a direct consequence on lives.

Read full MENA FN article.

A New Era of Ransomware

Cyber Security Intelligence, July 20, 2022

For months, Costa Rica has been on the frontlines of unprecedented ransomware attacks that have impacted just about every aspect of life. Essential services have been crippled, teachers have been unable to collect their paychecks, doctors have been prevented from tracking the spread of COVID-19, all while international trade has ground to a halt.

Read full Cyber Security Intelligence article.

A ransomware attack on a debt collection firm is one of 2022’s biggest health data breaches

Yahoo! News, July 13, 2022

The Colorado-based Professional Finance Company, known as PFC, which contracts with “thousands” of organizations to process customer and patient unpaid bills and outstanding balances, disclosed on July 1 that it had been hit by ransomware months earlier in February.

Read full Yahoo! News article.

A small Canadian town is being extorted by a global ransomware gang

MSN, July 22, 2022

The Canadian town of St. Marys, Ontario, has been hit by a ransomware attack that has locked staff out of internal systems and encrypted data.

Read full MSN article.

Aaron Weismann on ransomware attacks

Becker’s Health IT, September 12, 2022

Ransomware and other cyberattacks are part of our world, and health system CIOs need to be prepared for them.

Aaron Weismann, chief information security officer at Main Line Health system in Radnor Township, Pa., stopped by the “Becker’s Healthcare Digital Health + Health IT” podcast to discuss ransomware attacks.

Listen to Becker’s Health IT podcast.

Additional 15K added to Eye Care Leaders’ already record-setting breach tally

SC Media, November 18, 2022

Another 15,000 patients have been added to the breach tally of the Eye Care Leaders ransomware attack from nearly one year ago.

Read full SC Media article.

Additional Healthcare Firms Disclose Impact From Netgain Ransomware Attack

Security Week, January 17, 2022

Healthcare providers Caring Communities and Entira Family Clinics are warning patients that their personal information may have been exposed in a data breach that hit tech vendor Netgain Technology more than a year ago.

In late November 2020, Netgain, which provides managed IT services to organizations in sectors such as accounting, healthcare, and legal, fell victim to a ransomware attack that also resulted in the compromise of customer data.

Read full Security Week article.

Adopt NIST cybersecurity standards, health care leader urges

SC Media, October 5, 2021

At a basic level, the health care sector is a human-focused business with highly advanced technologies and a public expectation to drive innovation — often within stringent resources. Despite a tremendous amount of endpoints and advanced technologies, providers must protect themselves using The Health Insurance Portability and Accountability Act Security Rule.

Read full SC Media article.

Adopting Defense In Depth Strategies to Combat Healthcare Cyberattacks

Health IT Security, January 11, 2022

The AHA’s John Riggi and Attivo Networks’ Carolyn Crandall share insights on how organizations can navigate current healthcare cyberattack threats by using defense in depth strategies.

Read full Health IT Security article.

Aesto Health, Aon PLC, Alameda Health System Suffer Healthcare Data Breaches

Health IT Security, June 10, 2022

Three organizations suffered healthcare data breaches and reported them to HHS recently. All three incidents described below involved unauthorized access to certain systems or email accounts.

Read full Health IT Security article.

After Hive cyberattack, Partnership HealthPlan confirms data theft affecting 855K

SC Media, May 31, 2022

Following reports of network downtime after a cyberattack in March, Partnership HealthPlan of California has since confirmed the Hive ransomware group stole a trove of health information ahead of the ransomware deployment. Reports show 854,913 patients were impacted.

Read full SC Media article.

After widespread hospital attacks, targeting of health care industry continues to rise

SC Media, January 5, 2021

A wave of ransomware attacks against hospitals in the United States and United Kingdom late last year shocked the conscious of many cybersecurity professionals. Things have only gotten worse for the health care industry since then.

Read full SC Media article.

Agencies urge health sector to protect against ransomware threat

American Hospital Association, November 18, 2022

The FBI, Cybersecurity & Infrastructure Security Agency, and Department of Health and Human Services yesterday recommended actions to reduce the risk of compromise from Hive ransomware, which has victimized over 1,300 health care and other organizations since last June.

Read full AMA article.

AI and open-source intelligence can mitigate ransomware and cryptocurrency risks

SC Media, November 18, 2022

The Second International Counter Ransomware Initiative (CRI) Summit held recently at the White House turned the spotlight on the need to counter cybercriminal and other threat actors’ efforts to use the cryptocurrency ecosystem to garner payments and mask illicit activity.

Read full SC Media article.

AIIMS Delhi turns manual following ransomware attack

Healthcare IT News, November 28, 2022

On 23 November, the All India Institute of Medical Sciences in New Delhi, India reported an IT outage due to a suspected ransomware attack.

Read full Healthcare IT News article.

Alert (AA22-223A), #StopRansomware: Zeppelin Ransomware

CISA, August 11, 2022

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Zeppelin ransomware IOCs and TTPs associated with ransomware variants identified through FBI investigations as recently as 21 June 2022.

Read full CISA alert.

American Dental Association hit by new Black Basta ransomware

Bleeping Computer, April 26, 2022

The American Dental Association (ADA) was hit by a weekend cyberattack, causing them to shut down portions of their network while investigating the attack.

Read full Bleeping Computer articles.

Another 1.3M patients added to data breach tally of ransomware attack on Eye Care Leaders

SC Media, June 16, 2022

Approximately 1.29 million patients of Texas Tech University Health Sciences Center have been added to the ongoing fallout from the Eye Care Leaders ransomware attack and data theft from December 2021.

Read full SC Media article.

Are Medical Devices at Risk of Ransomware Attacks?

The Hacker News, January 3, 2022

In May 2017, the first documented ransomware assault on networked medical equipment happened. The worldwide ransomware assault WannaCry compromised radiological and other instruments in several hospitals during its height, after a software failure caused by a cyberattack on its third-party vendor’s oncology cloud service, cancer patients having radiation therapy at four healthcare institutions had to reschedule appointments.

Read full The Hacker News article.

Are Ransomware Payments Covered by Cyberinsurance?

Security Boulevard, November 19, 2021

There seems to be a pattern in data breach and other cyberattack cases: After a breach, a company turns to its insurer for coverage. Sometimes they have specialized cyberinsurance, sometimes not. But often, even if they have paid for what they believe to be comprehensive cybersecurity risk insurance, the insurer refuses to pay the claim.

Read full Security Boulevard article.

As fewer victims pay ransoms, Conti gang looks to sell victim data

SC Media, October 26, 2021

Conti is changing its business model. Rather than post leak data as a threat, Conti is now offering stolen data from victims who have not paid ransoms for sale to outside buyers. It may be the next evolution for ransomware gangs left with boatloads of unmonetized data after victims have become dramatically less likely to pay ransoms over just the past quarter.

Read full SC Media article.

As VMFH network outage hits Day 4, concerns of ransomware attack on health giant grow

MSN, October 6, 2022

Concerns are growing over the source and possible ripple effect of a cyber event that’s hobbled one of the Puget Sound area’s main health systems and kept its online network down for four days straight.

Read full MSN article.

Associated Eye Care Discloses Impact From 2020 Netgain Ransomware Attack

Security Week, July 11, 2022

Montana-based Associated Eye Care Partners (AEC) has started informing patients that their personal data might have been compromised during an old ransomware attack targeting Netgain.

Read full Security Week article.

At Half-Year Mark, Ransomware, Vendor Breaches Dominate

Gov Info Security, July 14, 2022

Ransomware incidents and breaches involving business associates affecting millions of individuals dominate the hundreds of major health data breaches reported so far this year to federal regulators.

The trends underscore a troubling weakness for the healthcare industry, which depends on third parties to process claims, handle billing and otherwise operate the administrative side of medical care.

Read full Gov Info Security article.

Attack dwell times drop, ransomware TTPs evolve, China ramps up espionage activity

CSO, April 19, 2022

M-Trends 2022 report delivers detailed assessment of the evolving global cyber threat landscape highlighting prevalent attack vectors and most targeted industries.

Read full CSO article.

Attack sophistication means health care cybersecurity requires digital resilience

SC Media, August 6, 2021

Cybercriminals have not taken a vacation during the pandemic and have continued to modify their tactics to great success. Recent security incidents reflect the nature of the threat landscape and serve as a reminder that even entities with strong cybersecurity practices can be exploited.

Read full SC Media article.

Australia’s Medibank drops after ransomware attack in IT network

Reuters, October 17, 2022

Shares of Medibank Private Ltd (MPL.AX) dived nearly 5% on Monday even after the Australian health insurer assured clients that normal business operations have resumed following an attempted ransomware attack on its network.

Read full Reuters article.

Australia’s Medibank Health Insurance Data Held for Ransom, 200 GB of Medical Records Stolen

CPO Magazine, October 24, 2022

Cybersecurity woes for major Australian firms continue as health insurance giant Medibank experienced a data breach that saw 200 GB in medical records stolen by a hacker and held for ransom.

Read full CPO Magazine article.

AZ Ransomware Attack Leads to Unrecoverable EHRs, Data Loss

Health IT Security, September 10, 2021

An Arizona medical center will have to rebuild thousands of patient records after a ransomware attack resulted in corrupted EHRs and data loss.

Read full Health IT Security article.

 

Bad Actors Target Small Clinics With Healthcare Ransomware Attacks

Health IT Security, September 30, 2021

Cybercriminals continue to target small healthcare facilities with ransomware attacks, causing EHR downtime and care disruptions.

Read full Health IT Security article.

Barracuda report reveals spike in ransomware to more than 1.2 million per month

MSN, August 25, 2022

Barracuda, a provider of cloud-first security solutions, has released its fourth-annual threat research report on ransomware. The new report looks at ransomware attack patterns that occurred between August 2021 and July 2022.

Read full MSN article.

Battling Ransomware in Healthcare

Gov Info Security, April 29, 2022

The healthcare industry continues to be targeted by ransomware gangs, but there are efforts underway to help improve the health sector’s information security resiliency.

Read full Gov Info Security article.

Beaumont Health Latest Victim of Accellion Data Breach

Health IT Security, September 3, 2021

Nearly nine months after the Accellion data breach, Beaumont Health in Michigan joined a list of over 11 healthcare organizations impacted by the cyberattack.

Read full Health IT Security article.

Before CommonSpirit Health, 9 other healthcare ransomware attacks in 2022

Becker’s Health IT, October 14, 2022

Chicago-based CommonSpirit Health, the nation’s second-largest nonprofit health system, said Oct. 12 that it was experiencing a ransomware attack that has led to EHR shutdowns and canceled appointments and procedures at its hospitals across the country.

Read full Becker’s Health IT article.

Biggest Healthcare Data Breaches Reported This Year, So Far

Health IT Security, September 2, 2022

The healthcare sector suffered about 337 breaches in the first half of 2022 alone, according to Fortified Health Security’s mid-year report. More than 19 million records were implicated in healthcare data breaches in the first six months of the year.

Read full Health IT Security.

BioTel Heart vendor breach left patients’ information public for nearly a year

Becker’s Health IT, April 5, 2021

BioTel Heart began informing 38,575 patients that a vendor data breach may have left their personal information exposed for nearly a year.

In a data breach notice, BioTel Heart said that on Jan. 28, the healthcare provider was informed about the data breach. It launched an investigation and learned that patients’ personal information was accessible to the public between Oct. 17, 2019, and Aug. 9, 2020.

Read full Becker’s Health IT article.

BlackMatter Ransomware Attacks Threaten Healthcare, HC3 Says

Health IT Security, September 9, 2021

HC3, HHS’s cybersecurity arm, released a threat brief breaking down the BlackMatter ransomware group’s origins, threat tactics, and likely targets.

Read full Health IT Security article.

BlackMatter Ransomware Attacks Threaten Healthcare, HC3 Says

Health IT Security, September 9, 2021

HC3, HHS’s cybersecurity arm, released a threat brief breaking down the BlackMatter ransomware group’s origins, threat tactics, and likely targets.

Read full Health IT Security article.

BlackMatter Ransomware Group No Longer Active, HC3 Says

Health IT Security, February 1, 2022

BlackMatter ransomware group, which orchestrated cyberattacks against healthcare organizations, appears to have shut down operations.

Read full Health IT Security article.

Breach update shows 2.6M individuals affected by Smile Brands data theft

SC Media, April 26, 2022

In an update to its initial September 2021 breach notice, Smile Brands has assessed that the ransomware attack and subsequent data theft impacted approximately 2.6 million individuals. Smile Brands is a dental support services vendor.

Read full SC Media article.

Broader investment in cybersecurity beginning to pay dividends

The Register, April 7, 2022

An increased willingness on the part of enterprises to invest in cybersecurity may finally be starting to make a difference, according to US law giant BakerHostetler.

Read full The Register article.

Building a cyber-resilient healthcare organisation

Express Healthcare, November 18, 2021

Mark Brown, MD-Cybersecurity, Information and Resilience, British Standards Institution (BSI) talks about the immediacy of cybersecurity in primary healthcare.

Read Mark Brown’s interview.

CA Attorney General Calls Out Unreported Healthcare Data Breaches

Health IT Security, August 26, 2021

After multiple ransomware attacks went unreported, California’s attorney general issued a bulletin to providers reminding them to report healthcare data breaches.

Read full Health IT Security article.

California health plan facing network disruptions after alleged Hive ransomware attack

SC Media, April 1, 2022

Partnership HealthPlan of California (PHC) is currently experiencing computer system disruptions and working to recover its network with support from third-party forensic specialists. Multiple reports allege the Hive ransomware group is behind the attack.

Read full SC Media article.

Canadian extradited to U.S. in $27 million ransomware case affecting senior living

McKnights Senior Living, March 4, 2022

A Canadian national indicted in 2020 in a $27 million ransomware fraud case affecting the senior living industry recently was extradited to the United States to face those charges.

Sebastien Vachon-Desjardins was indicted on conspiracy to commit computer fraud and wire fraud, intentional damage to a protected computer, and transmitting a demand in relation to damaging a protected computer.

Read full McKnights Senior Living article.

Canadian health, energy sectors increasingly targeted by ransomware attacks

MSN, December 6, 2021

Canada’s cyber defence agency says more than half of Canadian ransomware victims in 2021 were in critical sectors like health care, energy and manufacturing.

Now, the Communications Security Establishment (CSE) and the RCMP are urging Canadian businesses to upgrade their cyber security — and to report any ransomware attacks, even if they decide to pay the hackers.

Read full MSN article.

Canadian healthcare provider’s unpatched Exchange server exploited twice by ransomware gangs

IT World Canada, March 1, 2022

Two ransomware gangs separately exploited an unpatched on-premises Microsoft Exchange server at a Canadian healthcare provider last year to steal and hold data hostage, although security updates to prevent successful attacks had been issued months earlier.

Read full IT World Canada article.

Canadian province health care system disrupted by cyberattack

Bleeping Computer, November 1, 2021

The Canadian province of Newfoundland and Labrador has suffered a cyberattack that has led to severe disruption to healthcare providers and hospitals.

The attack took place on October 30th, causing regional health systems to shut down their networks and cancel thousands of medical appointments.

Read full Bleeping Computer article.

Capital Region Medical Center targeted in cyber attack

News Tribune, December 23, 2021

Capital Region Medical Center broke its silence Wednesday on an incident that left its network and phone systems down over the past six days.

CRMC discovered a disruption early Friday morning to its network systems. It disabled its network as a security measure and initiated an investigation into the incident. Investigators determined the breach was because of a cybersecurity incident.

Read full News Tribune article.

Challenges remain for healthcare cybersecurity

Tech HQ, January 5, 2022

  • Cybersecurity is a growing issue across all industries, with no signs of slowing down
  • Two-thirds of health delivery organizations have been victims of ransomware attacks, while 33% have been hit twice or more
  • Governments must enforce existing laws and norms of behavior to crack down on cybersecurity threat actors

Read full Tech HQ article.

CHI Health begins bringing computer systems back up after ransomware attack

Omaha World-Herald, October 18, 2022

CHI Health announced Tuesday that the health system is in the process of restoring electronic systems that were taken offline after a ransomware attack.

Read full Omaha World-Herald article.

CIS Launches No-Cost Ransomware Service for U.S. Hospitals

Center for Internet Security (CIS), February 18, 2021

The nonprofit Center for Internet Security announced this week that it had launched a no-cost ransomware protection service for private hospitals in the United States. The Malicious Domain Blocking and Reporting service, which is already available for public hospitals, health departments and healthcare organizations, uses Enterprise Threat Protector software from the cybersecurity vendor Akamai to proactively identify, block and mitigate targeted threats.

Read full CIS article.

CISA and FBI Warn of Zeppelin Ransomware Threat to Healthcare Organizations

HealthTech, August 18, 2022

As part of their ongoing efforts to help healthcare organizations prevent cyberattacks, the FBI and Cybersecurity and Infrastructure Security Agency released a new cybersecurity advisory (CSA) warning health IT leaders about a recent ransomware threat known as Zeppelin.

Read full HealthTech article.

CISA Announces Joint Ransomware Task Force

Security Boulevard, May 25, 2022

Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly announced the formation of a joint ransomware task force, plans for which were originally outlined in the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).

Read full Security Boulevard article.

CISA forms public-private partnership to fight ransomware, work on cyber defense strategy

SC Media, August 5, 2021

The Cybersecurity and Infrastructure Security Agency announced Thursday the formation of a new committee that will bring government and industry together to work on cybersecurity issues. The move continues the Biden administration’s more proactive stance on cyber that began in May.

Read full SC Media article.

CISA Launches Campaign to Reduce the Risk of Ransomware

Cybersecurity & Infrastructure Security Agency (CISA), January 21, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) announced the Reduce the Risk of Ransomware Campaign today, a focused, coordinated and sustained effort to encourage public and private sector organizations to implement best practices, tools and resources that can help them mitigate this cybersecurity risk and threat.

Read full CISA article.

CISA Launches Platform, Joint Effort to Fight Ransomware

Government CIO, August 03, 2021

More education and information-sharing will boost the fight against ransomware, according to federal cyber leaders.

Read full SC Media article.

 

 

CISA Observes Increased Critical Infrastructure Ransomware Threats

Health IT Security, February 11, 2022

CISA, the FBI, and the NSA observed ransomware attacks against 14 of the 16 US critical infrastructure sectors last year.

Read full Health IT Security article.

CISA Releases Guidance on Protecting PII From Ransomware Attacks

Health IT Security, August 30, 2021

CISA released a fact sheet on protecting PII from ransomware attacks in light of recent high-profile cyberattacks that put personal data in jeopardy.

Read full Health IT Security article.

CISA Warns Critical Infrastructure of Holiday Ransomware Risks

Health IT Security, November 23, 2021

CISA warned US critical infrastructure entities to stay vigilant against ransomware and other cyber threats during the upcoming holiday.

Read full Health IT Security article.

CISA, FBI, FinCEN Warn of MedusaLocker Ransomware Cyber Risks

Health IT Security, July 7, 2022

CISA, the FBI, the Department of Treasury, and FinCEN brought attention to MedusaLocker ransomware in a recent alert and warned organizations to apply proper mitigations.

Read full Health IT Security article.

CISA: Iranian Government-Sponsored Threat Actors Targeting Healthcare

Health IT Security, November 17, 2021

The US and its allies are warning healthcare entities about Iranian government-sponsored threat actors targeting Microsoft Exchange and Fortinet vulnerabilities.

Read full Health IT Security article.

CISOs Call for Healthcare Cybersecurity Federal Assistance

Health IT Security, October 20, 2021

A survey of CISOs and other healthcare IT leaders revealed that healthcare cybersecurity is lacking in federal assistance and resources needed to combat cyber threats.

Read full Health IT Security article.

City has spent $2 million recovering from ransomware attack, city officials say

Tulsa World, December 19, 2021

Eight months and $2 million in repairs and upgrades later, the city’s computer system is back up and running at full speed, city officials said.

A ransomware attack in late April damaged about 40% of the city’s 471 servers and about 20% of the city’s 5,000 desktop and laptop computers.

Read full Tulsa World article.

CommonSpirit cyberattack spurs IT outages at CHI Memorial, hospitals across US

SC Media, October 5, 2022

A cyberattack deployed against CommonSpirit has led to IT outages at hospitals across the U.S., including multiple CHI Memorial hospitals in Chattanooga, Tennessee. Local media outlets report the incident has also caused disruptions at hospitals run by Virginia Mason Franciscan Health (VMFH) in Seattle.

Read full SC Media article.

CommonSpirit Health says majority of EHRs back online after ransomware attack

Becker’s Health IT, November 10, 2022

Chicago-based CommonSpirit Health says the EHRs in most of its markets are back up and running following a ransomware attack that has plagued the health system in recent weeks.

Read full Becker’s Health IT article.

CommonSpirit’s Ransomware Incident Taking Toll on Patients

Healthcare Info Security, October 13, 2022

The cybersecurity incident roiling the fourth-largest hospital system in the United States is a ransomware infection, CommonSpirit Health confirmed Wednesday.

Read full Healthcare Info Security article.

Compromised Medical Records, Ransomware Attacks Trouble Healthcare

Health IT Security, November 4, 2021

One California health center’s communication system remains down three weeks after a cyberattack while ransomware and PHI exposure continue to impact healthcare.

Read full Health IT Security article.

Conti ransomware attack on Irish healthcare system may cost over $100 million

ZD Net, February 24, 2022

An Irish news outlet is reporting that the country’s healthcare system will have to spend more than $48 million recovering from a widespread ransomware attack by the Conti group that took place last year.

Read full ZD Net article.

Conti, Karma Ransomware Groups Target 1 Healthcare Org Simultaneously

Health IT Security, March 2, 2022

Sophos disclosed an unusual case of two separate ransomware gangs targeting one healthcare organization simultaneously.

Read full Health IT Security article.

Conti’s Ransomware Toll on the Healthcare Industry

Krebson Security, April 18, 2022

One of the most ruthless and successful Russian ransomware groups — publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But new information confirms this pledge was always a lie, and that Conti has launched more than 200 attacks against hospitals and other healthcare facilities since first surfacing in 2018 under its earlier name, “Ryuk.”

Read full Krebson Security article.

Coos health clinics shut down by ransomware attack

The Conway Daily Sun, September 23, 2021

A ransomware attack this week shut down Coos County Family Health Services, a main provider of health services in the Androscoggin Valley. Coos County Family Health CEO Ken Gordon said the attack affected essentially all of its systems — phone, computer and email.

Read full Conway Daily Sun article.

Costa Rica public health system targeted by ransomware

ABC News, May 31, 2022

Another attempted hacking of a Costa Rican government agency’s computer system has led the country’s public health agency to shut down its systems to protect itself, complicating the medical care of thousands.

Read full ABC News article.

Costa Rican Health Agency Hit by Apparent Hive Attack

Gov Info Security, June 1, 2022

Costa Rica’s national public health services agency has been hit by a cyberattack allegedly launched by ransomware group Hive. The incident comes weeks after an attack reportedly carried out by another Russian-based ransomware group, Conti, targeted several Costa Rican government agencies, including the same health agency.

Read full Gov Info Security article.

Could allowlisting reduce the impact of ransomware, cyberattacks on health care?

SC Magazine, July 12, 2021

A recent IDC report confirmed the health care sector is more vulnerable to the consequences of cyberattacks than other industries and the most likely to suffer application downtime, with 53% of covered entities reporting downtime after an attack.

Read full SC Magazine article.

Critical infrastructure industries struggle to protect themselves from cyberattacks

SC Media, December 3, 2021

The nation’s critical infrastructure industries face a great deal of work to identify and protect, detect and respond, and ultimately recover from cyberattacks, even as signs of some progress emerge.

Read full SC Media article.

CSA Issues Guidance on Third-Party Risk Management in Healthcare

Health IT Security, July 21, 2022

Drafted by the Health Information Management Working Group, the Cloud Security Alliance (CSA) released new guidance on third-party risk management in healthcare.

Read full Health IT Security article.

CSA Offers Guidance on Preventing Ransomware in the Healthcare Cloud

Health IT Security, September 23, 2021

New guidance from the Cloud Security Alliance warns organizations about the prevalence of ransomware in the healthcare cloud and shows how to mitigate risk.

Read full Health IT Security article.

Cyber Command chief acknowledges US military ‘imposing cost’ on ransomware groups

SC Media, December 6, 2021

Gen. Paul Nakasone, director of the National Security Agency and U.S. Cyber Command, acknowledged the U.S. had begun “imposing cost” on ransomware groups in an interview with the New York Times, all but explicitly saying that the U.S. was taking offensive hacking operations against criminal groups it had previously reserved for state actors.

Read full SC Media article.

Cyber criminals increasingly relying on ransomware-as-a-service, report says

FCW, September 13, 2022

A new report reveals threat actors are using the same ransomware as in previous years – but relying on new malware-free intrusion methods and ransomware-as-a-service offerings to evade popular mitigation techniques.

Read full FCW article.

Cyber Signals: Defend against the new ransomware landscape

Microsoft, August 22, 2022

Microsoft published their second edition of Cyber Signals, spotlighting security trends and insights gathered from Microsoft’s 43 trillion security signals and 8,500 security experts. In this edition, they pull back the curtain on the evolving cybercrime economy and the rise of Ransomware-as-a-service (RaaS). Instead of relying on what cybercriminals say about themselves through extortion attempts, forum posts, or chat leaks, Microsoft threat intelligence gives us visibility into threat actors’ actions.

Read full Microsoft article.

Cyber Threats to Health, Education Sectors Increase with Ransomware, Limited Security Resources

Homeland Security Today, May 25, 2022

The healthcare sector and supporting critical infrastructure sectors “can no longer look at the challenges through just a cyber and/or physical lens but must consider all threats to operational resilience,” while the education sector suffers from equity issues reflected in reduced cyber protection capabilities in under-funded K-12 districts and colleges, experts told lawmakers.

Read full Homeland Security Today article.

Cyber Vulnerability is Healthcare’s Modern Malaise

ET Healthworld, September 8, 2021

The healthcare industry makes for an easy target for malicious actors, given its relative nascency to cyber threats and the resultant lax cybersecurity practices.

Read full ET Healthworld article.

Cyberattack devastates health system

The Hamilton Spectator, November 2, 2021

Health Minister Dr. John Haggie could not confirm media reports that a ransomware attack has gutted the province’s electronic health system, but did say the system provider has said it is the result of some third-party infiltration.

Read full The Hamilton Spectator article.

 

Cyberattack drives Johnson Memorial into EHR downtime procedures

SC Media, October 4, 2021

Johnson Memorial Health is currently operating under electronic health record downtime procedures, after a cyberattack struck its computer network on Oct. 2. The health system operates a number of primary care sites, specialist offices, and other facilities across three Indiana counties.

Read full SC Media article.

Cyberattack on Norwood Clinic compromises data tied to 228K patients

SC Media, March 11, 2022

Alabama-based Norwood Clinic notified 228,103 patients that their data was potentially accessed or acquired after a cyberattack in October 2021.

Upon discovery, the systems were secured and the security team worked to “safely restore its systems and operations.” The notice does not disclose whether the attack was caused by ransomware. The investigation determined the hackers gained access to servers containing patient information during the incident.

Read full SC Media article.

Cyberattack, network outage on French hospital renews patient safety concerns

SC Media, August 24, 2022

A cyberattack deployed on the French hospital Center Hospitalier Sud Francilien (CHSF) on Sunday, Aug. 21 has grabbed headlines, as the ransomware threat actors have issued a $10 million demand to unlock the impacted servers.

Read full SC Media article.

Cyberattacks Increasing Against Health Care Providers

Hematology Advisor, January 28, 2022

Cyberattacks have been in on the upswing since the start of the COVID-19 pandemic. According to a recent white paper from CrowdStrike and Medigate, 82% of health systems experienced some form of cyberattack from March 2020 to September 2021, and 34% of the reported attacks involved ransomware.

Read full Hematology Advisor article.

Cyberattacks on Healthcare Spike 45% Since November

Threat Post, January 5, 2021

The relentless rise in COVID-19 cases is battering already frayed healthcare systems — and ransomware criminals are using the opportunity to strike.

Read full Threat Post article.

Cybercriminals accessed Maryland orthopedic center’s emails for a year, affecting 125,000

Becker’s Health IT, April 5, 2021

On March 25, the Bethesda, Md.-based Centers for Advanced Orthopaedics began notifying 125,291 patients, employees and dependents of a cyberattack that took place over a yearlong breach.

In a news release, the orthopedics center said that on Sept. 17, 2020, it identified unusual email activity and launched an investigation with assistance from cybersecurity experts. The investigation found that multiple employee email accounts were accessed by a cybercriminal between October 2019 and September 2020.

Read full Becker’s Health IT article.

Cybergroups targeting the healthcare sector

Becker’s Hospital Review, November 9, 2022

HHS, the Cybersecurity and Infrastructure Security Agency, and the FBI have urged healthcare organizations to take certain actions to protect their systems from hacker groups who have been known to create cyberespionage campaigns aimed at exfiltrating data from hospitals and health systems.

Read full Becker’s Hospital Review article.

CyberSaint Finds Local Government and Utilities Overwhelming Most Likely to Pay Ransoms in “State of Ransomware Attacks Report”

Yahoo! Finance, February 10, 2022

CyberSaint, the developer of the leading platform delivering cyber risk automation, announced today the release of the firm’s “State of Ransomware Attacks Report,” which identifies which sectors pay the most in ransom, have the propensity to pay, and delves into the future of ransomware.

Read full Yahoo! Finance article.

Cybersecurity concerns grow in hospitals across Maryland

The Star Democrat, November 23, 2021

Maryland hospitals are seeing an uptick in ransomware and other cybersecurity threats, mirroring a national trend, and a federal agency is investigating a dozen breaches among healthcare providers in the state.

There are seven breaches currently under investigation from this year alone but there are 12 current investigations regarding Maryland health care providers in the last 24 months.

Read full The Star Democrat article.

Cybersecurity firm uncovers hack attacks on defense, healthcare and energy sectors

yahoo! news, November 8, 2021

Foreign hackers are suspected of compromising organizations in the technology, defense, healthcare, energy and education industries in the U.S. and other countries, cybersecurity firm Palo Alto Networks said late Sunday.

Read full yahoo! news article.

Cybersecurity for healthcare systems, medical devices more critical than ever

Today’s Medical Developments, June 11, 2021

Rise in ransomware attacks forcing hospitals to harden cybersecurity.

Read full Today’s Medical Developments article.

 

Cybersecurity Unplugged: Improving Healthcare Security

Healthcare Info Security, November 26, 2021

According to a recent report, 92 ransomware attacks occurred at healthcare organizations in the past year, a 470% increase from 2019. In response to questions about improving the integrity of healthcare systems, Dan Bowden, Sentara Health CISO, explains why we’re lagging so far behind in healthcare security.

Listen to Dan Bowden’s interview..

Cybersecurity: Lessons Learned from Ransomware Attack with UVM Health

American Health Association, April 6, 2022

In this special Cybersecurity podcast we have the opportunity to talk to leaders of an AHA member hospital who was a victim of a major ransomware attack in the Fall of 2020. Dr. Stephen Leffler, President and Chief Operating Officer and Dr. Douglas Gentile, Chief Medical Information Officer, join us from the University of Vermont Medical Center in Burlington, Vermont. John previously interviewed them about lessons learned and best practices during the attack which they are willing to share on today’s podcast.

Listen to full AHA podcast.

Data breach at Georgia Health System

Info Security Magazine, August 11, 2021

A health system in Georgia has begun notifying patients of a six-month-long data breach that culminated in a ransomware attack.

Read full Info Security Magazine article.

Data of 1.2M patients stolen prior to third-party vendor ransomware attack

SC Magazine, July 9, 2021

Practicefirst Medical Management Solutions and PBS Medcode recently notified 1.2 million patients that their data was accessed and stolen from its network, ahead of a ransomware attack deployed on Dec. 25, 2020.

Read full SC Magazine article.

Dead System Admin’s Credentials Used for Ransomware Attack

Healthcare Info Security, January 28, 2021

Operators of the Nefilim ransomware used the credentials of a deceased system administrator to plant their crypto-locking malware in about 100 vulnerable systems during one attack, according to a recent report published by security firm Sophos.

Read full Healthcare Info Security article.

Delaware physician group latest spine practice to suffer ransomware attack

Becker’s ASC Review, May 31, 2022

Christiana Spine Center, a nine-physician group in Newark, Del., was hit by a ransomware attack that could have exposed patients’ protected health information.

Read full Becker’s ASC Review article.

Destructive Malware Used to Target Ukraine Poses Threat to Healthcare

Health IT Security, February 28, 2022

HermeticWiper and WhisperGate, destructive malware variants used to target Ukraine, pose an increased threat to healthcare.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint advisory to warn organizations about HermeticWiper and WhisperGate malware, two destructive malware variants that have been used to target organizations in Ukraine.

Read full Health IT Security article.

Diagnosing healthcare’s cyber hygiene problem

CBC Radio, November 12, 2021

According to a global survey of IT professionals from 328 healthcare organizations, 34 percent reported that they were hit by ransomware in 2020 — and most institutions in the sector remain ill-equipped to deal with similar attacks.

Read full CBC Radio article.

DOJ Seizes $500K From Maui Ransomware Following Healthcare Cyberattacks

Health IT Security, July 20, 2022

The US Department of Justice (DOJ) seized and forfeited approximately $500,000 from North Korean-backed Maui ransomware actors, who committed multiple healthcare cyberattacks, according to a DOJ press release.

Read full Health IT Security article.

Emerging Tech Shapes the Next Generation of Military Health Care

GOVERNMENT CIO MEDIA & RESEARCH, April 19, 2021

Automation and AI can support medical decision-making on the battlefield, but security remains crucial.

Read full Government CIO Media & Research article.

Employees cause more cyber breaches in healthcare than other industries, report finds

Healthcare Dive, May 24, 2022

Cybersecurity breaches in healthcare hit a high last year, compromising a record volume of patient data. External threats like ransomware continue to drive concerns in the industry, with stressors like chronically underfunded security measures, the potential for Russian cyberattacks and the rise of an “exceptionally aggressive” ransomware group in 2022.

Read full Healthcare Dive article.

Enterprise healthcare providers warned of Lorenz ransomware threat

SC Media, November 21, 2022

The Department of Health and Human Services Cybersecurity Coordination Center is warning larger, enterprise healthcare organizations of the potential threat posed by the Lorenz ransomware threat group.

Read full SC Media article.

Enterprise healthcare providers warned of Lorenz ransomware threat

SC Media, November 21, 2022

The Department of Health and Human Services Cybersecurity Coordination Center is warning larger, enterprise healthcare organizations of the potential threat posed by the Lorenz ransomware threat group.

The human-operated campaign is well-known for its big-game hunting of larger organizations and has claimed victims in both the healthcare and public health sectors.

Read full SC Media article.

Entity-Level Encryption: The Only Defense Against Ransomware

Forbes, June 23, 2021

Ransomware is one of the fastest-growing forms of cybercrime. It begins when ransomware criminals gain access to a company’s network and, like a virus, spread their malware, infecting all the company’s computers. From there, the malware encrypts all the company’s data, making the information unreadable, shutting down the business until a ransom is paid, often in the millions of dollars.

Read full Forbes article. 

Eskenazi Health remains on diversion days after ransomware attack

MSN , August 10, 2021

Eskenazi Health remains on diversion for patients coming by ambulance nearly a week after an attempted ransomware attack that led the hospital to shut down its entire computer network.

Read full MSN article.

Even More Patient Data May Have Been Stolen in 2021 Ransomware Attack: Scripps Health

NBC San Diego, March 24, 2022

Almost one year after a devastating ransomware attack on Scripps Health, patients have received a letter advising additional personal information may have been compromised.

Read full NBC San Diego article.

Evolving Ransomware Threats on Healthcare

Gov Info Security, August 22, 2022

With a constant need to do more with less, digital transformation is crucial to healthcare organizations’ ability to deal with issues like staffing shortfalls and the increased need for services while providing better patient outcomes.

Read full Gov Info Security article.

Experts warn that Hive ransomware gang can detect unpatched servers

Venture Beat, April 25, 2022

The Hive threat group has been targeting organizations across the finance, energy and healthcare sectors as part of coordinated ransomware attacks since June 2021.

During the attacks, the group exploits ProxyShell vulnerabilities in MSFT Exchange servers to remotely execute arbitrary commands and encrypt the data of companies with this unique ransomware strain.

Read full Venture Beat article.

Exploring Zero Trust Security in Healthcare, How It Protects Health Data

Health IT Security, October 22, 2021

A zero trust security model can help healthcare organizations safeguard their interconnected networks and devices while protecting sensitive health data.

Read full Health IT Security article.

Eye Care Leaders fallout grows: 543K Wolfe Clinic patients added to breach tally

SC Media, September 20, 2022

The Wolfe Clinic recently disclosed to the Department of Health and Human Services that the data of 542,776 of its patients was among the information accessed, deleted, and possibly taken during the ransomware attack on Eye Care Leaders in December.

Read full SC Media article.

Facing the Health Ransomware Threat

Facing the Health Ransomware Threat – Q&A with Kellyn Wagner Ramsdell

Kellyn Wagner Ramsdell is a Senior Cyber Threat Intelligence Analyst at MITRE. She began her career in local government combining intelligence analysis and incident response, often in response to ransomware attacks.

 

Why should health organizations be concerned about ransomware?

In the first five months of 2021, the Department of Health and Human Services (HHS) identified 48 ransomware infections impacted healthcare organizations in the United States. For healthcare victims of ransomware infections, Sophos states the average cost in 2020 often exceeded $1.27 million and continued long after the infection was resolved. Many healthcare victims of ransomware face long-term recovery costs, including costs to rebuild networks and lawsuits from patients.

Ransomware started impacting patient care in 2015 and healthcare remains a profitable sector for ransomware operators. As these groups professionalized, they have been further able to monetize attacks against healthcare providers. Since 2019, some ransomware operators have been stealing data before encrypting it, and then demanding a ransom to prevent the public release of that data. This double extortion tactic has proven to be especially damaging to healthcare organizations. As these groups continue to look at opportunities to monetize their operations, healthcare organizations will remain a prime target. Those interested in learning more about how the groups have evolved can read our latest resource, “The Evolution of Ransomware.”

How can organizations prepare for a ransomware attack?

Review the Ransomware Resource Center for key resources to help understand and prepare for potential threats. The best defense against ransomware is secure networks and systems. The Designing Defenses section of this site provides resources specific to ransomware defense.

The next steps are to build robust detections that allow defenders to identify adversary activity in their environment. Information on writing and implementing these detections is available on the Cyber Analytics Repository page.

Having a well-developed and well-exercised response plan is the best way to mitigate the impact of a ransomware attack. Many of the resources for building an incident response plan are available on the Incident Preparedness and Response page. For a plan to be useful in an attack, it needs to be exercised. Organizations can review guidance for tabletop exercises on the Cyber Tabletop Exercises page.

The steps above are just initial starting points for an organization looking to defend itself from ransomware. There are abundant resources on this site which provide guidance on many aspects of ransomware prevention and response.

How is MITRE helping defenders understand and protect against ransomware?

MITRE specializes in bringing together diverse perspectives to solve problems. In the case of ransomware, MITRE views it from the lens of responder, malware analysis, defensive cyber operations, cyber threat intelligence, risk management, and many others.

We’re applying these perspectives as we work to develop resources and solutions to tackle the ransomware challenge. Many of these resources are available in this Ransomware Resource Center.

MITRE also develops and maintains MITRE ATT&CK®, a knowledge base that describes cyber adversary behavior. Through the framework, MITRE has been tracking and publishing details on various ransomware groups and their common tactics, techniques, and procedures. Learning about specific adversary actions gives defenders concrete strategies to defend against and to disrupt ransomware operators.

Our latest resource ”The Evolution of Ransomware” outlines the history of ransomware and the threat it poses against health organizations.

 

Approved for Public Release; Distribution Unlimited. Public Release Case Number 21-3419
©2021 The MITRE Corporation. ALL RIGHTS RESERVED

FACT SHEET: Biden Administration Announces Further Actions to Protect U.S. Critical Infrastructure

White House, July 28, 2021

The Biden Administration continues to take steps to safeguard U.S. critical infrastructure from growing, persistent, and sophisticated cyber threats. Recent high-profile attacks on critical infrastructure around the world, including the ransomware attacks on the Colonial Pipeline and JBS Foods in the United States, demonstrate that significant cyber vulnerabilities exist across U.S. critical infrastructure, which is largely owned and operated by the private sector. As we have seen, the degradation, destruction, or malfunction of systems that control this infrastructure can have cascading physical consequences that could have a debilitating effect on national security, economic security, and the public health and safety of the American people.

Read full White House article. 

FACT SHEET: Ongoing Public U.S. Efforts to Counter Ransomware

The White House, October 13, 2021

This week the National Security Council is facilitating an international counter-ransomware event with over 30 partners to accelerate cooperation on improving network resilience, addressing the financial systems that make ransomware profitable, disrupting the ransomware ecosystem via law enforcement collaboration, and leveraging the tools of diplomacy to address safe harbors and improve partner capacity.

Read full White House Fact Sheet.

FBI and CISA warn: This ransomware is using RDP flaws to break into networks

ZD Net, July 1, 2022

Several US law enforcement agencies have shone a spotlight on MedusaLocker, one ransomware gang that got busy in the pandemic by hitting healthcare organizations.

Read full ZD Net article.

FBI IC3: Healthcare Sector Faced Most Ransomware Attacks Last Year

Health IT Security, March 24, 2022

The healthcare sector fell victim to ransomware far more than any other critical infrastructure sector last year, the FBI’s 2021 Internet Crime Report found.

Read full Health IT Security article.

FBI Identifies BlackCat/ALPHV Ransomware Indicators of Compromise

Health IT Security, May 2, 2022

The FBI issued a flash alert warning organizations of BlackCat/ALPHV ransomware, a group linked to the notorious Darkside/BlackMatter ransomware groups.

Read full Health IT Security article.

FBI Investigates Georgia Health System Ransomware Attack

Government Technology, June 24, 2021

Nearly a week after a ransomware attack was first detected at St. Joseph’s/ Candler, the Savannah, Ga., area’s largest health-care system is still not yet back to normal as officials work with the FBI on the incident.

Read full Government Technology article. 

FBI recommends action to protect vulnerable medical devices from cyberattacks

American Hospital Association, September 12, 2022

The FBI today released recommendations to help protect medical devices from cyberattacks that can threaten health care operations, patient safety, and data privacy and integrity, citing a growing number of unpatched medical device vulnerabilities.

Read full AHA article.

FBI releases alert about Hive ransomware after attack on hospital system in Ohio and West Virginia

MSN, August 27, 2021

FBI releases alert about Hive ransomware after attack on hospital system in Ohio and West Virginia.

Read full MSN article.

FBI says Conti ransomware gang has hit 16 U.S. health and emergency networks

SC Media, May 21, 2021

The Federal Bureau of Investigation said that the same group of online extortionists blamed for striking the Irish health system last week have also hit at least 16 U.S. medical and first response networks in the past year.

Read full SC Media article.

FBI says one ransomware group has hit 49 critical infrastructure entities

SC Media, December 3, 2021

The FBI is warning industry that one ransomware group has been behind the compromise of at least 49 critical infrastructure entities, spanning the government, financial, healthcare, manufacturing and information technology sectors.

Read full SC Media article.

FBI tells Congress ransomware payments shouldn’t be banned

CNN, July 28, 2021

Congress should not attempt to address the threat of ransomware by making ransom payments to cybercriminals illegal, a top FBI official told US lawmakers Tuesday.

Read full CNN article. 

FBI Warns Egregor Ransomware Actors Actively Extorting Entities

Cybersecurity News, Janury 7, 2021

A Wednesday FBI private industry notification warns entities that the threat actors behind Egregor ransomware are actively targeting and exploiting a range of global businesses.

Read full Cybersecurity News article.

FBI Warns Healthcare of Cuba Ransomware in Latest Flash Alert

Health IT Security, December 9, 2021

Cuba ransomware actors have compromised 49 entities in five critical infrastructure sectors including healthcare, a new FBI flash alert warned.

Read full Health IT Security article.

FBI warns ransomware assault threatens US health care system

AP News, October 29, 2020

Federal agencies warned that cybercriminals could unleash a wave of data-scrambling extortion attempts against the U.S. health care system, an effort that, if successful, could paralyze hospital information systems just as nationwide cases of COVID-19 are spiking.

Read full AP News article. 

FBI Warns That Cuba Ransomware Gang Made $44 Million After Compromising 49 Critical Infrastructure Entities in Five Sectors

CPO Magazine, December 17, 2021

The Federal Bureau of Investigation (FBI) warned that the Cuba ransomware gang earned more than $43.9 million in ransom after compromising at least 49 critical infrastructure entities.

Read full CPO Magazine article.

FBI, CISA Warn of North Korean Ransomware Threat Targeting Healthcare Organizations

HealthTech, July 26, 2022

Healthcare organizations can take steps to strengthen their security posture and mitigate the impacts of Maui ransomware attacks.

Read full HealthTech article.

FBI: Ransomware attacks are piling up the pressure on public services

ZD Net, April 1, 2022

Cyber criminals are targeting healthcare, emergency services and local government because they know people’s everyday lives rely on these critical services.

Read full ZD Net article.

FBI: These hackers are targeting healthcare records and IT systems with ‘Maui’ ransomware

ZD Net, July 7, 2022

The FBI has attributed recent Maui ransomware attacks on US healthcare organizations to a North Korean state-sponsored hacking group.

Read full ZD Net article.

FDA Updates Medical Device Cyber Response Playbook

Bank Info Security, November 15, 2022

Federal officials released updated guidance for preparing and responding to medical device cybersecurity incidents, including ransomware, as cyberattacks against the healthcare sector continue to surge.

Read full Bank Info Security article.

FDA Updates Medical Device Cyber Response Playbook

Gov Info Security, November 15, 2022

The new Food and Drug Administration’s Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook is a refresh of guidance released in 2018.

Read full Gov Info Security article.

FDA Warns of Apache Log4j Cybersecurity Vulnerabilities in Medical Devices

Campus Safety, December 21, 2021

The FDA encourages manufacturers to communicate with healthcare customers and follow recommendations provided by CISA.

Read full Campus Safety article.

Federal government still in the dark on ransomware

FCW, November 18, 2021

A top Department of Homeland Security (DHS) official said he was unable to provide a “definitive assessment” to lawmakers as to whether Russian-linked cyberattacks have decreased since President Joe Biden discussed ransomware with Russian President Vladimir Putin in a June summit meeting and during an hour-long phone call in July.

Read full FCW article.

Feds Alert Healthcare, Other Sectors of Growing Hive Threats

Gov Info Security, November 18, 2022

As of this month, Hive actors – who follow a Ransomware-as-a-Service model – have hit more than 1,300 companies worldwide, collecting about $100 million in ransom payments, says a Thursday joint alert from the Cybersecurity and Infrastructure Security Agency, the FBI and the Department of Health and Human Services.

Read full Gov Info Security article.

Feds Warn Health Sector of Ukraine-Russia Conflict Threats

Gov Info Security, March 1, 2022

HHS HC3: Beware of 3 Main Threat Groups, 2 Wiper Malware Variants

Federal authorities are warning that while they are unware of specific cyberthreats to the U.S. healthcare and public health sector related to Russia’s attack on Ukraine, entities in those sectors should stay proactive and vigilant to at least three main potential threat groups and two wiper malware variants.

Feds Warn Healthcare Over Cobalt Strike Infections

Gov Info Security, October 10, 2022

If every second hack seems to involve malicious use of penetration testing tool Cobalt Strike, it’s not just your imagination. Russian hackers deployed Cobalt Strike’s command-and-control function during their attack against SolarWinds’ network management software.

Read full Gov Info Security article.

Feds Warn Healthcare Sector of Web Application Attacks

Data Breach Today, July 22, 2022

Federal authorities are advising healthcare sector entities to batten down their patient portals and other common web applications from cyberattacks.

Read full Data Breach Today article.

Feds warn of ongoing Hive ransomware threat, ‘especially healthcare’

SC Media, November 17, 2022

A new joint alert details the spate of cyberattacks and data extortion efforts of the Hive ransomware group to support entities with identifying known IOCs and attack methods, with a particular focus on the health and public health sectors.

Read full SC Media article.

Fertility Clinic Hit with Ransomware

Info Security, February 17, 2022

A fertility clinic based in New York City is notifying patients that their personal data may have been compromised and possibly stolen during a recent cyber-attack.

Read full Info Security article.

FIN12 hits healthcare with quick and focused ransomware attacks

Bleeping Computer, October 7, 2021

While most ransomware actors spend time on the victim network looking for important data to steal, one group favors quick malware deployment against sensitive, high-value targets.

It can take less than two days for the FIN12 gang to execute on the target network a file-encrypting payload – most of the time Ryuk ransomware.

Read full Bleeping Computer article.

FIN12 Ransomware: Why It’s a Healthcare Threat, How to Prevent an Attack

Health IT Security, November 2, 2021

FIN12 is efficient, unpredictable, and unafraid of targeting the healthcare sector, Mandiant experts warn.

Read full Health IT Security article.

Florida Orthopaedic reaches $4M settlement over 2020 health data theft

SC Media, August 16, 2022

Florida Orthopaedic Institute reached a $4 million settlement with the 647,000 patients affected by a server hack and subsequent ransomware attack in 2020. The data theft incident was the fifth-largest healthcare data breach that year.

Read full SC Media article.

Fortified Health Security Releases 2022 Horizon Report

AP News, January 27, 2022

Report reflects on a year of recovery and relentless targeting while detailing cybersecurity challenges healthcare organizations will continue to face in 2022.

Rea full AP News article.

FortiGuard labs reports ransomware not slowing; continues to be relentless and more destructive

Engineering News, February 28, 2022

Sophistication, Speed, and Diversity of Attack Techniques Demonstrates Importance of Strengthening Entire Cyber Kill Chain.

Read full Engineering News article.

French hospital hit by $10M ransomware attack, sends patients elsewhere

Bleeping Computer, August 22, 2022

The Center Hospitalier Sud Francilien (CHSF), a 1000-bed hospital located 28km from the center of Paris, suffered a cyberattack on Sunday, which has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries.

Read full Bleeping Computer article.

From insider threats to system breaches: 7 health systems affected by data breaches in July

Becker’s Health It, July 21, 2022

Several health systems have reported data breach incidents that have compromised patient data and IT systems during July.

Read full Becker’s Health IT article.

Georgia St. Joseph’s/Candler health system shifts to downtime procedures amid ransomware attack

SC Media, June 22, 2021

A ransomware attack against Georgia-based St. Joseph’s/Candler on June 17 spurred network outages and forced clinicians into EHR downtime procedures. Five days later, the workforce is continuing to use paper records for patient appointments.

Read full SC Media article.

Global Healthcare Cyber Security Market Size, Share & Trends Analysis Report 2021-2028 – ResearchAndMarkets.com

Yahoo! Finance, December 13, 2021

The global healthcare cyber security market size is expected to reach USD 39.9 billion by 2028 and is expected to expand at a CAGR of 18.0% from 2021 to 2028.

Read full Yahoo! Finance article.

Growing Body of Data Shows High Healthcare Breach Risk

Health IT Security, August 1, 2022

It’s no secret that the healthcare industry has a cybersecurity crisis. Week after week, new headlines appear detailing new hacks, millions of dollars in ransoms, and PHI that’s been taken from secure servers and is now floating around the dark web. According to Kaiser Health News, over 20 million patients have had their data exposed in the first half of this year.

Read full Health IT Security article.

GuidePoint Research and Intelligence Team (GRIT) Releases New Ransomware Trends Report

Yahoo! Finance, July 21, 2022

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, today announced the release of GuidePoint Research and Intelligence Team’s (GRIT) quarterly ransomware report. This report is based on data obtained from publicly available resources, including threat groups themselves, and provides an accurate representation of the ransomware threat landscape. In the second quarter, GRIT tracked 30 ransomware groups and 581 publicly posted victims.

Read full Yahoo! Finance article.

H-ISAC Report Identifies Top Cyber Threats Concerning Healthcare Execs

Health IT Security, March 30, 2022

H-ISAC and Booz Allen Hamilton’s latest report identified ransomware, phishing, and third-party breaches as the top cyber threats concerning healthcare executives.

Read full Health IT Security article.

H-ISAC TLP White Threat Update: UPDATE: Joint Cybersecurity Advisory – Conti Ransomware

American Hospital Association, March 9, 2022

Health-ISAC is issuing a threat bulletin regarding ongoing and increased Conti Ransomware activity provided in an updated Joint Cybersecurity Advisory (AA21-265A) by the United States Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the United States Secret Service (USSS). Conti Ransomware affiliates remain active in which reported cyber attacks stemming from their ransomware-as-a-service (RaaS) operations against US and international organizations are increasing.

Read full AHA article.

H-ISAC warns actors abusing RTLO in phishing campaign against health care

SC Media, August 11, 2021

A recent Health Information Sharing and Analysis Center (H-ISAC) alert warns that threat actors are targeting the health care sector with phishing attacks that leverage legitimate right-to-left override (RTLO) Unicode to appear benign and evade detection.

Read full SC Media article.

Hacker group claims it breached a Missouri hospital system

Becker’s Health IT, July 1, 2022

A cybercriminal group is taking responsibility for an alleged ransomware attack on a Missouri hospital system, legal news website JDSupra reported June 30.

Read full Becker’s Health IT article.

Hacker group publishes stolen data from French hospital

Becker’s Health IT, September 27, 2022

One of the most active ransomware groups targeting the healthcare sector, LockBit, has published 12 gigabytes of patient and staff data from a 1,000-bed French hospital, Bank Info Security reported Sept. 26.  In August, Centre Hospitalier Sud Francilien underwent a cybersecurity attack that compromised Social Security numbers, lab reports and other health data from its systems.

Read full Becker’s Health IT article.

Hackers claim they stole Stanford Medicine data, posted info online: 4 things to know

Becker’s Health IT, April 5, 2021

Stanford University is investigating claims that hackers stole personal data from its medical school and published the information online.

Read full Becker’s Health IT article.

Hackers Demand $10 Million After Ransomware Attack on a French Hospital, Patients Referred To Other Facilities

CPO Magazine, August 31, 2022

French hospital Center Hospitalier Sud Francilien (CHSF) suffered a cyber attack that disrupted operations forcing the facility to postpone appointments and refer patients elsewhere.

Read full CPO Magazine.

Hackers Dump Australian Health Records Online After Insurer Refuses to Pay Ransom

MSN, November 9, 2022

Stolen health records for millions of Australians have been publicly released on the dark web following a threat by hackers 24 hours earlier to do precisely that. Last month, the unknown hackers demanded a ransom from Medibank, a private insurance provider in Australia, which the company refused to pay.

Read full MSN article.

Hackers Dump More Health Data, as Feds Share Ransomware Factsheet

Health IT Security, February 8, 2021

The Conti ransomware hacking group recently released two massive healthcare data dumps tied to Leon Medical Centers and Nocona General Hospital on the dark web for sale. The leaks follow a newly released National Cyber Investigative Joint Task Force (NCIJTF) ransomware factsheet.

Read full Health IT Security article.

Hackers leak French hospital patient data in ransom fight

Tech Xplore, September 26, 2022

Hackers who crippled a French hospital and stole a trove of data last month have released personal records of patients online, officials have confirmed.

The cyberattackers demanded a multimillion dollar ransom from the Corbeil-Essonnes hospital near Paris a month ago, but the institution refused to pay.

Read full Tech Xplore article.

Hacking group behind widespread ransomware attacks disappears online

The Washington Post, July 13, 2021

A cybercriminal group that took responsibility for a massive ransomware attack that affected hundreds of businesses this month has disappeared from sight online.

Read full The Washington Post article.

HC3 Alerts Healthcare Sector of Monkeypox-Themed Phishing Scheme

Health IT Security, September 22, 2022

The Health Sector Cybersecurity Coordination Center (HC3) warned the healthcare sector of a new monkeypox-themed phishing scheme targeting healthcare providers.

Threat actors are using the latest public health threat to convince users to click on a link.

The campaign has a subject line of “Data from (Victim Organization Abbreviation): “Important read about -Monkey Pox– (Victim Organization) (Reference Number)” and utilizes an “Important read about Monkey Pox” theme.

Read full Health IT Security article.

HC3 Details APT41 Cyberattack Tactics, Risks to Healthcare Cybersecurity

Health IT Security, September 26, 2022

Long-running Chinese state-sponsored threat group APT41 continues to pose a danger to healthcare cybersecurity, the HHS Health Sector Cybersecurity Coordination Center (HC3) suggested in a recent brief.

The group has been active since at least 2012. In the past decade, APT41 has repeatedly gone after healthcare and pharmaceutical organizations, along with a variety of other sectors across 14 countries.

Read full Health IT Security article.

HC3 Identifies Top 10 Ransomware Threat Actors in Q3 2021 for Healthcare

Health IT Security, October 20, 2021

HC3 identified the top 10 global and US threat actors in Q3 2021, including Conti, REvil/Sodinokibi, and Hive.

Read full Health IT Security article.

HC3 Warns Health Sector Against LockBit Ransomware Variant

Health IT Security, October 6, 2021

LockBit Ransomware launched in September 2019 and claimed responsibility for an August 2021 attack on Accenture.

Read full Health IT Security article.

HC3 Warns Healthcare Sector About Cybercriminal Syndicate Evil Corp

Healthcare Innovation, September 1, 2022

The Health Sector Cybersecurity Coordination Center recently released a threat profile on Evil Corp, a cybercriminal syndicate based out of Russia, that is considered a serious threat to the U.S. healthcare sector.

Read full Healthcare Innovation article.

HC3, H-ISAC Urge Healthcare Sector to Prepare for Russian Cyberattacks

Health IT Security, March 25, 2022

Echoing the President’s statements, HC3, H-ISAC, and other organizations have encouraged critical infrastructure entities to prepare for Russian cyberattacks.

Read full Health IT Security article.

HC3: Healthcare Adversaries Are Actively Leveraging Log4j Vulnerabilities

Cybersecurity News, January 24, 2022

HC3 issued a detailed brief regarding Log4j vulnerabilities, which are being actively exploited by known healthcare adversaries.

Read full Cybersecurity News article.

HC3: Ransomware Groups Leveraged Remote Access, Encryption Tools in Q1

Health IT Security, May 9, 2022

The Health Sector Cybersecurity Coordination Center (HC3) observed ransomware groups increasingly turning to legitimate tools such as Cobalt Strike and Mimikatz during ransomware intrusions in the first quarter of 2022.

Read full Health IT Security article.

Health care organizations funnel dollars into security as pandemic, medical developments drive surge in attacks

SC Media, April 1, 2021

Organizations move on plans to strengthen security policies, increase training, invest in technology.

Read full SC Media article.

Health Care Organizations Warned of Aggressive Ransomware Threat

National Law Review, April 28, 2022

Ransomware is the “business pandemic.” Warnings have been issued by multiple agencies around the world to alert businesses to increase their protection and awareness. Most recently, the Department of Health and Human Services (HHS) has issued a warning to health care organizations related to what it calls “an exceptionally aggressive” ransomware group known as Hive.

Read full National Law Review article.

Health care ransomware attacks: Oklahoma health system driven to EHR downtime

SC Media, June 16, 2021

Stillwater Medical Center was hit with a ransomware attack on June 13 and is currently operating under electronic health record downtime as it attempts to bring its systems back online. The health system operates a number of care sites, specialist offices, hospitals and clinics in Oklahoma.

Read full SC Media article. 

Health Care Ransomware Strains Have Hospitals in the Crosshairs

SECURITY INTELLIGENCE, April 23, 2021

The language of digital attacks shares a lot with the language of disease: ‘viruses’ ‘infect’ computers, and stopping their spread can be like trying to keep down a contagious disease.

Read full Security Intelligence article.

Health care sees largest data breach costs at $9.23M, while 76% fail to secure supply chain

SC Media, July 28, 2021

The average cost of a data breach in the health care sector tops $9.23 million, the highest of all 17 sectors analyzed for the IBM Security 2021 Cost of a Data Breach Report. Meanwhile, a new CynergisTek report shows 76% of providers are failing to secure their supply chains, one of the sector’s biggest blindspots.

Read full SC Media article.

Health care system faces ‘very real’ threat of ransomware attacks

News Center Maine, June 16, 2021

Criminals usually target hospitals for medical records, since they can sell for 200 to 500 dollars on the dark web compared to 14 dollars for financial records.

Read full News Center Maine article.

Health Cos. Must Prepare For Growing Ransomware Threat

Health Law Advisor, June 23, 2021

Ransomware attacks have become big business, and they are on the rise. And entities in the health care and life sciences space have become primary targets of opportunity for attackers.

Read full Health Law Advisor article. 

 

Health Ministry of Brazil Hit by Two Ransomware Attacks in One Week; Vaccination Data Stolen & Taken Offline

CPO Magazine, December 21, 2021

While it is far from uncommon for an organization to announce that it has been hit by a ransomware attack, two in one week is an unusual event. Brazil’s Health Ministry is looking at extended downtime for the system that processes Covid-19 vaccination data as it attempts to recover from this exact situation, dealing with two major attacks that came just four days apart.

Read full CPO Magazine article.

Health sector deals with ransomware, data breaches as COVID cases rise

SC MEDIA, August 20, 2021

Ransomware actors are having a productive week with several ongoing outages in the health care sector, including Memorial Health System and Eskenazi Health. What’s worse, the pervasive threat is continuing to disrupt the health sector, as it continues to battle another COVID-19 wave.

Read full SC Media article.

Health Sector Suffered 337 Healthcare Data Breaches in First Half of Year

Health IT Security, July 19, 2022

Fortified Health Security’s mid-year report on the state of healthcare cybersecurity observed slight shifts in healthcare data breach trends in the first half of 2022. The HHS Office for Civil Rights data breach portal showed that there have been 337 healthcare data breaches impacting more than 500 individuals each in the first half of this year, signifying a slight decrease from 368 at this time last year.

Read full Health IT Security article.

Health systems want government help fighting off the hackers

Yahoo! News, June 22, 2022

Cyberattacks on health systems mushroomed during the pandemic — and 2022 could be their worst year yet.

Read full Yahoo! News article.

Health-ISAC calls for ‘intelligence-led’ security, as actors continue to target healthcare

SC Media, March 24, 2022

Healthcare security leaders must adopt better communication tactics for obtaining financial investments and building cyber resilience through an “intelligence-led information security program,” using threat intel to impart risks to the board, such as the new cyber threat report from Health-ISAC, according to its chief security officer.

Read full SC Media article.

Healthcare can’t ignore ransomware’s impact on care quality, patient morbidity

SC Media, December 8, 2021

Recent lawsuits and media coverage have hyped the correlation between patient mortality and ransomware or cyberattacks. The sensationalized headlines serve to induce awareness, but are missing the point, explained Saif Abed, M.D., director of cybersecurity advisory services for AbedGraham Group during the opening keynote of the SCHealth eConference.

Read full SC Media article.

Healthcare Companies Seek to Manage Risk of Ransomware Attacks, According to Report

National Law Review, February 15, 2022

Healthcare companies continue to face increased risks of ransomware attacks on their operations. According to the recently released BD Cybersecurity Annual Report for 2021, such attacks are also increasingly sophisticated. Management can take important steps to minimize the risks of this form of cybercrime.

Read full National Law Review article.

Healthcare cyberattacks led to worse patient care, increased mortality, study finds

Healthcare Dive, September 8, 2022

More than 20% of the healthcare organizations recently surveyed by the Ponemon Institute reported increased patient mortality rates after experiencing a cyberattack, according to a study out Thursday from the research group and Proofpoint, a cybersecurity compliance company.

Read full Healthcare Dive article.

Healthcare Cyberattacks, Vendor Mishaps Result in PHI Exposure

Health IT Security, January 19, 2022

Third-party vendor errors and healthcare cyberattacks continue to jeopardize patient privacy and cause PHI exposure.

Whether PHI exposure results from healthcare cyberattacks, employee errors, or vendor mistakes, the consequences of a healthcare data breach can be detrimental to patient privacy and security.

Read full Health IT Security article.

Healthcare cybersecurity investment critical to national security, says CISA official

SC Media, March 10, 2022

Securing the healthcare sector is a crucial part of national security. Particularly as the spread of COVID-19 wanes and is replaced by heightened geopolitical tensions, advocating for and investing in critical cybersecurity defenses will protect patients, and the country, from harm.

Read full SC Media article.

Healthcare Data Breach at GA Cardiology Practice Impacts 71K

Health IT Security, October 27, 2022

On August 15, Ascension St. Vincent’s Coastal Cardiology in Brunswick, Georgia, was alerted to a healthcare data breach involving “recently acquired Ascension St. Vincent’s Coastal Cardiology’s legacy systems including the electronic medical record.”

“No Ascension networks or systems, including the practice’s current electronic medical record, were affected by this incident,” the announcement noted.

Read full Health IT Security article.

Healthcare Data Breach Lawsuits On the Rise, Report Shows

Health IT Security, April 11, 2022

As healthcare data breaches continue to impact small and large organizations across the country, accompanying data breach lawsuits are becoming increasingly common. Law firm BakerHostetler’s latest data security incident report showed an increase in duplicative lawsuits, often resulting in steep defense and settlement costs.

Read full Health IT Security article.

Healthcare Data Breach Lawsuits On the Rise, Report Shows

Health IT Security, April 11, 2022

BakerHostetler saw an uptick in data breach lawsuits in the weeks following incident notification, especially against healthcare organizations.

Read full Health IT Security article.

Healthcare Data Breaches Continue as New Year Begins

Health IT Security, January 6, 2022

As a new year begins, threat actors are continuing to overwhelm providers and patients with healthcare data breaches. Some experts predict that ransomware actors will favor data exfiltration over encryption this year and that they will shift their focus to APIs and other attack vectors in order to throw off victims.

Read full Health IT Security article.

Healthcare data breaches cost an average of $10.1M, more than any other industry

SC Media, July 29, 2022

With an average of $10.1 million, a data breach in the healthcare sector costs more than any other industry. In fact, the industry has faced the highest average cost of a breach for the last 12 years, according to the annual IBM Cost of a Data Breach Report.

Read full SC Media article.

Healthcare Data Breaches Impact 147k Illinoisans

Info Security, February 16, 2022

The protected health information (PHI) of nearly 150,000 residents of Illinois may have been exposed in data breaches at two separate healthcare organizations.

South Shore Hospital (SSH) in Chicago and the Family Christian Health Center (FCHC) in Harvey, Illinois, have begun notifying Illinoisans that the security of their data may have been compromised.

Read full Info Security article.

Healthcare faces COVID-induced triple threat as cyber awareness peaks

SC Media, October 27, 2021

A shift has occurred in the healthcare sector over the course of the COVID-19 pandemic, pressing the limits of what providers can accomplish under the most overwhelming circumstances, and not just in terms of patient care.

Read full SC Media article.

Healthcare fintechs targeted by cyber criminals

Healthcare Dive, September 8, 2022

Companies that process payments for physician groups, hospitals and other healthcare providers are more vulnerable to hacks, information system breaches and ransom demands than their peers in other segments of the industry, cybersecurity professionals warn.

Read full Healthcare Dive article.

Healthcare Organizations Bear the Brunt of Cyberattacks Amid Pandemic

DARK READING, January 6, 2021

Hospitals and other healthcare organizations bore the brunt of cyberattacks last year, all the while struggling to cope with the challenges posed by the COVID-19 pandemic.

According to a new report this week from Check Point Software, attacks on healthcare entities worldwide jumped 45% in the past two months as attackers tried to take advantage of the pandemic by disrupting operations and extorting ransoms from organizations under tremendous pressure to provide uninterrupted services.

Read full Dark Reading article.

Healthcare organizations now must report cyberattacks to DHS

Becker’s Health IT, March 17, 2022

Healthcare organizations will be required to report any cyberattacks to the Department of Homeland Security, under a law signed March 15 by President Joe Biden, Bloomberg reported March 16.

Read full Becker’s Health IT article.

Healthcare Organizations: Moving to High Alert for Ransomware

CSO ONLINE, April 13, 2021

Numerous healthcare facilities were attacked in the last year, including one incident in Germany that lead to a death when ransomware locked systems and a patient needing critical care was turned away.

Read full CSO Online article.

Healthcare orgs in California, Arizona send out breach letters for nearly 150 000 after SSNs accessed during ransomware attacks

ZD Net, September 10, 2021

LifeLong Medical Care and Queen Creek Medical Center were both hit with ransomware attacks over the past year.

Read full ZD Net article.

Healthcare Ransomware Attack at Indiana ENT Office Impacts 45K

Health IT Security, August 26, 2021

Indiana-based CarePointe ENT suffered a healthcare ransomware attack that may have exposed the PII and PHI of over 48,000 individuals.

Read full Health IT Security article.

Healthcare Ransomware Attack in CA Involves PHI of 57K

Health IT Security, September 7, 2021

San Andreas Regional Center in California experienced a healthcare ransomware attack that may have exposed the PHI of over 57,000 individuals.

Read full Health IT Security article.

Healthcare Ransomware Attack Leads to EHR Downtime in IN

Health IT Security, August 26, 2021

A healthcare ransomware attack in Indiana resulted in EHR downtime and potential exposure of patient and employee PII after bad actors released data online.

Read full Health IT Security article.

Healthcare Ransomware Attack Targets Practice Management Vendor

Health IT Security, July 05, 2021

Practice management vendor Practicefirst announced a 2020 healthcare ransomware attack that may have exposed patient and employee PII.

Healthcare ransomware attacks are increasing – how to prepare

Venture Beat, September 6, 2022

Sophos’ recent study, “The State of Ransomware in Healthcare 2022,” finds a 69% jump in the volume of cyberattacks and a 67% increase in their complexity just this year.

Read full Venture Beat article.

Healthcare ransomware attacks are increasing – how to prepare

Venture Beat, September 6, 2022

Cybercriminals are becoming skilled at using legitimate tools to launch more severe, weaponized ransomware attacks on healthcare providers. In addition, they’re avoiding detection by relying on Living off the Land (LotL) techniques that turn attacks into a prolonged digital pandemic.

Read full Venture Beat article.

Healthcare ransomware: Proactive risk management is a ‘business opportunity’

SC Media, February 25, 2022

Healthcare has always been a prime target for ransomware actors given its penchant for paying hackers’ demands to maintain care operations. Put simply, when patient care is on the line, waiting for rescue and resuming business makes it difficult for any disruptions to IT systems.

Read full SC Media article.

Healthcare sector saw largest increase in IoT malware attacks in 2021

SC Media, February 17, 2022

The healthcare sector saw the largest increase in target IoT malware attacks in 2021, according to the latest annual SonicWall Cyber Threat Report. Compiled from data collected from 1.1 million global sources, researchers saw a 71% increase in IoT malware against healthcare clients.

Read full SC Media article.

Healthcare’s Data Extortion Problem, and How to Prepare for Ransomware

HEALTH IT SECURITY, April 12, 2021

Data extortion attempts are now occurring in at least 70 percent of all ransomware attacks. How can healthcare providers best combat these pervasive tactics?

Read full Health IT Security article.

HHS 405(d) Urges Healthcare Sector to Prioritize Log4j Vulnerability

Health IT Security, December 22, 2021

The Log4j vulnerability poses a serious threat to the healthcare sector, and most legacy systems cannot be patched.

Read full Health IT Security article.

HHS alerts health care sector to biomanufacturing malware threat

American Hospital Association, November 30, 2021

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) last week advised biotechnology companies specifically and the health care and public health sector generally to review a new report on a malware threat aggressively spreading through the biomanufacturing industry and take appropriation action to protect their information infrastructure. According to HC3, the malware is used to deliver ransomware, “possibly as a diversion for the actual purpose of the attack — intellectual property theft.

Read full AHA article.

HHS cybersecurity center warns of new ransomware threat

Healthcare Dive, November 14, 2022

The HHS’ Health Sector Cybersecurity Coordination Center is cautioning the healthcare industry that Venus ransomware operators are targeting remote desktop services to encrypt Windows devices. At least one health organization in the United States has been a victim, according to the cybersecurity center, also known as HC3.

Read full Healthcare Dive article.

HHS HC3 Warns of Vishing, Other Social Engineering Scams

Gov Info Security, August 22, 2022

Social engineering poses significant data security threats to healthcare and public sector entities, federal authorities warn, urging entities to take steps to avoid falling victim.

Read full Gov Info Security article.

HHS IDs 5 most prolific cybergangs targeting healthcare

Becker’s Health IT, May 10, 2022

The majority of ransomware attacks on the healthcare and public health sector in the first quarter of 2022 were conducted by five ransomware-as-a-service groups, according to a May 5 HHS trend report.

Read full Becker’s Health IT article.

HHS Issues Briefing for Health Sector Regarding Russia-Ukraine Cyber Conflict

HIMSS, March 4, 2022

The U.S. Department of Health & Human Services has issued a Health Sector Cybersecurity Coordination Center (HC3) analyst note regarding the Russia-Ukraine cyber conflict and potential threats to the U.S health sector.

Read full HIMSS article.

HHS Issues Threat Warning to US Healthcare Sector

Info Security Magazine, March 3, 2022

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to the US health sector over the possibility of collateral cyber-attacks linked to Russia’s invasion of Ukraine.

In a notice issued Tuesday, HC3 said that the conflict had “as expected, spilled over into cyber space,” and identified three potential threat groups which could possibly target American healthcare organizations.

Read full Info Security Magazine article.

HHS outlines threats to electronic health and medical records, remediation guidance

SC Media, February 18, 2022

The Department of Health and Human Services Cybersecurity Coordination Center (HC3) released new guidance outlining the biggest threats to the electronic medical record (EMR) and electronic health record (EHR) systems and best practice mitigation.

Read full SC Media article.

HHS outlines threats to electronic health and medical records, remediation guidance

SC Media, February 18, 2022

The Department of Health and Human Services Cybersecurity Coordination Center (HC3) released new guidance outlining the biggest threats to the electronic medical record (EMR) and electronic health record (EHR) systems and best practice mitigation.

Read full SC Media article.

HHS shares Log4j remediation guide, urges healthcare to assume compromise

SC Media, January 21, 2022

The Department of Health and Human Services Cybersecurity Coordination Center (HC3) issued a nearly 50-page guide on the threat and potential impact of the Log4j vulnerability found in the Apache Foundation logging tool.

Read full SC Media article.

HHS Shares Resources for Avoiding Ransomware Attacks

ACR, June 16, 2021

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is encouraging organizations to familiarize themselves with the growing threat of ransomware — malicious software that blocks access to a computer system until an amount of money (ransom) is paid — and to take steps to avoid the threat. HHS recently provided links to online government resources to help healthcare facilities protect their computer systems from the ransomware threat, including:

Read full list of resources on acr.org.

HHS to providers: Learn from mistakes made in cyberattack that shut down Ireland health system

SC Magazine, February 4, 2022

The Department of Health and Human Services urges healthcare provider organizations to review key mistakes made by the Ireland Health Service Executive prior to, during, and in response to its months-long network outage brought on by systems hack in mid 2021.

Read full SC Magazine article.

HHS Underscores Risk of Hive Ransomware

Health IT Security, April 20, 2022

HHS’s Health Sector Cybersecurity Coordination Center (HC3) issued an analyst note regarding Hive ransomware group, the notorious cybercrime group responsible for multiple attacks against the healthcare sector.

Read full Health IT Security article.

HHS Warns Health Sector About LockBit 2.0 Threats – Again

Gov Info Security, February 9, 2022

Federal authorities are again warning healthcare and public health sector entities about potential threats posed by the ransomware-as-a-service group LockBit 2.0, despite the cybercrime gang’s claim that it does not target healthcare organizations.

Read full Gov Info Security article.

HHS Warns Healthcare Sector About LockBit 2.0 Threats

Gov Info Security, October 7, 2021

Ransomware Variant Updated; Group Claimed Credit for Accenture Attack.

Federal regulators are warning healthcare and public health sector organizations of potential attacks by the ransomware group LockBit 2.0 and its affiliates.

Read full Gov Info Security article.

HHS Warns of Threats to Electronic Health Records

Gov Info Security, February 18, 2022

Healthcare entities should implement a more “proactive preparedness” approach for protecting their electronic health record/electronic medical record systems, which are an increasingly attractive target for cyberattacks and other breaches, federal regulators warn.

Read full Gov Info Security article.

HHS, FBI, CISA Warn Healthcare of Ongoing Hive Ransomware Threats

Health IT Security, November 18, 2022

HHS, the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory about Hive ransomware actors. The ransomware actors have been repeatedly targeting critical infrastructure, especially the healthcare sector since they were first observed in June 2021.

Read full Health IT Security article.

HHS: Amid Russian threat, hospitals need 4-6 week business continuity plan

SC Media, March 21, 2022

Echoing recent healthcare industry stakeholder groups, the Department of Health and Human Services is urging provider organizations to review and bolster defenses to guard against possible fallout from the Russian invasion of Ukraine. As a general rule, business continuity plans should cover between four to six weeks of continuity in the wake of an attack.

Read full SC Media article.

HHS: Health Sector Should Prepare for Russia-Ukraine Threats

Gov Info Security, March 18, 2022

Federal authorities are advising healthcare sector entities to take precautions, including enhancing their cybersecurity posture and being prepared to implement four- to six-week business continuity plans, as they continue to face potential cyber incidents related to the Russia-Ukraine war.

Read full Gov Info Security article.

HHS: HIPAA can ‘substantially mitigate’ most common healthcare cyberattacks

SC Media, March 17, 2022

The bulk of cyberattacks against the healthcare sector could be “prevented or substantially mitigated” by following the Health Insurance Portability and Accountability Act Security Rule, according to the Department of Health and Human Services Office for Civil Rights.

Read full SC Media article.

HHS: Ransomware groups will continue focus on healthcare, leveraging legacy tech

SC Media, October 15, 2021

The latest Department of Health and Human Services Cybersecurity Coordination Center alert pointed to healthcare delivery organizations as a key target of ransomware attacks, often due to its heavy reliance on outdated and legacy technologies, as well as limited security resources.

Read full SC Media article.

Highmark Health, WellDyneRx, Others Report Healthcare Data Breaches

Health IT Security, July 13, 2022

WellDyneRx, Highmark Health, Carolina Behavioral Health Alliance, and two others disclosed healthcare data breaches recently.

Read full Health IT Security article.

HIMSS21: Your healthcare organization is crippled by ransomware. Should you pay the attackers?

Fierce Healthcare, August 10, 2021

Cyberattacks have ramped up in recent years, and there’s now a strong chance that any given health organization will, at some point, be hit with ransomware.

Read full Fierce Healthcare article.

HIPAA Violations On the Rise as Ransomeware Attacks Increase

Endocrinology Advisor, July 29, 2022

Cybercrime continues to increase, with a sharp rise in the number of attacks involving ransomware, according to the Verizon 2022 Data Breach Investigation Report (DBIR).

Read full Endocrinology Advisor article.

Hive Ransomware Racks up $100 Million in Ransom Payments, Over 1,300 Companies Victimized

CPO Magazine, November 22, 2022

Hive ransomware, one of the biggest ransomware-as-a-service (RaaS) strains circulating since 2021, has at this point brought in $100 million in ransom payments according to a new alert released by the Cybersecurity and Infrastructure Security Agency (CISA). The total victim count is at least 1,300 organizations, and the group is notorious for spitefully dumping other types of ransomware on target systems when they refuse to make payment.

Read full CPO Magazine article.

Holiday, Weekend Ransomware Attacks Pose Threats to Healthcare Cybersecurity

Health IT Security, November 17, 2022

Although security professionals may take holidays and weekends off, threat actors do not. New research from Cybereason found that holiday and weekend ransomware attacks resulted in greater revenue losses and lengthier recovery times for victim organizations.

Read full Health IT Security article.

Homeland Security Secretary Backs Call for Mandatory Disclosure of Ransomware Payments

NEXTGOV, April 29, 2021

DHS Secretary Alejandro Mayorkas said the department will work with a task force developed by the private sector on ways to tamp down the increase in ransomware attacks.

Read full NextGov article.

 

Hospital Ransomware Attacks Go Beyond Health Care Data

Security Intelligence, November 24, 2021

The health care industry has been on the front lines a lot lately. Along with helping control the effects of COVID-19, it has been a prime target for ransomware. In a 2021 survey conducted of 597 health delivery organizations (HDOs), 42% had faced two ransomware attacks in the past couple of years. Over a third (36%) attributed those ransomware incidents to a third party, such as what happened earlier this year with Kaseya. The effects go beyond stolen health care data, although that is important, too. What does it mean when a health care organization faces an attack? And what can they do to protect themselves?

Read full Security Intelligence article.

Hospital, Health Department Still Recovering From Attacks

Gov Info Security, February 7, 2022

What Steps Can Other Entities Take to Lessen Post-Attack Restoration Pain?

Read full Gov Info Security article.

Hospital: Patient information may have been stolen in St. Joseph’s/Candler ransomware attack

MSN, August 11, 2021

Leaders with St. Joseph’s/Candler said some employee and patient information may have been taken during June’s ransomware attack.

Read full MSN article.

How Can Congress Aid Healthcare Cybersecurity, Fight Ransomware?

Health IT Security, July 22, 2021

Witnesses testified before Congress this week, noting that the healthcare sector needs help battling cyberattacks and ransomware.

Read full Health IT Security articles.

How hackers used ransomware to undermine healthcare everywhere

Security Magazine, July 30, 2021

As COVID-19 ravaged hospitals’ patient care units last year, opportunistic criminals saw an opportunity to pluck low-hanging fruit: Hacking groups decided to breach and ransom healthcare institutions during a time of global crisis.

Read full Security Magazine article.

How Health Facilities Can Prevent, Mitigate Ransomware in 2021

Health IT Security, August 13, 2021

Ransomware is continuing to impact the healthcare industry, which has seen a rise in cyber-attacks since the start of the pandemic.

Read full Health IT article.

How Healthcare Cyberattacks Can Impact Patient Safety, Care Delivery

Health IT Security, September 8, 2022

Along with documented financial losses and reputational harm, healthcare cyberattacks have been known to endanger patient safety and adversely impact care delivery.

Read Health IT Security article.

How Kelsey-Seybold Clinic recovered from a ransomware attack

Healthcare IT News, June 23, 2021

The provider’s CISO and CTO offers some best practices for pulling through an attack – and describes how to bolster cyber defenses so it doesn’t happen again.

Read full Healthcare IT News article.

How precise email analysis reduces healthcare ransomware threats

FED Scoop, August 4, 2021

The healthcare industry has come under intensified attacks by malicious actors over the last year amid new opportunities to target institutions during the COVID-19 pandemic.

Read full FED Scoop article.

How Ransomware Is Affecting Healthcare

Q&A with Joanne Fitzpatrick

Joanne Fitzpatrick is a lead cybersecurity engineer in MITRE’s Cyber Solutions Innovation Center. She works closely with a range of government sponsors to increase their situational awareness and improve their resiliency to cyber attacks. She began her career at MITRE working on network architectures and security for Air Force systems.

 

Why are healthcare facilities such prime targets for ransomware attacks?

Hospitals and healthcare organizations, large and small, are at particular risk for ransomware. One study showed more than 500 attacks in 2020 alone, with major health systems in Texas, Minnesota, and Vermont recently coming under attack. Patient care and business systems, such as communications, billing, and electronic health records, are often disrupted, even to the point of re-routing patients to other facilities and cancelling surgeries.

Today, hospitals and healthcare centers are especially vulnerable because COVID has reduced ICU bed capacities, and medical professionals are serving COVID patients while managing existing caseloads. The pandemic has publicized the health systems’ struggles worldwide.

It’s worth noting that an adversary does not need to infiltrate an entire healthcare information system (HIS) to negatively impact an organization’s ability to deliver health services, a primary objective. They may choose to gain access to one subsystem, module, or critical file, such as the scheduling process for operating rooms. Upon gaining access, the adversary could encrypt it, prohibiting the organization from accessing or using the schedule. They would then complete the attack by demanding funds in return for the necessary software to decrypt/unlock the module or files.

Not all health organizations are equal. What do we know about how ransomware affects hospitals and health facilities in rural or underserved areas?

Great question. We tend to hear about large organizations in the media when an attack has happened. However, hospitals and health facilities in rural or underserved areas are just as vulnerable as larger, more urban organizations. Adversaries don’t adhere to rules, and don’t want to be predictable in their attack behavior. Impeding an organization from successfully providing their services to their local communities is simply a pathway to demand a ransom. Since they primarily want to extort money from an organization, they don’t really care about its size, location, or nature of their databases.

From the perspective of hospitals and health facilities in rural or underserved areas, however, their ability to protect themselves from a ransomware attack, or to be able to operate through such attacks, may be more limited than their larger counterparts because their IT infrastructure may be less mature and their resources may be more limited.

Are there considerations for organizations with small or underfunded IT/security staff?

There are two key considerations. First, such organizations typically have smaller IT and security departments, with a handful of talented people wearing many hats, and each responsible for several major operational IT areas. Staff tend to be experienced in the operations of their own organization, but often have little access to growth/training/professional development on cybersecurity issues, such as threats and attacks. Lack of time or budget is usually the reason. Additionally, there is little-to-no extra staff available to dedicate to specialty cyber topics, such as threat modeling or attack surface assessments. Second, we recognize that both small and large healthcare organizations may be targets for adversaries. Size does not matter. We’ve witnessed successful attacks at all types of health organizations. Adversaries may even exploit a smaller hospital as part of their attack navigation to exploit a larger, partnering organization.

For these reasons, we’ve build the Ransomware Resource Center to help all kinds of health organizations, whatever their size and wherever they are in their planning.

How can the Ransomware Resource Center help healthcare organizations?

We hope the Ransomware Resource Center will make two key contributions. It will inform hospitals and healthcare organizations about how to prepare, respond to, and recover from such an attack. It also will share freely with the broader community the unbiased guidance and best practices that MITRE cybersecurity and cyber resiliency professionals have provided for years to our many federal government sponsors.

What is unique about the security needs of healthcare providers, suppliers, and support organizations?

In general, their needs are similar to those of other types of business with regards to structure and process flows. However, expectations for healthcare systems are different from other sectors (such as banking or retail, for example) because human well-being and lives are at stake. Emergency rooms, maternity, and much else demands 24/7 functionality. In this way, the security needs of healthcare delivery are more like some of MITRE’s military sponsors where the safety of human life and local populations is paramount.

Where should you start if you work at a smaller organization, or don’t have the benefit of a fully-staffed information security team?

Many healthcare organizations choose to start with an assessment that asks and answers some key questions: What are our most important assets? What are the strengths and vulnerabilities of our current system? What are the roles and responsibilities around the organization if we come under attack?

MITRE has created numerous cyber tools that help organizations ask and answer these important questions. Three in particular, Cyber Tabletop Exercises, the Crown Jewels Analysis (CJA), and the Cyber Operations Rapid Assessment (CORA) are well-suited to healthcare organizations. We’ve used them extensively in helping many organizations understand where they are in facing cyber adversaries, and then pointing the way to their necessary and feasible next steps.

How can MITRE assist organizations seeking to become more resilient?

To learn more about MITRE and the ways we can work with you, contact us at HealthCyber@mitre.org. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.

How ransomware runs the underground economy

CSO, August 31, 2021

Ransomware gangs are adopting all the core elements of legitimate businesses—including defined staff roles, marketing plans, partner ecosystems, and even venture capital investments—and some hallmarks of more traditional criminal enterprises.

Read full CSO article.

How Rural Hospitals Can Tackle Healthcare Cybersecurity Risks

Health IT Security, September 28, 2022

Ransomware, phishing, and breaches are all top-of-mind concerns for healthcare cybersecurity leaders, regardless of organization size or location. But for small, rural hospitals, managing cyber risk can be an even more intimidating task.

Read full Health IT Security article.

How Security Training Can Combat the Threat of Ransomware

Health Tech, July 29, 2021

Preparedness, security tools and a recovery plan are key to helping healthcare organizations overcome cybersecurity attacks.

Read full Health Tech article.

How to Maintain Business Continuity in the Age of Ransomware

Cloud Security Alliance, July 20, 2022

It’s worth making the connection between ransomware and your overall business continuity strategy. Ransomware has been a scourge for years, but the attacks are only growing more sophisticated, capable of hitting multiple sites and bringing your entire organization to a halt.

Read full Cloud Security Alliance article.

HSCC Creates Operational Continuity Checklist For Navigating Cyberattacks

Health IT Security, May 2, 2022

The Healthcare and Public Health Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) released a checklist to help healthcare staff and executives preserve operational continuity while recovering from a serious cyberattack.

Read full Health IT Security article.

HSE ‘missed opportunities’ to detect malicious activity before ransomware attack

Yahoo! News, December 10, 2021

A report into the Health Service Executive (HSE) ransomware attack has found there were “several missed opportunities” to detect malicious activity.

An independent review, carried out by PricewaterhouseCoopers, found that the HSE failed to respond to several alerts after a phishing email was opened, weeks before the system was crippled by a ransomware attack.

Read full Yahoo! News article.

IBM Security: Cost of Data Breach Hitting All-Time Highs

Security Week, July 27, 2022

A study commissioned by IBM Security says the global average cost of a data breach reached an all-time high of $4.35 million and warned that the absence of zero trust principles at studied organizations are pushing those costs even higher.

Read full Security Week article.

Improving Cybersecurity to Protect Your Patients and Practice

Physician’s Weekly, October 21, 2021

Inadequate cybersecurity presents great risks to physicians, as healthcare is among the most targeted industries. Healthcare clinics and hospitals face cyberattacks almost daily. According to tech research company Comparitech, ransomware attacks rose a whopping 470% from 2019 to 2020, with more than 600 healthcare institutions and more than 18 million individual patient records falling victim to attacks. Hackers are particularly drawn to healthcare institutions due to their often archaic security software, as well as their tendency to under-prioritize cybersecurity.

Read full Physician’s Weekly article.

Increased Mortality Rates Linked to Cyber-Attacks Against Healthcare Organizations

Info Security, September 11, 2022

A recent report, which surveyed 641 healthcare IT and security practitioners, found that 89% of them experienced an average of 43 attacks in the past 12 months, with more than 20% suffering one of the following types of attacks: cloud compromise, ransomware, supply chain, and phishing.

Read full Info Security article.

Indiana health system diverts ambulances, reverts to paper records amid ransomware attack

Becker’s Health IT, October 6, 2021

Hackers are demanding ransom from Johnson Memorial Hospital as the Franklin, Ind.-based health system grapples with an ongoing cyberattack, according to an Oct. 5 WTHR 13 report.

The health system has reverted to using paper and pen after the ransomware attack took its computer systems offline.

Read full Becker’s Health IT article.

Indiana hospital suspends IT systems in response to ongoing cyberattack

SC Media, September 30, 2021

Late Wednesday night, Schneck Medical Center in Indiana was hit with a cyberattack that impacted operations, leading the security team to suspend access to all IT applications across the hospital network, according to a posting on the hospital’s website.

The latest posting shows the attack is causing intermittent issues with the phone systems. Meanwhile, patients are reporting access issues on the hospital’s social media page. The provider’s website remains online.

Read full SC Media article.

Infant Fatality Could Be First Recorded Ransomware Death

Info Security Magazine, October 1, 2021

A tragic case making its way through the courts in the US could prove to be the first recorded death due to ransomware.

Read full Info Security Magazine article.

Infusion Pump Vulnerabilities Point to Gaps in Medical Device Security

Health IT Security, August 27, 2021

McAfee researchers discovered significant gaps in medical device security that may allow hackers to administer deadly doses of medications through an infusion pump.

Read full Health IT Security article.

Inside the Battle Against Ransomware Attacks

NBC Washington, February 4, 2022

Survey results show less than half of respondents have ransomware incident response plan.

Read full NBC Washington article.

Insurers run from ransomware cover as losses mount

The Hindu, November 19, 2021

Faced with increased demand, major European and U.S. insurers and syndicates operating in the Lloyd’s of London market have been able to charge higher premium rates to cover ransoms.

Read full The Hindu article.

Intelligence Driven Exercises and Solutions (IDEAS): An uncomplicated approach for solving complicated problems

Q&A with Theresa Fersch

Theresa Fersch is a Principal Systems Engineer with 15 years of exercise design and development expertise.

 

What is IDEAS?

As part of our continued focus on solving problems for a safer world, MITRE recognizes that one of our nation’s greatest challenges is that threats and adversaries are constantly evolving. Technology advances by leaps and bounds, our adversaries are becoming faster and stronger, and disruptions are becoming even more disruptive. To stay ahead of the game, we must continuously be checking and refining our assumptions, methods, and strategies. Tabletop exercises are a form of serious games that have long been used by the Department of Defense (DOD), Department of Homeland Security (DHS), the Intelligence Community (IC), and other government agencies to sharpen their focus on a problem set and their understanding of the people, processes, and technologies associated with them. Based on our previous experience, MITRE experts have developed a methodology for implementing and scaling table top exercises we call Intelligence Driven Exercises and Solutions or IDEAS.

Why is MITRE unique?

Over the last 15 years, I have led a small team of diverse subject matter experts (SME) at MITRE in tackling some of our nation’s greatest challenges by compiling lessons learned and best practices in tabletop exercise development to create a scalable and tailored methodology that can be applied to any problem set or industry.

So how did we do this?

We began with traditional tabletop exercise and wargaming methodologies and enhanced them by applying systems engineering principles and making a few key changes. We have leveraged MITRE’s culture of speed and adaptability to identify areas within these tried-and-true methods that can be standardized, replicated, and repeated. Our collaborative focus has helped us learn that by cross-pollinating expertise or applying different types of expertise to the problem set, we can identify new threats or vulnerabilities, and therefore new solutions, that might not necessarily be explored by those who are deeply familiar with the problem. By encouraging participation from specific subject matter experts, IDEAS leads build high performance teams to uniquely tailor each exercise and ensure a high degree of relevance to the problem set being explored. Our exercises and solutions provide an environment wherein participants can safely and boldly explore dynamic problem sets in unique ways to bolster understanding, identify areas for improvement, develop actionable recommendations, and harvest lessons learned.

Applying to cyber in the healthcare sector

While IDEAS began as an exercise methodology for the intelligence community, MITRE has since applied this method to numerous industries and sectors. To date, we have developed and conducted exercises ranging across cybersecurity, healthcare, economics, transportation, intelligence, international relations, defense, supply chain, and emergency management.

Most recently, MITRE has been working with Health Delivery Organizations (HDOs) across the country to build and conduct exercises with a focus on stressing, improving, and validating responses to cyberattacks.

Cyberattacks can have devastating impacts not only from a business continuity perspective, but from a patient health and safety perspective as well. We work with HDOs to fully understand their ecosystems: the roles and responsibilities of key security and emergency response personnel involved, the processes, procedures, and plans currently in place, and their technical capabilities and systems. This vital information, combined with MITRE’s extensive expertise in cybersecurity, informs exercise development to produce exercises that are relevant, realistic, and effective at exercising an HDO’s response to cyberattacks.

We exercise concepts such as:

  • Ransomware
  • Extortion demands
  • Negative impacts on electronic health records (EHR), medical devices, and clinical operations
  • Interactions with pharmacies and other external partners
  • Disaster recovery
  • Business continuity during system downtime
  • Communications across the organization
  • Executive level decision making
  • Patient harm
  • Adverse publicity

It is our goal to ensure everyone who works with us is fully prepared to handle cyber attacks on their healthcare systems.

Interested in conducting table top exercises at your organization?

Learn more about how MITRE can help support your organization: https://healthcyber.mitre.org/blog/resources/cyber-tabletop-exercises/

Inventive Ransomware Group Focused On Healthcare Data

Cyber Security Intelligence, October 7, 2021

Ransomware groups have increased their attacks on hospitals and health service providers as Coronavirus pandemic persists and this is because of the sensitive information they carry, including information like social security numbers, financial and other personal data. A new ransomware gang called Vice Society claims it has obtained confidential patient data following an attack in August on California’s United Health Centers, which suffered a ransomware attack that disrupted several locations.

The stolen data includes insurance benefits, financial documents and laboratory test results and Vice Society has now begun leaking the stolen data.

Read full Cyber Security Intelligence article.

IoT Malware Attack Volume Up 123% in Healthcare

Health IT Security, July 28, 2022

SonicWall observed a 123% spike in IoT malware attack volume in healthcare, but a decrease in the number of organizations targeted.

Read full Health IT Security article.

Ireland HSE Cyberattack is a Cautionary Tale For US Healthcare Orgs

Health IT Security, February 7, 2022

HC3 urged US healthcare organizations to learn from the May 2021 Conti cyberattack attack against the Ireland HSE that led to a nationwide IT outage.

Read full Health IT Security article.

Irish Healthcare System Requires More Than $100 Million To Recover From the Conti Ransomware Attack

CPO Magazine, March 4, 2022

Irish Foreign Minister Simon Coveney described the incident as a “very serious attack.” Similarly, Irish Minister of State Ossian Smyth claimed it was “possibly the most significant cybercrime attack on the Irish State.”

Read full CPO Magazine article.

Is Your Healthcare Organization Following These Four Ransomware Best Practices?

Security Boulevard, August 24, 2021

Healthcare is the most targeted sector for data breaches and ransomware attacks were responsible for almost 50% of all healthcare data breaches in 2020, according to the US Department of Health and Human Services Cyber Security Program 2021 Forecast. While ransomware has been a favorite among attackers for years now, the rate continues to rise each year.

Read full Security Boulevard article.

Italian vaccination registration system down in apparent ransomware attack

NBC News, August 2, 2021

Hackers have attacked the vaccination registration system in one of Italy’s largest regions, temporarily blocking residents from booking new vaccination appointments, officials said.

Read full NBC News article.

Jackson Hospital Suffers Patient Data Exfiltration Incident

Health IT Security, February 23, 2022

Recent data breaches included data exfiltration at Florida-based Jackson Hospital and improper PHI access by an employee at Michigan Medicine.

Read full Health IT Security article.

Johns Hopkins CISO: Complexity of health care requires ‘adversarial security’ model

SC Media, October 4, 2021

High-profile ransomware attacks left health care in the spotlight in the last year as a vertical that struggles to manage its security posture amid dire circumstances. But Darren Lacey, chief information security officer and director of IT compliance for Johns Hopkins University and Johns Hopkins Medicine sees it a bit differently.

Read full SC Media article.

Kaiser Permanente Discloses Data Breach at WA Health Plan, 69K Impacted

Health IT Security, June 13, 2022

Kaiser Permanente notified 69,589 individuals of a data breach that occurred at the Kaiser Foundation Health Plan of Washington. According to a notice on its website, Kaiser Permanente discovered on April 5 that an unauthorized party had gained access to an employee’s emails.

Read full Health IT Security article.

Karakurt ransomware group targeting healthcare providers, HHS warns

SC Media, August 24, 2022

Provider organizations are being warned to be on the alert for cyberattacks levied by the Karakurt ransomware group after at least four cyberattacks by the threat actors against the healthcare sector in the last three months.

Read full SC Media article.

Kentucky Hospital Still Struggles One Week After Cyberattack

Health Info Security, January 26, 2022

A regional Kentucky hospital is the latest healthcare entity struggling to recover after a recent cyber incident brought down its phone systems, internet services, email and other systems.

Read full Health Info Security article.

Keystone Health breach exposed health details of 235k people

Cyber News, October 19, 2022

Pennsylvania-based healthcare service provider Keystone Health suffered a major data breach exposing the protected health information (PHI) of close to a quarter of a million people.

Read full Cyber News article.

Kronos Cyberattack Takes Down Healthcare Workforce Management Services

Health IT Security, December 16, 2021

HR management solutions provider Kronos was the target of a recent cyberattack that is now impacting healthcare workforce management and payroll services.

Read full Health IT Security article.

Law Enforcement Health Benefits Plan Ransomware Attack Impacts 85K

Health IT Security, March 31, 2022

Ransomware impacted 85K at Law Enforcement Health Benefits, and a California health plan is temporarily unavailable after detecting anomalous activity.

Read full Health IT Security article.

Lawmakers press Biden officials on cyber reporting, CISA’s future as threats from nations, ransomware evolve

SC Media, November 15, 2022

The future of the Cybersecurity and Infrastructure Security Agency, requests for a speedier implementation of new cyber incident reporting regulations, and a potential congressional authorization for the newly established Cyber Safety Review Board were all floated by members of the House Homeland Security Committee as they pressed Biden administration officials Tuesday on their cybersecurity plans for the coming year.

Read full SC Media article.

Lawmakers want to know how the health sector is fighting ransomware

SC Media, August 15, 2022

Sen. Angus King, I-Maine, and Rep. Mike Gallagher, R-Wis., are calling for an urgent meeting with the Department of Health and Human Services to operationalize collaboration throughout the healthcare sector to defend against the ongoing threat of ransomware attacks.

Read full SC Media article.

Lawsuit: Health System Failed to Heed Ransomware Warnings

Gov Info Security, September 15, 2021

A proposed class action lawsuit filed this week against St. Joseph’s/Candler Health System in the wake of a recent ransomware breach affecting 1.4 million individuals alleges that the Georgia-based healthcare entity was “reckless” and “negligent” in safeguarding patients’ information.

Read full Gov Info Security article.

Lawsuits allege death, morbidity from cyberattacks: Is this the next phase of medical malpractice?

SC Media, October 6, 2021

Last week, a headline caught mainstream media’s attention: a lawsuit claimed a ransomware attack led to the death of her newborn. A lawsuit filed in the same timeframe alleged a patient’s care was diminished due to network outages at a hospital’s vendor.

Read full SC Media article.

Lengthy Healthcare Cyberattack Recovery Disrupts MD Department of Health

Health IT Security, February 9, 2022

The Maryland Department of Health just entered month three of the healthcare cyberattack recovery process as data breaches continue to torment healthcare organizations.

Read full Health IT Security article.

Lessons Learned from Ireland’s Healthcare System Ransomware Attack

Security Boulevard, January 26, 2022

In May 2021 Ireland’s public healthcare system, the Health Services Executive (HSE), was hit with a ransomware attack that proved to be extremely costly and disrupted healthcare for months.

A detailed post-mortem of the attack, produced by consulting firm PriceWaterhouseCoopers, (PWC) runs to 150 pages. The report includes not only a description of what happened, but an analysis of mitigating factors and recommendations as well. There’s a lot that can be learned from this attack and from the PriceWaterhouseCoopers report.

Read full Security Boulevard article.

Listen: How ransomware put the health sector on notice

SC Media, September 8, 2021

Ransomware is not new in a sense that malware can encrypt files and do bad things, said Eric Decker, a chief information security officer in the health care industry. But around 2015 or 2016, he said organized crime began to leverage it as a tool in far more disruptive and destructive ways.

Read full SC Media article.

LockBit Remains Most Prolific Ransomware in Q3

Info Security Magazine, November 16, 2022

The infamous LockBit ransomware variant remained the most widespread in the third quarter of 2022, accounting for over a fifth (22%) of detections, according to a new report from Trellix.

Read full Info Security Magazine article.

Lorenz Ransomware

HHS, November 21, 2022

HC3: Analyst Note. Report: 202211211700
Lorenz Ransomware

Lorenz is human-operated ransomware that has been in operation for approximately two years. In that time, HC3 is aware of the compromise of healthcare and public sector targets. It is used to target larger organizations in what is called “big-game hunting”, and publishes data publicly as part of pressuring victims in the extortion process. Lorenz is known to target organizations globally using customized code, and can demand hundreds of thousands of dollars in ransoms.

Download HC3 Report as PDF.

Man Charged For Involvement in LockBit Ransomware Campaign

Health IT Security, November 15, 2022

Dual Russian and Canadian national Mikhail Vasiliev was charged for his alleged involvement in the global LockBit ransomware campaign, the Department of Justice (DOJ) announced. LockBit has been known to target healthcare in the past.

Read full Health IT Security article.

Man charged with taking part in ransomware campaign targeting healthcare

Becker’s Health IT, November 11, 2022

A dual national of Canada and Russia has been charged with being part of a ransomware gang that has targeted the healthcare industry.

Read full Becker’s Health IT article.

Many Cloud Attacks End in Financial Loss for Healthcare Sector

Health IT Security, November 15, 2022

Numerous cloud attacks are successfully exploiting the healthcare sector for financial gain, according to a newly released 2022 Cloud Security Report by cybersecurity vendor Netwrix.

Read full Health IT Security article.

Many Healthcare Orgs Suffer IT Outages After Ransomware Attacks

Health IT Security, October 18, 2022

A Trend Micro study found that 86 percent of surveyed healthcare organizations hit by ransomware attacks had experienced IT outages.

Read full Health IT Security article.

Maryland Health Department Confirms Attack Was Ransomware

Gov Info Security, January 13, 2022

Maryland officials have confirmed that a December cyberattack on the state’s health department, which is still disrupting some services that were taken offline during recovery, involved ransomware. Officials say the state has not paid a ransom and has activated its cyber insurance policy.

Read full Gov Info Security article.

Medibank refuses to pay ransom for hacked data affecting 9.7 million customers

SC Media, November 7, 2022

Medibank, Australia’s largest health insurer, announced Monday that it will not pay a ransom to the hacker behind the recent data theft affecting 9.7 million customers.

Read full SC Media article.

Medical Center Ransomware Attack Affects 700,000

Gov Info Security, June 14, 2022

An Arizona medical center that suffered a ransomware attack in April has begun notifying 700,000 individuals of a data breach compromising sensitive medical and personal information.

Read full Gov Info Security article.

Medtechs need to up their cybersecurity threat modeling game, FDA says

Medtech Dive, August 13, 2021

Medtech companies must design and develop devices that “have far more robust security built in” to keep pace with emerging cybersecurity threats and vulnerabilities, said Suzanne Schwartz, director of CDRH’s Office of Strategic Partnerships and Technology Innovation. To do that, Schwartz says medtechs need better threat models that lay out what hackers might do to target a device and how to protect it.

Read full Medtech Dive article.

Memorial Health Faces Lawsuit After Hive Ransomware Cyberattack

Health IT Security, January 26, 2022

Hive ransomware group claimed responsibility for an August 2021 cyberattack against Memorial Health System, and victims are now demanding answers.

Read full Health IT Security article.

Memorial Health System Confirms Data Breach

Info Security, January 21, 2022

A cyber-attack on an Ohio-based health system may have exposed the protected health information (PHI) of 216,478 patients.

Read full Info Security article.

MercyOne says it has begun restoring systems following ransomware attack

MSN, October 21, 2022

More than two weeks after a ransomware attack crippled its parent company, MercyOne health system is beginning to restore certain systems that were taken offline.

Read full MSN article.

Mespinoza, Pysa ransomware an ongoing threat to the healthcare sector, HHS warns

SC Media, January 7, 2022

A new Department of Health and Human Services Cybersecurity Program alert is reminding the healthcare sector of ongoing cyberattacks by the Mespinoza cybercriminal group, which has highly targeted the healthcare sector over the last two years with Pysa ransomware and other cyber threats.

Read full SC Media article.

Mespinoza, Pysa Ransomware Pose Threat to Healthcare Cybersecurity

Health IT Security, January 11, 2022

HC3 warned the sector of Mespinoza, a cybercriminal group that operates Pysa ransomware and has a history of targeting healthcare entities.

Read full Health IT Security article.

Mid-Size Orgs Continue to Be Targeted in Healthcare Cyberattacks

Health IT Security, December 2, 2021

Small to mid-size organizations and outpatient facilities continue to be targets for healthcare cyberattacks that often lead to PHI exposure.

Read full Health IT Security article.

Millions of Patients Receive Healthcare Data Breach Notifications

Health IT Security, November 24, 2021

Utah Imaging Associates began notifying nearly 600K of a healthcare data breach, and Eskenazi Health began notifying over 1.5 million individuals.

Read full Health IT Security article.

Minnesota clinic transitions to Allina Health’s EHR after ransomware attack

Becker’s Health IT, March 31, 2021

Apple Valley (Minn.) Clinic, part of Minneapolis-based Allina Health, recently transitioned to the health system’s EHR platform following a ransomware attack on its tech services vendor that exposed nearly 158,000 patients’ information.

Read full Becker’s Health IT article.

Minnesota’s Lake Region Healthcare Recovering From Ransomware Attack

IT Health Security, Janury 7, 2021

A ransomware attack struck Minnesota-based Lake Region Healthcare just before Christmas, resulting in some system disruptions; “activist” data leaks and two email hacks complete this week’s breach roundup.

Read full IT Health Security article.

Mon Health Reports Breach Soon After Phishing Incident

Gov Info Security, March 2, 2022

A West Virginia-based healthcare entity that reported a phishing breach in December affecting nearly 399,000 individuals this week reported a separate security incident that appears to have potentially involved ransomware.

Read full Gov Info Security article.

More Major Hacking Incidents Added to HHS Breach Tally

Data Breach Today, April 28, 2022

Five of the 10 largest health data breaches so far in 2022 – affecting millions of individuals – have been added to the federal tally in just the last month as the latest wave of major hacking/IT incidents being reported to regulators continues to grow.

Read full Data Breach Today article.

More than 90% of cyberattacks are made possible by human error

Tech Xplore, June 9, 2022

In a ransomware attack, a company’s computer systems are locked, and the attacker demands a ransom in cryptocurrency in return for unlocking the system. Malware infects a network of objects connected to the Internet of Things to steal the personal data of its users. Talking about cybersecurity is talking about technology. However, it is increasingly common to study cyber risk as part of an interdisciplinary approach. After all, threats are technological, but they also have to do with behavioral, social and ethical factors.

Read full Tech Xplore article.

Most organizations that paid a ransom were hit with a second ransomware attack

SC Media, June 8, 2022

Cybereason on Tuesday released a report that found some 80% of organizations that paid a ransom were hit by ransomware a second time — and 68% said the second attack came less than one month later and the threat actors demanded a higher ransom amount.

Read full SC Media article.

Most Patients Unaware of the Magnitude Healthcare Ransomware Attacks

Health IT Security, November 10, 2021

Half of potential patients said they would change hospitals if their provider was hit by a healthcare ransomware attack, but most are unaware of recent attacks.

Read full Health IT Security article.

N.L. health-care cyberattack is worst in Canadian history, says cybersecurity expert

CBC, November 4, 2021

‘It has real impacts on human life and safety’. One cybersecurity expert says the cyberattack on the Newfoundland and Labrador health-care system may be the worst in Canadian history, and has implications for national security.

Read full CBC article.

Navajo Nation hospital the latest victim of brutal wave of ransomware attacks

Yahoo.com, March 3, 2021

When Rehoboth McKinley Christian Health Care Services in Gallup, New Mexico, was hit with a cyberattack earlier this year, the hospital’s staff had to revert to pen and paper to keep things running.

Read full Navajo Nation hospital ransomware attack article on Yahoo.com.

New ‘BianLian’ Ransomware Variant on the Rise

Dark Reading, August 22, 2022

Novel ransomware was created with the Go open source programming language, demonstrating how malware authors increasingly are opting to employ the flexible coding language.

Read full Dark Reading article.

New Report Shows What Data Is Most at Risk to and Prized by Ransomware Attackers

IT Wire, July 3, 2022

A new report reveals how attackers think, what they value, and how they apply the most pressure on victims. The report released today by Rapid7 investigates the trend, pioneered by the Maze ransomware group, of double extortion, examining the contents of initial data disclosures intended to coerce victims to pay ransoms.

Read full IT Wire article.

New York ambulance service discloses data breach after ransomware attack

Bleeping Computer, September 17, 2022

Empress EMS (Emergency Medical Services), a New York-based emergency response and ambulance service provider, has disclosed a data breach that exposed customer information. According to the notification, the company suffered a ransomware attack on July 14, 2022.

Read full Bleeping Computer article.

NHS supplier continues to face IT challenges – The problem with government-run IT

Electro Pages, September 13, 2022

What was initially said to be a small problem has now clearly become a serious issue, and paperwork from healthcare professionals continues to pile up. What exactly happened to NHS services, why are they facing numerous issues, and does this raise concerns for government-related services?

Read full Electro Pages article.

NIST Updates Healthcare Cybersecurity, HIPAA Security Rule Guidance

Health IT Security, July 22, 2022

The National Institute of Standards and Technology (NIST) issued updated healthcare cybersecurity and HIPAA Security Rule guidance to aid organizations in safeguarding protected health information (PHI). NIST is seeking comments on the draft publication until September 21.

Read full Health IT Security article.

No end in sight to NHS ransomware attacks?

Digital Journal, September 26, 2022

It has been a few weeks since a major National Health Service (NHS) software supplier was hit with a ransomware attack, as The Guardian has reported. Parts of the health sector are dealing with the subsequent disorder caused, especially for medical paperwork and patient care. It is estimated, in a BBC News report, that it may take the service another 12 weeks to recover.

Read full Digital Journal article.

OneTouchPoint Discloses Data Breach Impacting Over 30 Healthcare Firms

Security Week, July 29, 2022

Mailing and printing services vendor OneTouchPoint has disclosed a data breach impacting more than 30 healthcare providers and health insurance carriers.

Read full Security Week article.

Ongoing ransomware, data theft, leaks pummel health care organizations

SC Media, September 28, 2021

Ransomware attacks and data theft are continuing to prove problematic for the health care sector, leading to a number of breach notices reported to the Department of Health and Human Services and dark web postings of stolen health information.

Read full SC Medial article.

Opinion: We at Scripps Health were victims of a ransomware attack. Here’s what we’ve learned.

The San Diego Union-Tribune, June 10, 2021

This past year, we’ve witnessed doctors, nurses and hospitals on the front lines of the COVID-19 pandemic performing heroically in the face of the most difficult circumstances seen in a century. Just as it seems hospitals and health-care systems may be rounding a corner on coronavirus, the cybersecurity threat has been covertly plaguing our hospital systems and critical care facilities.

Read full The San Diego Union-Tribune article. 

OSU Data Breach Impacts Veterans, More Ransomware Attacks

Health IT Security, June 24, 2021

Other recent healthcare data breaches include a ransomware attack in Mississippi and a breach at an Iowa eye clinic.

Read full Health IT Security article. 

Out-of-hours ransomware attacks have a greater impact on revenue

IT Pro, November 18, 2021

Seven in ten security pros called in to handle attacks were intoxicated, report finds.

Ransomware attacks at weekends and holidays are throwing victims into disarray, according to a study released by security company Cybereason.

Read full IT Pro article.

Outdated IoT healthcare devices pose major security threats

CSO, January 31, 2022

Ransomware has emerged to become the worst nightmare in healthcare and hospital devices running on outdated Windows versions or open-source software like Linux are the easy targets, according to research by Cynerio.

Read full CSO article.

Outdated IoT healthcare devices pose major security threats

CSO, January 31, 2022

Ransomware has emerged to become the worst nightmare in healthcare and hospital devices running on outdated Windows versions or open-source software like Linux are the easy targets, according to research by Cynerio.

Read full CSO article.

Outpatient Facilities Now Top Targets for Healthcare Data Breaches

Health IT Security, August 30, 2021

Cyber criminals are shifting their healthcare data breach targets away from hospitals and onto outpatient facilities and business associates, a new report shows.

Read full Health IT Security article.

Over 500,000 Patients Hit by Data Breaches at Healthcare Firms in Alabama, Colorado

Security Week, March 14, 2022

The most recent cyberattack – and most impactful – targeted South Denver Cardiology Associates and resulted in the data of more than 287,000 patients being exfiltrated.

The Colorado firm identified the attack on January 4 and later discovered that an unknown party had access to certain systems in its network between January 2 and January 5, 2022.

Read full Security Week article.

Pandemic Plus Ransomware Is ‘Perfect Storm’ for Healthcare

Gov Info Security, October 22, 2021

Disturbing findings from a recent study examining the impact of ransomware attacks on patient care must serve as a wake-up call for the healthcare sector to intensify its preparedness to deal with such incidents, say Larry Ponemon of research firm Ponemon Institute and Ed Gaudet of security risk management firm Censinet. The two companies conducted and sponsored the research.

Read full Gov Info Security article.

Partnership Health Plan of California IT Systems Still Down

Gov Info Security, March 30, 2022

An apparent ransomware attack and alleged data theft by the Hive cybercriminal group has left a California nonprofit managed care health plan provider struggling to recover its IT services for more than a week so far.

Read full Gov Info Security article.

Patients of a Vermont Hospital Are Left ‘in the Dark’ After a Cyberattack

NY Times, November 26, 2020

A wave of damaging attacks on hospitals upended the lives of patients with cancer and other ailments. “I have no idea what to do,” one said.

Cyberattacks on America’s health systems have become their own kind of pandemic over the past year as Russian cybercriminals have shut down clinical trials and treatment studies for the coronavirus vaccine and cut off hospitals’ access to patient records, demanding multimillion-dollar ransoms for their return.

Read full NY Times article.

Paying Ransomware Actors: ‘It’s a Business Decision’

Healthcare Info Security, June 22, 2022

Two to three times a month, Paul Furtado of Gartner gets called in to help somewhere in the world with an active ransomware incident.

Read full Healthcare Info Security article.

Paying the ransom is still the most common response to a ransomware attack

Real Wire, September 27, 2022

New research from Databarracks reveals 44% of organisations that suffered a ransomware attack, paid the ransom. 34% recovered from backups, while 22% used ransomware decryption tools.

Read full Real Wire article.

Phishing scheme targets unemployment insurance benefits and PII

Federal Trade Commission, August 4, 2021

Have you gotten an alarming text message about your unemployment insurance benefits from what seems to be your state workforce agency? You’re not alone. Identity thieves are targeting millions of people nationwide with scam phishing texts aimed at stealing personal information, unemployment benefits, or both.

Read full Federal Trade Commission article.

Practice Management Software Vendor Practicefirst Affected by Healthcare Ransomware Attack

Hemidal Security, July 7, 2021

New York-based Practicefirst Medical Management Solutions, a medical management company that processes data for health care providers, declared that a 2020 healthcare ransomware attack may have exposed personally identifiable information (PII) of patients and work staff.

 

PracticeMax Ransomware Attack Impacts 258K at FL Urgent Care Center

Health IT Security, August 1, 2022

Fast Track Urgent Care Center, which has a network of urgent care centers in Tampa Bay, Florida, began notifying 258,411 individuals of a 2021 ransomware attack that originated at its billing vendor, PracticeMax.

Read full Health IT Security article.

President Biden Signs into Law the Cyber Incident Reporting Act, Imposing Reporting Requirements for Cyber Incidents and Ransomware Payments

National Law Review, March 18, 2022

On March 15, 2022, President Biden signed into law the 2022 Consolidated Appropriations Act containing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the “Cyber Incident Reporting Act”).

Read full National Law Review article.

PwnedPiper threatens thousands of hospitals worldwide, patch your systems now

Tech Republic, August 2, 2021

Nine critical vulnerabilities in a popular hospital pneumatic tube software could give attackers control of infrastructure and allow them to launch additional attacks that cripple healthcare operations.

Read full Tech Republic article.

Q&A: How Infrastructure Upgrades Helped Sky Lakes Medical Center Survive a Ransomware Attack

Health Tech, October 13, 2021

The community hospital’s John Gaede, information services director, and Nick Fossen, technology systems manager, explain how a security partnership and infrastructure modernization prepared the healthcare organization for the future.

Read full Health Tech article.

Q&A: Mount Sinai’s Chris Frenz on Best Practices for Zero-Trust Implementation

Health Tech, September 9, 2021

Healthcare organizations should take the time to map out the assets and traffic within their environment when creating a new security framework.

Read full Health Tech article.

Quantum Ransomware Attack on Finance Company Impacts 657 Healthcare Organizations and Millions of Patients

CPO Magazine, July 18, 2022

Professional Finance Company Inc. (PFC), disclosed that it suffered a ransomware attack in February that affected over 600 healthcare organizations.

Read full CPO Magazine article.

RaaS, double extortion driving ransomware attacks, pushing up industrial cybercrime

Industrial Cyber, June 23, 2022

Tenable says that the advent of ransomware-as-a-service (RaaS) is one of the main reasons why ransomware has advanced from a fledgling threat into a force to be reckoned with. The service model has significantly lowered the barrier of entry, allowing cybercriminals who lack the technical skills to commoditize ransomware.

Read full Industrial Cyber article.

Ransomware actors steal data of 400K patients from LA Planned Parenthood

SC Media, December 2, 2021

Planned Parenthood Los Angeles filed a breach notice with the California Attorney General, notifying 400,000 patients that their data was exfiltrated during a weeklong hack launched by ransomware threat actors.

Read full SC Media article.

Ransomware and Phishing Remain IT’s Biggest Concerns

Dark Reading, June 17, 2022

Security teams — who are already fighting off malware challenges — are also facing renewed attacks on cloud assets and remote systems.

Read full Dark Reading article.

Ransomware and Targeted Attacks in the Healthcare Sector

Security Boulevard, September 23, 2021

A recent report published by SonicWall indicates that ransomware has increased by 151% in the first half of 2021, compared with the same time period in 2020. With a reported 304.7 million attempted ransomware attacks, and some of the major attacks reported so far in 2021, it’s clear that there are no signs of ransomware slowing down any time soon.

Read full Security Boulevard article.

Ransomware attack affects 750,000 Personal Touch patients, employees across U.S.

Becker’s Health IT, April 5, 2021

Personal Touch Holding Corp., the parent company of Personal Touch Home Care centers across the U.S., recently began notifying 753,107 patients and employees of a ransomware attack on its cloud-stored business records.

The data breach occurred between Jan. 20 and Jan. 27. On Jan. 27, Lake Success, N.Y.-based Personal Touch became aware of the cyberattack on the private cloud hosted by its service providers, a news release said.

Read full Becker’s Health IT article.

Ransomware attack alert! The tell-tale signals to look for

Computing, March 31, 2021

Patterns of unusual behaviour are the clearest signal of an attack, not programmes or files.

Read full Computing article.

Ransomware Attack at Lamoille Health Partners Impacts 59K

Health IT Security, August 19, 2022

Lamoille Health Partners disclosed a ransomware attack that impacted 59,381 individuals. According to a notice on its website, the Vermont-based organization discovered suspicious activity on June 13 and later discovered that an unauthorized party had locked some of its files.

Read full Health IT Security article.

Ransomware attack confirmed at MercyOne’s parent company, CommonSpirit Health

Yahoo!, October 14, 2022

One of the largest hospital chains in the country has confirmed a ransomware attack has caused hospital-wide outages across multiple health systems this month, including facilities in Iowa.

Read full Yahoo! article.

Ransomware attack exposed info of 210K MultiCare patients, providers, workers

Becker’s Hospital Review, March 9, 2021

More than 200,000 patients, providers and employees of Tacoma, Wash.-based MultiCare began receiving notice that their personal info had been exposed in a recent ransomware attack.

Read full Becker’s Hospital Review article.

Ransomware Attack Forces Indiana Hospital to Turn Ambulances Away

Yahoo News, August 5, 2021

Hackers are going after U.S. hospitals with a fresh wave of cyberattacks this week just as coronavirus cases surge around the country.

Read full Yahoo News article.

Ransomware attack halts services at Osaka hospital

The Asahi Shimbun, November 1, 2022

A major hospital here suspended routine medical services after a ransomware cyberattack shut down the facility’s electronic medical record system, officials said on Oct. 31.

Osaka General Medical Center in the city’s Sumiyoshi Ward is still performing emergency operations, but it has stopped providing outpatient services and postponed other surgeries, hospital officials said at a news conference.

Read full The Asahi Shimbun article.

Ransomware Attack Has Varying Impacts Across CommonSpirit Facilities

Health IT Security, October 24, 2022

CommonSpirit Health is still in the process of responding to and recovering from a cyberattack that began in early October and impacted multiple facilities within the health system.

Read full Health IT Security article.

Ransomware attack hits more than 59,000 patients at Vermont health center

Becker’s Health IT, August 22, 2022

A Vermont health center recently experienced a ransomware attack that affected 59,381 patients, it reported Aug. 11 to the HHS Office of Civil Rights.

Read full Becker’s Health IT article.

Ransomware attack knocks out systems at Ohio and W. Virginia healthcare provider

SILICON ANGLE, August 17, 2021

The Memorial Health System, a healthcare provider in Ohio and West Virginia, has been struck by a ransomware attack that knocked systems offline and forced hospital staff to use paper charts.

Read full Silicon Angle article.

Ransomware attack on Ascension St. Vincent’s legacy EMR spurs breach notice

SC Media, October 31, 2022

A “security event” deployed against several legacy systems, including an electronic medical record (EMR), at Ascension St. Vincent’s Coastal Cardiology in Georgia has led to the possible compromise of personal and health information tied to an undisclosed number of patients.

Read full SC Media article.

Ransomware attack on billing vendor leads to data theft for 942K patients

SC Media, August 23, 2022

Practice Resources recently notified 942,138 patients that their data was accessed or stolen ahead of a ransomware attack deployed in April. The New York-based vendor provides billing and professional services to a range of healthcare entities.

Read full SC Media article.

Ransomware Attack on Eye Clinic Chain Affects 500,000

Info Risk Today, June 24, 2021

Wolfe Eye Clinic, which operates diagnostic and surgical centers in 40 Iowa communities, is notifying 500,000 current and former patients that their data may have been inappropriately accessed during a recent ransomware attack. But the organization refused to pay a ransom.

Read full Info Risk Today article.

 

Ransomware Attack on GA Health System Impacts Staff, Patients’ PHI

Health IT Security, August 11, 2021

A Georgia healthcare system sustained a cyberattack, with hackers targeting patients’ and staff members’ PHI.

Read full Health IT Security article.

Ransomware attack on health care company, CaptureRx, exposes multiple providers

SC Media, May 10, 2021

A ransomware attack against CaptureRx, a drug-related administrative service provider in San Antonio, Texas, resulted in the exposure of the health information of patients or customers at several health care providers across the U.S., reports ZDNet.

Read full SC Media article.

Ransomware attack on Quest’s ReproSource impacts data of 350K patients

SC Media, October 12, 2021

Approximately 350,000 patients were recently notified that their data was potentially accessed or acquired during a ransomware attack on ReproSource Fertility Diagnostics, a clinical laboratory for fertility specialists and a subsidiary of Quest Diagnostics.

Read full SC Media article.

Ransomware attack on Yuma Regional Medical leads to data theft for 700K patients

SC Media, June 15, 2022

Yuma Regional Medical Center in Arizona recently notified 700,000 patients that their personal and health data was stolen ahead of an April ransomware attack.

Read full SC Media article.

Ransomware attack recovery costs top $1.85M in healthcare

SC Media, June 1, 2022

It costs about $1.85 million to recover systems after a ransomware attack in healthcare, the second highest across all sectors. The hefty price tag, as well as the serious impact to critical operations and patient care, could be driving the spike in providers paying the ransom demand, according to a new Sophos report.

Read full SC Media article.

Ransomware attack wipes out Arizona clinic’s EHR, corrupts 35,000 patients’ records

Becker’s Health IT, September 9, 2021

Queen Creek, Ariz.-based Desert Wells Family Medicine recently began notifying 35,000 patients that their EHR data was compromised by a ransomware attack.

Read full Becker’s Health IT article.

Ransomware Attacks Across the Globe Locked 68 Healthcare OT Facilities

The Fast Mode, November 30, 2021

Last month saw an alarming rise in cyber attacks against healthcare facilities. Ransomware attacks across the globe locked 68 care providers out of their respective networks during Q3 of this year alone, threatening patient safety and privacy. Experts fear that patients will suddenly be unable to receive critical care at a targeted facility without a holistic whole-facility cybersecurity approach.

Read full The Fast Mode article.

Ransomware attacks against healthcare organizations nearly doubled in 2021, report says

Thomson Reuters, July 5, 2022

Two-thirds (66%) of healthcare organizations were hit by ransomware attacks last year, up from 34% in 2020, according to a new report from cybersecurity firm Sophos. The near-doubling of cyber-incidents demonstrates how attackers have become “considerably more capable at executing the most significant attacks at scale.”

Read full Thomson Reuters article.

Ransomware attacks cost healthcare orgs $20.8B in 2020

Becker’s Health IT, July 28, 2021

Ransomware attacks skyrocketed amid the pandemic when hospitals increased their use of remote work and moved more hospital data online, according to a July 21 report by cybersecurity consulting firm CynergisTek.

Read full Becker’s Health IT article.

Ransomware attacks increasing in Oregon, nationwide, FBI says

Oregon Live, June 30, 2022

FBI agents with the bureau’s Cyber Task Force in Oregon helped investigators identify three suspected Russian government hackers accused of compromising the computer network of a company that runs a nuclear power plant in Kansas.

Read full Oregon Live article.

Ransomware attacks on healthcare organizations cost nearly $21B last year, study finds

Becker’s Hospital Review, March 12, 2021

Six-hundred clinics, hospital and healthcare organizations were attacked by 92 individual ransomware attacks, affecting 18 million patient records in 2020. The costs of these attacks are almost $21 billion, a Comparitech study found.

The report highlighted ransomware attacks published by HHS that affected more than 500 people. Data breaches affecting fewer than 500 people were included if the breach was reported elsewhere, a limitation the researchers said “only scratch[es] the surface of the problem.”

Read full Becker’s Hospital Review article.

Ransomware Attacks on Healthcare Organizations Increased 94% in 2021, According to Sophos Global Survey

Albawaba, June 8, 2022

Sophos, a global leader in next-generation cybersecurity, has published a new sectoral survey report, “The State of Ransomware in Healthcare 2022.” The findings reveal a 94% increase in ransomware attacks on the organizations surveyed in this sector. In 2021, 66% of healthcare organizations were hit; 34% were hit the previous year.

Read full Albawaba article.

Ransomware Attacks on Healthcare System Goes Way Beyond Just Data

Cyware Social, November 28, 2021

The healthcare sector has been under relentless pressure due to COVID-19 and cyberattacks. Healthcare facilities collect a lot of data, which makes them a lucrative target for cybercriminals. While healthcare facilities witness ransomware attacks, it is not just the health data that is affected.

Read full Cyware Social article.

Ransomware attacks put availability of medical devices at risk: FDA cyber chief

Med Tech Dive, October 1, 2021

  • Ransomware attacks on healthcare facility networks are causing medical device “outages” that put patient lives at risk.
  • “You can’t have a safe and effective medical device if it’s unavailable” due to ransomware. “Nation states and organized crime — real threat actors — are causing harm, damaging the safety and effectiveness of medical devices.”
  • Assessment comes as The Wall Street Journal reported the first alleged death in a hospital attributed to ransomware.

Read full Med Tech Dive brief.

Ransomware attacks rose 47 percent in July

MSN, August 25, 2022

Ransomware attacks rose 47 percent from June to July, with the majority of attacks targeting the industrials sector, according to a report released on Thursday by cybersecurity firm NCC Group.

Read full MSN article.

Ransomware attacks, a growing threat that needs to be countered

United Nations Office on Drugs and Crime, October 18, 2021

The United Nations Office on Drugs and Crime (UNODC) delivered a practical regional training on ransomware investigations to law enforcement officers, computer security incident response teams, and prosecutors from Malaysia, the Philippines and Thailand.

The increased digitalization of society, compounded by the COVID-19 outbreak, has contributed to a recent 600% rise in cybercrimes in Southeast Asia.

Read full UNODC article.

Ransomware attacks, IP, data theft top cybersecurity concerns for global, Indian pharma firms

ET HealthWorld, June 23, 2022

For leading pharma companies, cybersecurity investments have increased by a minimum of 25-30 per cent between 2019 and 2021. The pandemic and the rising number of targeted attacks have prompted certain pharma companies to double their cybersecurity investments over the past 18 months.

Read full ET HealthWorld article.

Ransomware Attacks: CISA Shares Operational Tech Asset Security Guide

Health IT Security, June 10, 2021

In response to ongoing ransomware attacks targeting operational tech assets and control systems of critical infrastructure entities, CISA published a guide to mitigation and response.

Read full Health IT Security article. 

Ransomware attacks: This is the data that cyber criminals really want to steal

ZD Net, June 20, 2022

There are certain types of data that criminals target the most, according to an analysis of attacks.

Read full ZD Net article.

Ransomware caused American Dental Association outage, led to stolen data

SC Media, July 28, 2022

The American Dental Association recently began notifying state regulators that the “cybersecurity incident” it reported in April was actually a ransomware attack, which led to the theft of member data.

Read full SC Media article.

Ransomware Disrupts Indian Premier Hospital for 2nd Day

Healthcare Info Security, November 24, 2022

India’s premier healthcare institute reported a massive cyberattack on its servers on Wednesday. All patient care services were affected and were still operating manually on Thursday.

Read full Healthcare Info Security article.

Ransomware gang behind Ireland attack also hit US health and emergency networks

MSN, May 23, 2021

The ransomware attack that hobbled the Irish healthcare system was far from an isolated incident. BleepingComputer and Gizmodo note that the FBI has issued a flash alert warning that the ransomware group behind the Ireland attack also targeted “at least” 16 healthcare and emergency networks, including police and 911 dispatch centers. The group used Conti ransomware that steals files, encrypts systems and pressures victims into paying through a portal lest their data be sold or published online.

Read full MSN article.

Ransomware gang creates site for employees to search for their stolen data

Bleeping Computer, June 14, 2022

The ALPHV ransomware gang, aka BlackCat, has brought extortion to a new level by creating a dedicated website that allows the customers and employees of their victim to check if their data was stolen in an attack.

Read full Bleeping Computer article.

Ransomware gang threatens 1m-plus medical record leak

The Register, September 14, 2022

Two recent ransomware attacks against healthcare systems indicate cybercriminals continue to put medical clinics and hospitals firmly in their crosshairs.

Daixin Team has taken credit for a September 1 assault on Texas-based OakBend Medical Center, causing a shutdown of the organization’s communication and IT systems as well as exfiltrating internal data.

Read full The Register article.

Ransomware Gang Uses Log4Shell

Healthcare Info Security, June 24, 2022

Log4Shell is the vulnerability that keeps giving. Yet another ransomware group is at work exploiting a bug present in a ubiquitous open-source data-logging framework.

Read full Healthcare Info Security article.

Ransomware group blurs lines between crime, state-sponsored activities, HHS alert warns

SC Media, August 30, 2022

The Department of Health and Human Services Cybersecurity Coordination Center warns “Evil Corp should be considered a significant threat to the U.S. health sector.” An HC3 alert details the ongoing risk posed by the highly capable cybercrime syndicate based out of Russia.

Read full SC Media article.

Ransomware group claims responsibility for cyber-attack on metro healthcare organization

KFOR, Oklahoma’s News, March 28, 2022

A ransomware group called Suncrypt is claiming responsibility for a cyber-attack against the OKC Indian Clinic, a metro nonprofit healthcare organization.

Read full KFOR article.

Ransomware groups continue assault on healthcare orgs as COVID-19 infections increase

MSN, September 13, 2021

Ransomware groups have shown no signs of slowing down their assault on hospitals, seemingly ramping up attacks on healthcare institutions as dozens of countries deal with a new wave of COVID-19 infections thanks to the potent Delta variant.

Read full MSN article.

Ransomware Groups Continue to Leverage Old Vulnerabilities

Health IT Security, May 18, 2022

Ransomware groups are continually going after old vulnerabilities and tried-and-true attack methods to exploit victims.

Read full Health IT Security article.

Ransomware groups don’t abide by promises not to target healthcare

SC Media, December 10, 2021

It may not be wise to count on criminals to self-regulate.

That is one implication of a new CyberPeace Institute blog researching ransomware groups whose wares have been used in attacks on healthcare facilities since May 2020. Of the 39 groups they have tracked, 12 had previously issued statements saying they would not target healthcare.

Read full SC Media article.

Ransomware groups keep healthcare in sights, selling access on the dark web

SC Media, May 6, 2022

Data from the Department of Health and Human Services Cybersecurity Program shows the rate of initial access brokers selling access to healthcare networks to ransomware groups and affiliates has remained constant from the end of 2021 through the first half of the year.

Read full SC Media article.

Ransomware in Healthcare: The Costly Reality of Withstanding Hackers

HIT Consultant, August 13, 2021

How much larger a percentage of U.S. gross domestic product (GDP) can healthcare command?

This isn’t a rhetorical question, even if it may be difficult to come up with a direct answer.

Read full HIT Consultant article.

Ransomware in healthcare: The inevitable truth

MedCity News, October 30, 2020

The best path forward for healthcare organizations is first to understand the characteristics, causes, and indicators of ransomware attacks and then be proactive in taking preventative measures.

Read full MedCity News article.

Ransomware Incidents Among Largest Breaches on Federal Tally

Gov Info Security, November 3, 2021

Analysis of Latest Health Data Breaches on the HHS OCR ‘Wall of Shame’. Ransomware incidents are becoming a major cause of health data breaches affecting millions of individuals that have been reported so far in 2021, according to the latest additions to the federal tally.

Read full Gov Info Security article.

Ransomware is a national security threat, so please tell us about attacks, says government

ZD Net, May 11, 2022

Businesses that fall victim to ransomware attacks need to come forward and disclose them to help protect the country from cyber criminals, says cybersecurity minister.

Read full ZD Net article.

Ransomware is the biggest cyber threat to business. But most firms still aren’t ready for it

ZD Net, October 11, 2021

Many firms have no incident response plans or they don’t ever test their cyber defences, says cybersecurity chief.

Read full ZD Net article.

Ransomware payments hit new records as Dark Web leaks climb

Security Brief, April 13, 2022

Ransomware payments hit new records in 2021 as cybercriminals increasingly turned to Dark Web leak sites where they pressured victims to pay up by threatening to release sensitive data, according to research from Unit 42 by Palo Alto Networks.

The average ransom demand in cases worked by the Palo Alto Networks Unit 42 security consultants rose 144% in 2021 to $2.2 million, while the average payment climbed 78% to $541,010, the report found.

Read full Security Brief article.

Ransomware Prevention Best Practices for State and Local Governments

State Tech, April 18, 2022

A recently released report, “The State of Ransomware in Government 2021,” underwritten by security firm Sophos, labeled the scourge of ransomware a “national emergency.”

Read full State Tech article.

Ransomware Protection Market to Reach $82.92 Bn, Globally, by 2031 at 17.1% CAGR: Allied Market Research

TMC Net, July 20, 2022

Increase in penetration of ransomware-as-a-service (RaaS), rise in digitization of businesses, and the emergence of cryptocurrencies such as Bitcoin drive the growth of the global ransomware protection market.

Read full TMC Net article.

Ransomware Risk in Healthcare Endangers Patients

Threat Post, June 16, 2022

Ryan Witt, Proofpoint’s Healthcare Cybersecurity Leader, examines the impact of ransomware on patient care.

Read full Threat Post article.

Ransomware strikes Scottish mental health charity

IT Pro, March 21, 2022

The RansomEXX cyber criminals have claimed responsibility for the hack which led to more than 12GB of sensitive data being leaked to the dark web.

The ​​Scottish Association for Mental Health (SAMH) has confirmed that it has fallen victim to a ransomware attack that has affected its IT systems, including email and some phone lines.

Read full IT Pro article.

Ransomware Task Force releases long-awaited recommendations

SC Media, April 29, 2021

The Ransomware Task Force (RTF), a collaboration of more than 60 stakeholders, released its long-awaited ransomware framework on Thursday morning, advocating nearly 50 interlocking government and private sector strategies to tackle the criminal scourge.

Read full SC Media article.

 

Ransomware Task Force releases SMB blueprint for defense and mitigation

SC Media, August 4, 2022

The Institute for Security and Technology’s Ransomware Task Force (RTF) released a blueprint for small and mid-sized enterprises to face ransomware Thursday, aiming to promote hygiene in less mature network environments.

Read full SC Media article.

Ransomware Trends 2021: Industrialized Cybercrime is the New Normal

The Fast Mode, November 26, 2021

Critical infrastructure attacks and sky-high ransoms are just the beginning.

Ransomware isn’t new, but the industrial complex behind today’s biggest attacks certainly is.

Read full The Fast Mode article.

Ransomware Trends Show Lockbit Most Active, New Tactics, Healthcare Hit Hard

Security Boulevard, June 8, 2022

LockBit replaced Conti as the most active ransomware gang and continued to evolve its operations in the first quarter, according to a report from KELA Cybercrime Intelligence.

LockBit disclosed 226 victims in the first quarter. The group’s largest number of victims were in manufacturing, technology, education and the public sectors.

Read full Security Boulevard article.

Ransomware used to target reproductive health clinic

Digital Journal, January 13, 2022

A recent data breach announced affected the company Planned Parenthood LA. The firm stated that sensitive data was exposed following a ransomware attack towards the end of 2021.

Read full Digital Journal article.

Ransomware-as-a-service group targets more than 75 organizations

SC Media, August 26, 2022

Researchers on Thursday reported that the ransomware-as-a-service (RaaS) group known as Black Basta has compromised more than 75 organizations over the past several months.

Read full SC Media article.

Ransomware-related outages prevalent in healthcare

SC Media, October 19, 2022

Operational outages have been experienced by 86% of healthcare organizations impacted by ransomware attacks, reports HealthITSecurity.

Read full SC Media article.

Ransomware, Response Dominate Irish Cybercrime Conference

Healthcare Info Security, November 18, 2021

The specter of the May attack on Ireland’s national health service loomed large at the IRISSCON 2021 cybercrime conference Thursday in Dublin.

The event, run by Ireland’s first computer emergency response team, the Irish Reporting and Information Security Service, or IRISS-CERT, was launched in 2009 and has run annually ever since, except when it was forced to cancel in 2020 due to the COVID-19 pandemic.

Read full Healthcare Info Security article.

Ransomware, supply chain attacks compel health care organizations to act

SC Media, March 9, 2021

If ransomware and data exfiltration attacks that targeted hospitals and vaccine researchers during the pandemic signaled a cyber hygiene crisis in health care, the SolarWinds supply chain attack demonstrated just how deep the problem goes.

A new report issued this week by the CyberPeace Institute seeks to illustrate the human impact that relentless cyberattacks have on health care staffers, patients and society. Featuring a compilation of interviews, outside research and recent news stories, the report offers key recommendations for various stakeholders.

Read full SC Media article.

Ransomware: ‘Amateur’ Tactics Lead Fewer Victims to Pay

Gov Info Security, October 31, 2022

Why are so many ransomware-wielding attackers collectively shooting themselves in the foot? Ransomware victims who opt to pay a ransom have been seeing a “decline in quality and reliability” when it comes to quickly restoring affected systems, ransomware incident response firm Coveware reports.

Read full Gov Info Security article.

Ransomware: 2,300+ local governments, schools, healthcare providers impacted in 2021

ZD Net, January 18, 2022

An Emsisoft report found that more than 1,000 schools alone were disrupted by ransomware incidents.

Read full ZD Net article.

Ransomware: Alphv/BlackCat Is DarkSide/BlackMatter Reboot

Healthcare Info Security, February 7, 2022

In news that should shock no one, security researchers say the ransomware operation known as Alphv – aka BlackCat – appears to be a reboot of the notorious group known as BlackMatter, which was itself a rebrand of DarkSide.

Read full Healthcare Info Security article.

Ransomware: Federal Coordination and Assistance Challenges

U.S. Government Accountability Office, November 16, 2022

Ransomware is software that makes data and systems unusable unless ransom payments are made.

State, local, tribal, and territorial government organizations—including schools—have been targeted by ransomware. This can affect vital government operations and services. Ransomware attacks on schools can cause learning loss as well as monetary loss.

Reed full GAO article.

Ransomware: Not enough victims are reporting attacks, and that’s a problem for everyone

ZD Net, November 1, 2022

Ransomware continues to be a significant cyber threat to businesses and the general public – but it’s difficult to know the true impact of attacks because many victims aren’t coming forward to report them.

Read full ZD Net article.

Reality of health care threats disconnected from cybersecurity investments

SC Media, August 12, 2021

Despite the health care sector remaining a prime target for threat actors, many provider organizations don’t see cybersecurity investment as a priority and few name cyber as a high priority spend, according to a new report from CyberMDX in collaboration with Philips.

Read full SC Media article.

Recent Breaches Underscore High Healthcare Security Risk

Dark Reading, September 10, 2021

Healthcare institutions in California and Arizona are sending breach notification letters after attackers compromised thousands of patients’ data.

Read full Dark Reading article.

Red Teams vs. Blue Teams: What’s the Difference, and How do Health IT Leaders Run These Exercises

Health Tech, October 27, 2021

Cybersecurity threats are becoming more sophisticated, and healthcare organizations must prepare for attacks in order to mitigate damage.

Read Health Tech article.

Reduce Security Risk of Healthcare Legacy Systems, Devices

Gov Info Security, November 1, 2021

HHS OCR: If Old Gear Cannot Be Replaced, Take Other Steps to Protect PHI. Federal regulators are reminding healthcare organizations about the critical importance of addressing security risks involving legacy systems and devices – including specialty software and gear – that are often difficult for entities to replace.

Read full Gov Info Security article.

Relentless cyber attacks are putting financial pressure on hospitals: Fitch Ratings

Fierce Healthcare, July 26, 2021

A historic jump in the number and severity of cyber assaults on hospitals during the last 18 months will cause “material revenue and expense pressures” on nonprofit hospitals and health systems, according to a report from Fitch Ratings.

Read full Fierce Healthcare article.

Report: Cyberattacks drive 185% spike in health care data breaches in 2021

SC Magazine, July 13, 2021

More than 22.8 million patients have been impacted by a health care data breach so far in 2021, a whopping 185% increase from the same time period last year where just 7.9 million individuals were affected according to a new report from Fortified Health Security.

Read full SC Magazine article.

Report: Ransomware is a patient mortality risk, driven by COVID, third-party vendors

SC Media, September 22, 2021

A new report from the Ponemon Institute reinforces the patient safety risks posed by ransomware attacks: 22% of surveyed providers saw an increase in the rate of mortality in their health care organization after a cyberattack. The driving factors include the COVID-19 response and security gaps within the third-party vendor ecosystem.

Read full SC Media article.

Report: Ransomware Up 50% in Education, 39% in Healthcare

Campus Safety, February 18, 2022

A new cybersecurity report found ransomware-based data leaks increased by 50% in the education sector and 39% in the healthcare sector.

Read full Campus Safety article.

Reports show healthcare’s ongoing third-party vendor, vulnerability challenges

SC Media, October 26, 2021

Healthcare organizations are much more likely than any other industries to have an incident response plan, according to new Shred-it research. However, 42% of providers surveyed for the report said they don’t have prepared recovery plans in place and may not be prepared to handle a security incident.

Read full SC Media article.

Researchers Share In-Depth Analysis of PYSA Ransomware Group

Hacker News, April 18, 2022

An 18-month-long analysis of the PYSA ransomware operation has revealed that the cybercrime cartel followed a five-stage software development cycle from August 2020, with the malware authors prioritizing features to improve the efficiency of its workflows.

Read full Hacker News article.

Responding To a Healthcare Ransomware Attack: A Step-By-Step Guide

Health IT Security, May 6, 2022

Healthcare ransomware attacks can result in data exfiltration, financial and reputational losses, and workflow disruptions. Even the most sophisticated security programs are not immune to ransomware.

The Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) found that the healthcare sector faced the most ransomware attacks in 2021 compared to other critical infrastructure sectors.

Read full Health IT Security article.

Responsibility for health and medical device cybersecurity must be shared

Washington Times, May 10, 2022

Open your newspaper or laptop on any given morning nowadays and you are bound to find a fresh report about the urgent need to address the nation’s extreme vulnerability to cyberattacks at the hands of hostile foreign governments. No sector is currently less prepared, hence more at risk, than the health sector.

Read full Washington Times article.

Rewards for Justice – Reward Offer for Information on Foreign Malicious Cyber Activity Against U.S. Critical Infrastructure

U.S. Department of State, July 15, 2021

The U.S. Department of State’s Rewards for Justice (RFJ) program, which is administered by the Diplomatic Security Service, is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).

Read full U.S. Department of State article.

Rise in Healthcare Data Breaches Driven by Ransomware Attacks

CPO Magazine, March 18, 2021

There was a general rise in cyber crime in 2020 due to pandemic conditions, but one notable trend that stood out was a spike in the number of major healthcare data breaches. A new report from cybersecurity firm Tenable reviews the entirety of 2020’s publicly disclosed breaches (along with the first two months of 2021) and finds that this spike can be overwhelmingly attributed to ransomware attacks.

Read full CPO Magazine article.

Risk to patient safety from cyberattacks critical, even as specifics about direct links remain elusive

SC Media, September 9, 2021

Critical attacks against health care thrived in the last year. Now, as patient volumes continue to surge in some parts of the country, safety concerns grow increasingly dire.

And yet, say experts, specific data that clearly demonstrates the impact of cyberattacks on patient care remains elusive. This reality, in fact, further complicates an already complex effort among health care providers to establish technology plans and processes that put patient safety and care first.

Read full SC Media article.

Rural WA agencies seek federal support to fortify against cyberattacks

Crosscut, March 14, 2022

With limited IT resources, smaller public agencies in the state are among recent targets for ransomware attacks.

Read full Crosscut article.

Sanford Health, Eskenazi Health recovering from cyberattacks in EHR downtime

SC Media, August 5, 2021

Cyberattacks on two U.S. health systems have forced the providers into electronic health record (EHR) downtime procedures: Sanford Health in South Dakota and Eskenazi Health in Indianapolis, according to multiple local news outlets and statements from the health systems.

Read full SC Media article.

Saskatoon gynecology clinic hit with ransomware attack: report

Saskatoon News, October 6, 2022

A ransomware attack on a Saskatoon obstetrics and gynecology clinic left the personal health information of up to 20,000 patients in the hands of malicious hackers, according to the province’s privacy watchdog.

Read full Saskatoon News article.

SBN The State of Cybersecurity Preparedness in Healthcare

Security Boulevard, December 21, 2021

As if healthcare didn’t have enough to worry about, with overpacked facilities and overworked staff during the COVID-19 pandemic, cyberattacks on healthcare systems and medical devices are rapidly growing in number and sophistication. Further, ransomware is making its way into healthcare, with attacks locking out IT systems and medical devices. All this means the state of cybersecurity preparedness in healthcare is at an all time low.

Read full Security Boulevard article.

Scottish mental health charity “devastated” by heartless RansomEXX ransomware attack

Bitdefender, March 21, 2022

Scottish mental health charity SAMH has announced that it has been left “devastated” by a ransomware attack that has seen personal information spilled out onto the net.

SAMH (the Scottish Association for Mental Health) helps provide care and support for adults and young people suffering from issues with their mental health, and campaigns to influence positive social change.

Read full Bitdefender article.

Second FinCEN Exchange on Ransomware to Take Place in August

FinCEN, July 15, 2021

The Financial Crimes Enforcement Network (FinCEN) today announced it will convene a FinCEN Exchange in August 2021 with representatives from financial institutions, other key industry stakeholders, and federal government agencies to discuss ongoing concerns regarding ransomware, as well as efforts by the public and private sectors. The FinCEN Exchange will build upon FinCEN’s November 2020 event on ransomware. FinCEN anticipates that this FinCEN Exchange will assist its government and private sector partners to inform next steps to address ransomware and focus resources to mitigate the threat.

Read full FinCEN article.

Secretary Mayorkas Outlines His Vision for Cybersecurity Resilience

Homeland Security, March 31, 2021

On March 31, Secretary Mayorkas outlined his vision and roadmap for the Department’s cybersecurity efforts in a virtual address hosted by RSA Conference, in partnership with Hampton University and the Girl Scouts of the USA.

Read Secretary Mayorkas’ prepared remarks on the Homeland Security website.

Security Alert: Daixin Ransomware Targets Healthcare

Gov Info Security, October 24, 2022

Beware ransomware and data extortion shakedowns that trace to a cybercrime group called Daixin Team, which is especially targeting the healthcare sector.

Read full Gov Info Security article.

Security Professionals View Ransomware and Terrorism as Equal Threats

Health IT Security, December 29, 2021

More than half of surveyed security professionals reported viewing ransomware and terrorism as equal threats, echoing the DOJ’s sentiments.

Read full Health IT Security article.

SecurityWeek Cyber Insights 2022: Ransomware

Security Week, January 10, 2022

Ransomware has grown from humble beginnings as threat-based scams to a worldwide criminal phenomenon. It has been a continuous process of extortion refinement, with criminals adapting their behavior to maximize their financial return. This evolutionary process will continue.

Read full Security Week article.

Senate Report Highlights Lack of Government Data on Ransomware Payments

Nextgov, May 24, 2022

A new report details the role cryptocurrencies play in incentivizing ransomware attacks and the government’s response.

Read full Nextgov article.

Senators Introduce Healthcare Cybersecurity Act

Health IT Security, March 28, 2022

The Healthcare Cybersecurity Act aims to promote collaboration between CISA and HHS to enhance cybersecurity efforts across the sector.

Read full Health IT Security article.

Several Healthcare Providers Report Recent Data Breaches

Health IT Security, May 31, 2022

The latest data breach roundup includes recent notifications from eight healthcare providers, all of which experienced data security incidents recently.

Read full Health IT Security article.

Small Healthcare Practices More Vulnerable to Data Breaches, Cyberattacks

Health IT Security, March 31, 2022

Just Under 50 percent of small healthcare organizations and 15 percent of large practices reported not having a plan of action in the event of a data breach, a survey found.

Read full Health IT Security article.

So-called ‘red lines’ increasingly crossed by ransomware groups in critical infrastructure attacks

SC Media, February 10, 2022

At the beginning of 2021, SC Media noted that the next few years were likely to see ransomware actors increasingly target entities in critical infrastructure and cause disruption in the flow of goods and services that are vital to keeping modern society running.

Read full SC Media article.

Sophos 2022 Threat Report: Gravitational Force of Ransomware Black Hole Pulls in Other Cyberthreats to Create One Massive, Interconnected Ransomware Delivery System

SOPHOS, November 9, 2021

In-depth Report Identifies Trends in Ransomware Services, Commodity Malware, Attack Tools, Cryptominers, and More That Are Impacting IT Security.

Read full SOPHOS article.

South Denver Cardiology cyberattack, data access impacts 287K patients

SC Media, March 18, 2022

South Denver Cardiology Associates recently notified 287,652 patients that their protected health information was accessed ahead of a cyberattack deployed in January this year.

Read full SC Media article.

Spoofing, Phishing, Ransomware Continue to Overwhelm Health Systems

Health IT Security, October 21, 2021

One hospital is being inundated with reports of spoofed phone calls, as others deal with unauthorized email access, phishing, and ransomware.

Read full Health IT Security article.

Still recovering, Oklahoma clinic confirms ransomware attack, data breach

SC Media, May 10, 2022

The ongoing network disruption at Oklahoma City Indian Clinic was brought on by a ransomware attack, a newly released notification confirms. OKCIC also informed 38,239 patients that their protected health information was accessed during the incident.

Read full SC Media article.

Surgeries canceled, care diverted as Memorial Health responds to cyberattack

SC Media, August 16, 2021

Memorial Health System in Ohio is currently operating under electronic health record (EHR) downtime procedures and diverting emergency care patients, after a cyberattack struck its network during the early hours of Sunday, Aug. 15. All radiology exams and urgent surgical cases scheduled for Aug. 16 have also been canceled as a result.

Read full SC Media article.

Suspected cyberattack in Newfoundland and Labrador’s hits ‘brain’ of health-care system

Kelowna Now, November 1, 2021

A suspected cyberattack on Newfoundland and Labrador’s health network has led to the cancellation of thousands of medical appointments across the province and forced some local health systems to revert to paper.

Read full Kelowna Now article.

Tackling Growing Pandemic Cyberthreats in Healthcare

Gov Info Security, November 4, 2021

Denise Anderson, President of H-ISAC, Discusses the ‘Myriad of Threats’. As the COVID-19 pandemic persists, security threats and related risks continue to grow, including those involving healthcare insiders, says Denise.

Read full Gov Info Security article.

Texas hospital confirms patient data theft amid network outage from ransomware attack

SC Media, September 16, 2022

OakBend Medical Center has confirmed “sensitive information was breached within the hospital infrastructure,” after two weeks of electronic health record downtime brought on by a ransomware attack. The Texas provider is working with federal law enforcement amid the network outage.

Read full SC Media article.

Texas hospital facing communication issues, system rebuild amid ransomware attack

SC Media, September 12, 2022

A ransomware attack deployed against OakBend Medical Center on Sept. 1 caused communication issues and IT disruptions. The Texas hospital is operating under electronic health record downtime procedures as it works to rebuild, according to an update on its website.

Read full SC Media article.

Texas hospital hit by ransomware attack

Becker’s Health IT, September 12, 2022

Richmond, Texas-based OakBend Medical Center is notifying patients that it was the target of a ransomware attack on Sept. 1.

In a notice on its website, the Texas medical center said it took all systems offline, placed them in lockdown mode and referred the attack to the FBI, CYD and Fort Bend County’s cybersecurity team to investigate the incident.

Read full Becker’s Health IT article.

Texas Hospital Says Ransomware Breach Affected 500,000

Bank Info Security, November 11, 2022

A ransomware attack at a Texas hospital that knocked out phone and email systems for weeks is now even worse following OakBend Medical Center’s admission that hackers downloaded data from the medical records of up to 500,000 individuals.

Read full Bank Info Security article.

Texas Medical Center Breach Affects 640,000

Data Breach Today, January 22, 2021

An apparent ransomware incident at a Texas healthcare organization has potentially compromised the protected health information of more than 640,000 individuals.

Read full Data Breach Today article.

The 2021 Ransomware Survey Report

Fortinet, November 29, 2021

Fortinet recently surveyed 455 business leaders and cybersecurity professionals worldwide to gauge their state of readiness to defend against the growing challenge of ransomware. Most are very or extremely concerned about the threat of a ransomware attack, with many seeing those attacks as a more significant challenge than other cyber threats. The majority feel prepared and report having a strategy that includes employee cyber training, risk assessment plans, offline backups, and cybersecurity/ransomware insurance. But despite these plans, two-thirds also claim to have been the victim of at least one ransomware attack.

Download the 2021 Ransomware Survey Report.

The Best Defense Is a Good Offense: How to Beat Ransomware

Info Security Magazine, March 25, 2022

Since tensions between Russia and Ukraine worsened recently, the National Cyber Security Council (NCSC) quickly warned UK businesses to ramp up their cybersecurity for fear the conflict could spill beyond national borders. This advice follows past warnings from the head of the NCSC that, of all potential threats, ransomware poses the “most immediate danger” to UK businesses in cyberspace.

Read full Info Security Magazine article.

The cyberattack with the most negative impact to patient care: ransomware

SC Media, September 8, 2022

A study released by Proofpoint in tandem with the Ponemon Institute found that ransomware attacks are the most likely kind of cyberattack to have a negative impact on patient care.

Read full SC Media article.

The data exfiltration deluge: we’ve lost the battle, but can win the war

SC Media, December 6, 2021

Despite organizations continuing to invest heavily in the latest cybersecurity technologies and the realization that AV software can’t defend against most new attack vectors, cyberattacks are at an all-time high. This year has witnessed an unparalleled number of attacks which have devastated infrastructure, governments and businesses alike, and are expected to cost more than $6 trillion globally.

Read full SC Media article.

The Evolution of Ransomware Extortion Schemes

Info Security Group, November 16, 2021

As the world experienced significant upheaval, the scale of threats facing businesses during the pandemic grew exponentially. Fundamentally, threat actors did not innovate; instead, they advanced the use of tools they already had, with slight modifications, at a much larger scale to take advantage of the instability that defined the changing times.

Read full Info Security Group article.

The Evolving Ransomware Trends in the Healthcare Sector

Gov Info Security, May 6, 2022

Financially motivated and state-sponsored threat actors are continuing to evolve their tactics, techniques and procedures for successful attacks, federal authorities warn in a new report spotlighting the latest ransomware trends in the healthcare and public health sector.

Read full Gov Info Security article.

The human cost of ransomware: Disruption to Irish health service will continue for months

ZD Net, June 24, 2021

Patients in Ireland told to continue to expect delays or cancellations to appointments after its health service was hit with ransomware in May.

The Ideal Ransomware Victim: What Attackers Are Looking For

KELA, September 6, 2021

In July 2021, KELA observed threat actors creating multiple threads where they claimed they are ready to buy accesses and described their conditions. Some of them appear to use access for deploying info-stealing malware and carrying out other malicious activities. Others aim to plant ransomware and steal data.

Read full KELA article.

The Institute for Security and Technology (IST) Launches Multi-Sector Ransomware Task Force (RTF)

Institute for Security and Technology (IST), December 21, 2020

The Institute for Security and Technology (IST) — in partnership with a broad coalition of experts in industry, government, law enforcement, nonprofits, cybersecurity insurance, and international organizations — is launching a new Ransomware Task Force (RTF) to tackle this increasingly prevalent and destructive type of cybercrime. The RTF’s founding members understand that ransomware is too large of a threat for any one entity to address, and have come together to provide clear recommendations for both public and private action that will significantly reduce the threat posed by this criminal enterprise.

Read full IST article.

The internet’s ‘existential threat’: From hospitals to schools, ransomware disrupts Florida’s most vital services

Orlando Sentinel, July 23, 2021

When Paula Sullivan took her husband to the emergency room at UF Health The Villages Hospital in early June, she remembers thinking it should be a short visit — probably no more than overnight. At 55 and struggling with ongoing cancer treatment, he often needed transfusions of platelets following chemotherapy.

Read full Orlando Sentinel article.

The Million-Dollar Question: To Pay or Not to Pay Ransom?

Security Boulevard, June 22, 2022

Ransomware is one of the most serious threats to businesses today. In fact, a recent survey found that 85% of enterprises are more concerned about the prospect of ransomware attacks than any other kind of attack. The decision of whether or not to pay the ransom or make a ransomware settlement should be carefully weighed.

Read full Security Boulevard article.

The most prolific malware strains of 2021 are yesterday’s news with a modern twist

SC Media, August 5, 2022

In a joint publication released this week, the U.S. Cybersecurity and Infrastructure Security Agency and the Australian Cyber Security Centre laid out 11 of the most prolific malware strains tormenting businesses, governments and critical infrastructure last year.

Read full SC Media article.

The National Cyber Investigative Joint Task Force Releases Ransomware Fact Sheet

FBI.gov, February 4, 2021

The National Cyber Investigative Joint Task Force (NCIJTF) has released a new joint-seal ransomware fact sheet. This educational product is intended to provide the public important information on the current ransomware threat and the government’s response, as well as common infection vectors, tools for attack prevention, and important contacts in the event of a ransomware attack.

Read full FBI.gov article.

THE PANDEMIC REVEALED THE HEALTH RISKS OF HOSPITAL RANSOMWARE ATTACKS

THE VERGE, August 19, 2021

In late October 2020, the University of Vermont Health Network was hit by a ransomware attack. The system couldn’t access electronic health records for nearly a month. Every computer at UVM Medical Center was infected with malware. Hospitals in the network delayed chemotherapy and mammogram appointments, just as COVID-19 cases in the United States started to tick upward in what would become an enormous winter wave.

Read full The Verge article.

The Ransomware Crime Wave Has Made Zero Trust Critical

eWeek, July 12, 2021

Zero trust proceeds from the foundational framework that no individual, no device, no application, no thing can be trusted as secure.

Read full eWeek article.

The Ransomware Crisis Deepens, While Data Recovery Stalls

Dark Reading, April 28, 2022

Higher probabilities of attack, soaring ransoms, and less chance of getting data back — the ransomware plague gets worse, and cyber insurance fails to be a panacea.

Read full Dark Reading article.

The ransomware threat is getting worse. But businesses still aren’t taking it seriously

ZD Net, November 17, 2021

Ransomware is growing in scale and severity. It’s time to start paying attention.

Ransomware is the most significant cybersecurity threat facing the country today, but many businesses still aren’t taking the threat as seriously as they should be, the National Cyber Security Centre (NCSC) has warned.

Read full ZD Net article.

The real cost of ransomware is even bigger than we realised

ZD Net, November 15, 2022

It’s well known that ransomware attacks are one of the most significant cybersecurity challenges facing the world today, and often the financial impact on victims is the most obvious and most discussed consequence. But that’s far from the only cost.

Read full ZD Net article.

The rise of ransomware within healthcare

Open Access Government, August 23, 2021

David Higgins, EMEA Technical Director, CyberArk, explores three reasons why healthcare organisations are extra vulnerable to ransomware.

Read full Open Access Governmet article.

The Security Imperative In The Healthcare Industry: Steps To Defending Telehealth And Patient Portals Against Cyber Attacks

Forbes, October 21, 2021

The healthcare industry is one of the biggest targets for cybercriminals. In 2020, ransomware attacks alone cost the industry $20.8 billion in downtime, affecting well over 600 providers nationwide. The pandemic transformed the landscape for healthcare, with the rapid adoption of technology to support telehealth, and patient portals became the primary way to communicate with providers, access treatment plans and related documents and process payments.

Read full Forbes article.

The State of Ransomware in Healthcare 2022

SOPHOS News, June 1, 2022

Sophos has just launched the State of Ransomware in Healthcare 2022, an insightful report carved out of its annual study of the real-world ransomware experiences of healthcare IT professionals. This year, 5,600 IT professionals, including 381 in healthcare, from 31 countries participated in the research.

Read full SOPHOS News article.

The State of Ransomware in Healthcare 2022

SOPHOS, June 1, 2022

Sophos has just launched the State of Ransomware in Healthcare 2022, an insightful report carved out of its annual study of the real-world ransomware experiences of healthcare IT professionals. This year, 5,600 IT professionals, including 381 in healthcare, from 31 countries participated in the research.

Read full SOPHOS article.

The state of ransomware in state and local government

SC Media, November 11, 2022

Ransomware in state and local governments is a significant threat to all branches and departments.

In the very best case scenario: A government office is targeted by a successful ransomware attack. Thanks to an excellent allocation of resources, well-orchestrated protocols and employee adherence to the protocols, effects on services and infrastructure related to the attack are minimal, and little financial damages are incurred.

Read full SC Media article.

The Worst Hacks and Breaches of 2022 So Far

Wired, July 4, 2022

From cryptocurrency thefts to intrusions into telecom giants, state-backed attackers have had a field day in the year’s first half.

Read full Wired article.

These four types of ransomware make up nearly three-quarters of reported incidents

ZD Net, March 17, 2022

Ransomware causes problems no matter what brand it is, but some forms are noticeably more prolific than others, with four strains of the malware accounting for a combined total of almost 70% of all attacks.

Read full ZD Net article.

Third-Party Vendor Ransomware Attack Impacts Humana, Anthem Members

Health IT Security, October 27, 2021

PracticeMax, a billing and IT solutions provider, experienced a ransomware attack that impacted some Humana and Anthem members.

Read full Health IT Security article.

Thirty-nation ransomware summit is ‘first of many’ to marshal international action

SC Media, October 13, 2021

The U.S. is kicking off a two-day ransomware summit with 30 other nations today, part of a broader effort by the Biden administration to marshal an international coalition to harden the global digital ecosystem’s legal and technical infrastructure against the attacks.

Read full SC Media article.

This ransomware strain just started targeting lots more businesses

ZD Net, December 22, 2021

Gang typically targets finance, government and healthcare organizations.

The relatively new Pysa ransomware was the dominant strain behind file-encrypting attacks in November and saw a 400% rise in attacks on government organizations, according to analysis by security company NCC Group.

Read full ZD Net article.

This Year’s Largest Healthcare Data Breaches

Health IT Security, November 30, 2021

More than 550 organizations reported healthcare data breaches to HHS in 2021, impacting over 40 million individuals.

Read full Health IT Security Article.

Threat Actors Shift Tactics, Targets As Ransomware Evolves

Health IT Security, January 25, 2022

As ransomware continues to evolve, threat actors are favoring double extortion, RaaS, and software vulnerability exploits.

Read full Health IT Security article.

To Combat Ransomware Attacks, Communication With C-Suite is Essential

Health IT Security, December 22, 2021

A study from (ISC)² shows that C-suite executives are looking for clearer communication and guidance from cybersecurity leaders when it comes to combatting ransomware attacks.

Read full Health IT Security article.

Top 10 healthcare breaches in the U.S. exposed data of 19 million

Bleeping Computer, December 31, 2021

The healthcare sector has been the target of hundreds of cyberattacks this year. A tally of public data breach reports so far shows that tens of millions of healthcare records have been exposed to unauthorized parties.

Most of the largest data breaches result from ransomware attacks and the first ten of them account for more than half of all the healthcare records exposed in 2021.

Read full Bleeping Computer article.

Top 5 ransomware operators by income

MSN, August 11, 2021

Jack Cable, a security architect at Krebs Stamos group, and a former U.S. Cybersecurity and Infrastructure Security Agency worker, has started a ransomware payments tracking site called Ransomewhere.

Read full SC Media article.

Top Healthcare Cybersecurity Challenges, How to Overcome Them

Health IT Security, November 23, 2021

With a multitude of critical data and patient safety hanging in the balance, there is a unique set of healthcare cybersecurity challenges that must be carefully considered.

Read full Health IT Security article.

Treasury Chief Yellen Calls Ransomware ‘Direct Threat’ to Economy

The Crime Report, October 21, 2021

The volume of suspected ransomware payments is likely to double this year, posing a “direct threat” to the U.S. economy, says U.S. Treasury Secretary Janet L. Yellen.

Read full The Crime Report article.

Twice as Many Healthcare Organizations Paid Extortion After Ransomware Attacks, but Only 2% Recovered All Data

CPO Magazine, June 9, 2022

The State of Ransomware in Healthcare 2022 report found that nearly two-thirds (66%) of healthcare organizations were hit by ransomware in 2021 compared to just over a third (34%) in 2020.

Read full CPO Magazine article.

Two Data Breaches at WA Senior Care Nonprofit Impact 103K

Health IT Security, December 8, 2021

Washington-based senior care nonprofit Sound Generations experienced two data breaches that impacted over 103K individuals and potentially exposed PII.

Read full Health IT Security article.

Two ransomware gangs, Vice Society and Magniber, said to launch attacks via PrintNightmare

SC Media, August 13, 2021

Researchers over the past couple of days reported that two different ransomware gangs — one fairly new, the other several years old — have been actively exploiting the PrintNightmare vulnerability in the Windows Print Spooler service to launch ransomware attacks.

Read full SC Media article.

U.S. Cyber Command’s actions against ransomware draw support and criticism

CSO, December 7, 2021

The actions, which temporarily took down REvil, raise questions about using the military to combat ransomware.

Read full CSO article.

U.S. healthcare hit by yet another cyberattack

Digital Journal, September 11, 2021

The U.S. medical body, California health center LifeLong Medical Care, has been struck by a ransomware attack. The attack was sufficiently wide to leak personally identifiable information of around 115,000 patients across numerous health organizations.

Read full Digital Journal article.

U.S. Healthcare Orgs Targeted with Maui Ransomware

Threat Post, July 8, 2022

State-sponsored actors are deploying the unique malware–which targets specific files and leaves no ransomware note–in ongoing attacks.

Several federal agencies are warning healthcare organizations that they are under threat of attacks from North Korean state-sponsored actors employing a unique ransomware that targets files with surgical precision, according to U.S. federal authorities.

Read full Threat Post article.

U.S. Healthcare Orgs Targeted with Maui Ransomware

Threat Post, July 8, 2022

Several federal agencies are warning healthcare organizations that they are under threat of attacks from North Korean state-sponsored actors employing a unique ransomware that targets files with surgical precision, according to U.S. federal authorities.

Read full Threat Post article.

U.S. lacks full picture of ransomware attacks, Senate panel finds

NNY 360, May 29, 2022

The U.S. government lacks a complete picture of ransomware attacks that routinely cripple government and private sector networks, according to an investigation by Senate Homeland Security and Governmental Affairs Committee staff.

The report, released Tuesday, also found that the government lacks information on how much ransom was paid — typically in the form of cryptocurrencies — by victims of such ransomware attacks.

Read full NNY 360 article.

U.S., allies accuse Iran of targeting health care and transportation victims for ransomware

The Washington Times, November 17, 2021

U.S. cyber officials and their counterparts in Australia and the U.K. on Wednesday accused Iranian government-sponsored attackers of targeting entities in the health care and transportation sectors to victimize with ransomware.

Read full The Washington Times article.

UC San Diego Health Hack May Have Exposed Patient Info

Gov Tech, July 29, 2021

Earlier this week, UC San Diego Health disclosed that it experienced a data breach between December 2020 and April 2021 that could have compromised sensitive patient information. The breach occurred through phishing.

Read full Gov Tech article.

UF Health admits patient data may have been compromised in ransomware attack

Village News, July 31, 2021

Two months after a ransomware attack was launched on its computer systems, UF Health-The Villages Hospital is admitting that patient data may have been compromised.

Read full Village News article.

UMass Memorial notifies 209K patients 8 months after data breach discovery

SC Media, October 29, 2021

Nearly eight months after discovering the hack of multiple employee email accounts, UMass Memorial Health is notifying about 209,000 patients that their personal and health information was potentially compromised.

Read full SC Media article.

Under Siege: How Healthcare Organizations Can Fight Back

CPO Magazine, November 25, 2021

A recent spate of crippling ransomware attacks against healthcare organizations signals that these assaults remain a major threat to our healthcare system and may have led to the nation’s first ransomware-related death.

Read full CPO Magazine article.

Understanding And Responding To Ransomware Threats

Forbes, October 27, 2021

Police forces, healthcare providers, educational institutes, the oil industry, entire governments — no sector is immune to the ransomware epidemic. Once you’re hit, it can threaten your organization’s very existence. The threat is so pervasive, the ramifications so dire, that the U.S. Department of Justice has elevated all ransomware investigations to a similar priority class as terrorism.

Read full Forbes article.

United Health Centers ransomware attack claimed by Vice Society

Bleeping Computer, September 24, 2021

​California-based United Health Centers suffered a ransomware attack that reportedly disrupted all of their locations and resulted in patient data theft. United Health Centers is a health care provider in California with twenty-one community health centers servicing Fresno, Kings, and Tulare counties.

Read full Bleeping Computer article.

Universal Health Services Estimates $67 Million in Ransomware Losses

Info Security Magazine, March 2, 2021

A ransomware attack on Universal Health Services (UHS) last autumn cost the company an estimated $67 million in downtime and related expenses, it has revealed.

The Fortune 500 healthcare organization has tens of thousands of employees in the US and UK and annual revenues exceeding $10 billion.

Read full Info Security Magazine article.

Unpatched Vulnerabilities Remain Primary Ransomware Attack Vector

Health IT Security, January 31, 2022

Cybercriminals continually look to unpatched vulnerabilities such as Log4j and others as primary ransomware attack vectors.

Read full Health IT Security article.

Upstate HomeCare notifies patients and employees of ransomware attack

WHEC, November 24, 2021

A ransomware attack on a local company exposed the personal information of its patients and employees.

Upstate HomeCare said the attack happened earlier this year, but cybersecurity experts just found its documents posted on the dark web.

Read full WHEC article.

Urgent alert warns Daixan ransomware group hit multiple healthcare providers

SC Media, October 24, 2022

The Daixin ransomware group is actively, and successfully, targeting the healthcare sector in force, with multiple provider organizations facing extortion claims after falling victim to the actors’ tactics since June, according to an urgent joint alert from multiple federal agencies.

Read full SC Media article.

US government says North Korean hackers are targeting American healthcare organizations with ransomware

TechCrunch+, July 6, 2022

The FBI, CISA and the U.S. Treasury Department are warning that North Korean state-sponsored hackers are using ransomware to target healthcare and public health sector organizations across the United States.

Read full TechCrunch+ article.

US healthcare org sends data breach warning to 1.4m patients following ransomware attack

THE DAILY SWIG, August 19, 2021

The medical and financial data of 1.4 million people was potentially exposed earlier this year in the latest ransomware attack to hit a major US healthcare provider.

St. Joseph’s/Candler (SJ/C), the largest healthcare network in Savannah, Georgia, says in a statement that it first detected the breach on June 17.

After it isolated its systems, an investigation carried out with the help of external security firms found that the attackers had originally gained access on December 20 last year.

Read full The Daily Swig article.

US healthcare organizations warned of cyber threats related to Russian invasion of Ukraine

SC Media, February 24, 2022

The American Hospital Association believes there are three areas of concerns for the U.S. healthcare sector, in light of the Russian invasion on Ukraine: hospitals and health systems may be directly targeted, or become incidental victims of Russian-backed threat actors, and could see operational disruptions brought on by a cyberattack.

Read full SC Media article.

US lacks full picture of ransomware attacks, Senate panel finds

Roll Call, May 24, 2022

The U.S. government lacks a complete picture of ransomware attacks that routinely cripple government and private sector networks, according to an investigation by Senate Homeland Security and Governmental Affairs Committee staff.

Read full Roll Call article.

US Treasury says financial ransomware losses topped $1.2 billion last year

SC Media, November 4, 2022

US financial institutions processed roughly $1.2 billion in ransomware-related payments last year, a nearly 200 percent increase compared to 2020, according to the Treasury Department.

Read full SC Media article.

Use of Cryptocurrency in Ransomware Attacks, Available Data, and National Security Concerns

Homeland Security & Governmental Affairs, May 23, 2022

Ransomware is a dangerous form of cyber-attack where threat actors prevent access to computer systems or threaten to release data unless a ransom is paid. It has the power to bankrupt businesses and cripple critical infrastructure – posing a grave threat to our national and economic security. The use of cryptocurrencies has further enabled ransomware attacks, particularly because cryptocurrency is decentralized and distributed and illicit actors can take steps to obscure transactions and make them more difficult to track.

Read full HSGAC Majority Cryptocurrency Ransomware Report.

UVM Health Continues to Feel Effects of Ransomware Attack

Health IT Security, June 24, 2021

Eight months after a ransomware attack that incurred costs upwards of $63 million, UVM Health continues to experience setbacks and financial losses.

Read full IT Security article. 

UVM Health Delays Epic EHR Implementation After Cyberattack, COVID-19

EHR Intelligence, January 6, 2021

One of 2020’s worst cyberattacks resulted in University of Vermont (UVM) Health delaying its Epic EHR implementation schedule.

Read full EHR Implementation article.

Vast majority in healthcare industry hit with a cyberattack on cloud infrastructure in the last year

SC Media, October 27, 2022

Netwrix on Thursday reported that 61% of respondents in the healthcare industry suffered a cyberattack on their cloud infrastructure within the last 12 months, compared to 53% for other verticals.

Read full SC Media article.

Vast majority of SMBs are concerned about a ransomware attack on their business

SC Media, November 8, 2022

OpenText Security Solutions on Monday reported that some 84% of respondents to a small- and mid-sized business (SMB) survey are concerned about a ransomware attack on their business.

Read full SC Media article.

Vendor ransomware attack exposes patient information at South Carolina practice

Becker’s Hospital Review, March 8, 2021

Sandhills Medical Foundation notified patients that an external cloud vendor underwent a ransomware attack, exposing patients’ personal information, according to a news release. The attackers accessed Sandhills’ system on Nov. 15 and extracted Sandhills’ data before the ransomware attack was launched on Dec. 3.

Read full Becker’s Hospital Review article.

Vendor Ransomware Breach Affects 942,000 Patients

Healthcare Info Security, August 17, 2022

A New York-based practice management and billing vendor has notified 28 healthcare entity clients and more than 942,000 of their patients that sensitive information was compromised in a ransomware attack in April.

Read full Healthcare Info Security article.

Vendor’s Ransomware Attack Hits Over 600 Healthcare Clients

Gov Info Security, July 5, 2022

A ransomware attack on an accounts receivables management firm affects more than 650 covered entity clients – including dental practices, physician groups and hospitals, resulting in one of the largest health data breaches involving a vendor so far this year.

Read full Gov Info Security article.

Vendor’s Ransomware Attack Hits Over 600 Healthcare Clients

Gov Info Security, July 5, 2022

A ransomware attack on an accounts receivables management firm affects more than 650 covered entity clients – including dental practices, physician groups and hospitals, resulting in one of the largest health data breaches involving a vendor so far this year.

Read full Gov Info Security article.

Vendor’s Ransomware Attack Is Latest Supply Chain Warning

Gov Info Security, May 11, 2022

A recent ransomware attack on a medication management systems provider is the latest reminder of persistent cybersecurity threats and risks facing healthcare supply chain and related vendors, as well as their customers.

Read full Gov Info Security article.

Venus Ransomware Targets Publicly Exposed Remote Desktop Services

HHS, November 9, 2022

HC3: Analyst Note. Report: 202211091400
Venus Ransomware Targets Publicly Exposed Remote Desktop Services

HC3 is aware of at least one healthcare entity in the United States falling victim to Venus ransomware recently. The threat actors behind Venus ransomware operations are known to target publicly exposed Remote Desktop Services to encrypt Windows devices. This report provides additional information, indicators of compromise, techniques and corresponding mitigations associated with Venus ransomware.

Download HC3 Report as PDF.

Virginia legislative agencies and commissions hit with ransomware attack

ZD Net, December 13, 2021

A ransomware attack has hit agencies and commissions within the Virginia legislature, according to a statement from the governor’s office to the Associated Press.

Read full ZD Net article.

What does healthcare need from government efforts? Not another framework

SC Media, November 14, 2022

The federal government has set its sights on improving healthcare’s cybersecurity posture through collaborative partnerships. However, stakeholders are frustrated, some even angry, that their proposals appear to recycle past work rather than building on the foundation these leaders have spent their careers making.

Read full SC Media article.

What Growing Federal Scrutiny of Healthcare Cybersecurity Means for Organizations

Health Tech, June 30, 2022

Healthcare organizations are more likely than organizations in other sectors to pay the ransom, but when they do, they may not get back all their data. And just 78 percent of healthcare organizations have cyber insurance coverage, according to Sophos’ “The State of Ransomware in Healthcare 2022.”

Read full Health Tech article.

What Happens After a Ransomware Attack in the Health IT Environment?

Health IT Security, June 9, 2021

CyberMDX’s Ido Geffen takes a hard look at ransomware attacks within a healthcare environment, including what providers are getting wrong and needed security mitigations.

Read full Health It Security article. 

What healthcare providers can do to strengthen cyber resiliency

SC Media, June 17, 2022

New cyber resiliency insights from the Department of Health and Human Services Cybersecurity Coordination Center aim to support healthcare providers in bolstering enterprise cyber posture to improve response in the wake of security incidents.

Read full SC Media article.

What is Top of Mind for CISOs Right Now

CSO, November 10, 2022

Every quarter, we interview CISOs and ask them what is top of mind and what trends or challenges they are experiencing in the threat landscape. From this, we create the CISO Insider — an actionable report that explores the top three issues that are most relevant in today’s threat landscape. This quarter, we’re exploring rising ransomware rates, the need for increased automation and better tools to empower security teams to do more with limited resources, and the opportunity for extended detection and response (XDR) to help rapidly address emergent threats.

Read full CSO article.

When Ransomware Group REvil Vanished, Its Victims Were Stranded

Bloomberg, July 27, 2021

Hi, this is Kartikay on the cyber team. Ransomware attacks always hurt—but perhaps never more so than when the victim is compromised through the very company they pay for IT and security services.

Read full Bloomberg article. 

White House announces ransomware task force — and hacking back is one option

Politico, July 14, 2021

The administration is promoting efforts to help agencies go on defense and offense against hackers whose economically paralyzing attacks pose a growing threat to the U.S.

Read full Politico article.

White House convenes international summit to thwart ransomware threats

MSN, October 31, 2022

The White House is hosting its second annual summit, involving dozens of countries and tech companies, to thwart the threat of ransomware attacks.

Read full MSN article.

White House Sets Sights on New Healthcare Cybersecurity Standards

Health IT Security, October 18, 2022

New healthcare cybersecurity standards and guidance from the White House are on the horizon, Anne Neuberger, deputy national security advisor for cyber and emerging technology in the Biden Administration, said at a recent Washington Post event.

Read full Health IT Security article.

Why “Ransomware Insurance” Causes Healthcare Industry to Overlook Deeper, Underlying Security Issues

CPO Magazine, September 2, 2021

In most circumstances, insuring your organization against potential threats is a solid idea. Within this frame of logic, particularly for a healthcare organization, a sector where 34% of all organizations were hit by ransomware last year, insurance may seem like a good investment.

Read full CPO Magazine article.

Why healthcare security needs urgent care

Hospital Health, July 28, 2021

Increased ransomware incidents in health care require stringent protection of critical systems and data. Australia’s healthcare sector has been the target of increased cybersecurity incidents since COVID-19 forced digital care into the spotlight. Sensitive data collected by healthcare providers, as well as their increased reliance on cloud-based services and telehealth, make the industry a prime target

Read full Hospital Health article.

Why Hive Attacks Are the Latest Menace to Healthcare Sector

Gov Info Security, October 26, 2021

Several characteristics of the Hive ransomware group make the threat actor particularly menacing to victims, which include healthcare sector targets, says Adam Meyers, vice president of intelligence at security firm CrowdStrike.

Read full Gov Info Security article.

Why Is Healthcare a Target for Ransomware Attacks?

Make Use Of, July 31, 2021

Ransomware poses a huge threat to medical institutions. Here’s why and what that means for you.

Why ransomware attacks in healthcare remain a problem – and how to stop them

SC Media, September 8, 2021

If data has value, then electronic health records are a treasure trove. Today’s emboldened and ever-more-sophisticated cyber criminals know this. With many healthcare organizations again stretched thin to address raising COVID-19 case counts, there’s little doubt that we will see a steady drumbeat of new ransomware attacks, building on the record number so far this year.

Read full SC Media article.

Why Storage and Backups Are a Key Component of Healthcare Cybersecurity

Health Tech, May 20, 2022

If there’s a healthcare organization that knows something about building a strong data security foundation, it’s Kelsey-Seybold Clinic.

In fact, the multidisciplinary clinic system, with locations throughout the greater Houston area, “had ransomware before ransomware was cool,” according to CTO and CISO Martin Littmann.

Read full Health Tech article.

With the holidays come greater ransomware attacks

SC Media, November 24, 2021

It’s that time of the year. Time to celebrate. Eat well. And sadly, to deal with even more cybercrime, especially ransomware attacks, according to one firm.

Read full SC Media article.

Working with hospitals to reassess risk in the ransomware age

SC Media, October 27, 2021

It’s an unfortunate truth that ransomware attacks have become not only more common, but also more disruptive and dangerous, especially at hospitals, where a misplayed ransomware attack could result in a fatality.

Read full SC Media article.

Pin It on Pinterest

Share This