Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Healthcare Data. Show all posts
Patient Data
Data Breach data security Data Sets Data Theft Healthcare Data healthcare data breach Patient Data

DM Clinical Research Database Exposed Online, Leaking 1.6M Patient Records

 

A clinical research database containing over 1.6 million patient records was discovered publicly accessible online without encryption or password protection. Security researcher Jeremiah Fowler found the dataset, linked to DM Clinical Research, exposing sensitive information such as names, medical histories, phone numbers, email addresses, medications, and health conditions. 

The unprotected database, totaling 2TB of data, put those affected at risk of identity theft, fraud, and social engineering scams. While the database name suggests it belongs to DM Clinical Research, it remains unclear whether the firm directly managed it or if a third party was responsible. Fowler immediately sent a disclosure notice, and the database was taken offline within hours. 

However, it is unknown how long it remained exposed or whether threat actors accessed the data before its removal. Only a thorough forensic audit can determine the extent of the breach. DM Clinical Research responded to the disclosure, stating that they are reviewing the findings to ensure a swift resolution. They emphasized their commitment to data security and compliance with legal regulations, highlighting the importance of protecting sensitive patient information. 

However, this incident underscores the growing risks facing the healthcare industry, which remains a prime target for cyberattacks, including ransomware and data breaches. Healthcare data is among the most valuable for cybercriminals, as it contains detailed personal and medical information that cannot be easily changed, unlike financial data. 

In recent years, hackers have aggressively targeted medical institutions. In 2024, a cyberattack compromised the records of 190 million Americans, and UnitedHealth suffered a ransomware attack that leaked customer information onto the dark web. The exposure of sensitive medical conditions—such as psychiatric disorders, HIV status, or cancer—could lead to discrimination, scams, or blackmail. Attackers often use exposed medical data to craft convincing social engineering scams, posing as doctors, insurance companies, or medical professionals to manipulate victims. 

Fowler warns that health records, unlike financial data, remain relevant for a lifetime, making breaches particularly dangerous. Organizations handling sensitive data must take proactive measures to protect their systems. Encryption is critical to safeguarding customer information, as unprotected datasets could lead to legal consequences and financial losses. Real-time threat detection, such as endpoint security software, helps identify intrusions and suspicious activity before damage is done. 

In the event of a breach, transparency is essential to maintaining consumer trust and mitigating reputational harm. For individuals affected by data breaches, vigilance is key. Regularly monitoring financial accounts and bank statements for suspicious transactions can help detect fraudulent activity early. Social engineering attacks are also a major risk, as scammers may exploit exposed medical data to impersonate trusted professionals. 

Be cautious of unexpected emails, phone calls, or messages requesting personal information, and avoid opening attachments from unfamiliar sources. Using strong, unique passwords—especially for financial and healthcare accounts—adds an extra layer of security. 

This breach is yet another reminder of the urgent need for stronger cybersecurity measures in the healthcare sector. As cybercriminals continue to exploit vulnerabilities, both organizations and individuals must remain proactive in safeguarding sensitive data.
Read more »
ransomware attacks
Critical Infrastructure Cyber Attacks cybersecurity in healthcare data security Healthcare Data Healthcare Industry ransomware attacks

WHO and Global Leaders Warn Against Rise of Ransomware Attacks Targeting Hospitals

 

On November 8, the World Health Organization (WHO) joined over 50 countries in issuing an urgent warning at the United Nations about the increase in ransomware attacks on healthcare systems worldwide. WHO Director-General Tedros Adhanom Ghebreyesus addressed the UN Security Council, emphasizing the critical risks these cyberattacks pose to public health and safety. He highlighted the growing frequency of attacks on hospitals, which could delay urgent care, disrupt essential services, and lead to life-threatening consequences. Calling for global cooperation, he described ransomware as an international security threat that demands a coordinated response. 

Ransomware is a form of cyberattack where hackers lock or encrypt a victim’s data and demand payment in exchange for releasing it. This form of digital extortion has escalated globally, affecting healthcare providers, institutions, and governments alike. In the healthcare sector, such attacks can be particularly devastating, compromising the safety of patients and healthcare workers. The joint statement, endorsed by nations such as Japan, South Korea, Argentina, France, Germany, and the United Kingdom, outlined the immediate dangers these attacks pose to public health and international security, calling on all governments to take stronger cybersecurity measures. The U.S., represented by Deputy National Security Adviser Anne Neuberger, directly blamed Russia for allowing ransomware groups to operate freely within its borders. 

According to Neuberger, some countries knowingly permit these actors to execute attacks that impact critical infrastructure globally. She called out Moscow for not addressing cybercriminals targeting foreign healthcare systems, implying that Russia’s inaction may indirectly support these malicious groups. Additional accusations were made against North Korea by delegates from France and South Korea, who highlighted the country’s alleged complicity in facilitating ransomware attacks. Russia’s UN representative, Ambassador Vassily Nebenzia, defended against these claims, arguing that the Security Council was not the right forum to address such issues. He asserted that Western nations were wasting valuable council time and resources by focusing on ransomware, suggesting instead that they address other pressing matters, including alleged attacks on hospitals in Gaza.  

WHO and the supporting nations warn that cybercrime, particularly ransomware, requires a global response to strengthen defenses in vulnerable sectors like healthcare. Dr. Ghebreyesus underscored that without collaboration, cybercriminals will continue to exploit critical systems, putting lives at risk. The joint statement also condemned nations that knowingly enable cybercriminals by allowing them to operate within their jurisdictions. This complicity, they argue, not only endangers healthcare systems but also threatens peace and security globally. 

As ransomware attacks continue to rise, healthcare systems worldwide face increasing pressure to strengthen cybersecurity defenses. The WHO’s call to action emphasizes that nations need to take ransomware threats as seriously as traditional security issues, working together to protect both patient safety and public health infrastructure.
Read more »
U.S. healthcare
ALPHV Blackcat Ransomware Cyber Attacks Healthcare Data Ransomeware U.S. healthcare

Healthcare in Crosshairs: ALPHV/Blackcat Ransomware Threat Escalates, FBI Issues Warning

 

In a joint advisory, the FBI, CISA, and HHS have issued a stark warning to healthcare organizations in the United States about the heightened risk of targeted ALPHV/Blackcat ransomware attacks. This cautionary announcement follows a series of alerts dating back to April 2022 and underscores the severity of the threat posed by the BlackCat cybercrime gang, suspected to be a rebrand of infamous ransomware groups DarkSide and BlackMatter. 

The advisory highlights that ALPHV Blackcat affiliates have shown a notable focus on the healthcare sector. The FBI, in particular, has linked BlackCat to over 60 breaches within its first four months of activity, accumulating a staggering $300 million in ransoms from over 1,000 victims up until September 2023. Recent developments indicate a shift in BlackCat's targeting strategy, with the healthcare sector becoming a prime victim since mid-December 2023. This shift aligns with an administrator's call for affiliates to target hospitals following operational actions against the group and its infrastructure earlier that month. 

Notably, the warning coincides with a cyberattack on UnitedHealth Group subsidiary Optum, affecting Change Healthcare, a crucial payment exchange platform in the U.S. healthcare system. Although not confirmed, the attack has been linked to the BlackCat ransomware group, and sources suggest the threat actors exploited the ScreenConnect auth bypass vulnerability (CVE-2024-1709) for initial access. 

The joint advisory emphasizes the critical need for healthcare organizations, considered part of the nation's critical infrastructure, to implement robust mitigation measures against Blackcat ransomware and data extortion incidents. Authorities urge these entities to bolster cybersecurity safeguards, specifically tailored to counteract prevalent tactics, techniques, and procedures commonly employed in the Healthcare and Public Health (HPH) sector. This development underscores the evolving nature of cyber threats, especially within the healthcare landscape, and the necessity for proactive measures to safeguard sensitive patient data and critical infrastructure. 

The FBI, CISA, and HHS have shared indicators of compromise to assist organizations in identifying potential threats, emphasizing the importance of collaboration to combat the persistent and evolving threat posed by ransomware groups like BlackCat. As the healthcare sector grapples with escalating cyber risks, the advisory serves as a stark reminder of the urgent need for comprehensive cybersecurity measures, including timely patching of vulnerabilities and robust incident response plans. Organizations are encouraged to stay vigilant, collaborate with cybersecurity agencies, and prioritize the security of their networks and systems to mitigate the impact of ransomware attacks. 

The U.S. State Department's substantial rewards for information leading to the identification or location of BlackCat gang leaders underscore the severity of the threat and the government's commitment to dismantling these cybercriminal operations. In this high-stakes environment, the healthcare industry must remain resilient, continually adapting to emerging threats, and fortifying its defenses against ransomware attacks.
Read more »
U.S. Census Bureau
Artificial Intelligence Data Privacy Healthcare Healthcare Data Synthetic Data Technology U.S. Census Bureau

Synthetic Data: How Does the ‘Fake’ Data Help Healthcare Sector?


As the health care industry globally continues to collapse from staff-shortage, AI is being hailed as the public and private sector’s salvation. With its capacity to learn and perform jobs like tumor detection from scans, the technology has the potential to prevent overstress among healthcare professionals and free up their time so they can concentrate on providing the best possible treatment.

However, AI requires its data to be working perfectly in order operate efficiently. If the models are not trained properly on comprehensive, objective, and high-quality data, it could lead to insufficient outcomes. This way, AI has turned out to be lucrative aspect for healthcare institutions. However, it is quite challenging for them to gather and use information while also adhering to privacy and confidentiality regulations because of the sensitivity of the patient data involved.

This is where the idea of ‘synthetic data’ come into play. 

Synthetic Data

The U.S. Census Bureau defines synthetic data as artificial microdata that is created with computer algorithms or statistical models to replicate the statistical characteristics of real-world data. It can supplement or replace actual data in public health, health information technology, and healthcare research, sparing companies the headache of obtaining and utilizing real patient data.

One of the reasons why synthetic data is preferred over the real-world information is the privacy it provides. 

Synthetic data is created in a way that maintains the dataset's analytical usefulness while replacing any personally identifying information (PII) with non-identified numbers. This ensures that identities cannot be traced back to particular records or used for re-identification while facilitating the easy usage and exchange of data for internal use.

Using fake data as an alternative for PII ensures that the organizations remain true to their guidelines such as GDPR and HIPAA throughout the process. 

In addition to protecting privacy, synthetic datasets can assist save the time and money that businesses often need to spend obtaining and managing real-world data using conventional techniques. Without needing businesses to enter into complicated data-sharing agreements, privacy legislation, or data access restrictions, they faithfully reproduce the original data.

Caution is a Must At All Stages

Even though synthetic data has a lot of advantages over real data, it should never be treated carelessly.

For example, the output may be less dependable and accurate than anticipated and could have an impact on downstream applications if the statistical models and algorithms being used to generate the data are faulty or biased in any manner. In a similar vein, a malicious actor could be able to re-identify the data if it is only partially safeguarded.

Such case can happen if the synthetic data include outliners and unique data points, such as a rare disease found in a small number of records. It may be connected to the original dataset with ease. Re-identifying records in the synthetic data can also be accomplished by adversarial machine learning techniques, particularly in cases where the attacker has access to both the generative model and the synthetic data.

These situations can be avoided by using techniques like differential privacy – to add noise to the data – and disclosure control in the generation process in order to add alteration and perturbation of the information. 

Generating synthetic data could be tricky and may as well result in compromise of transparency and reproducibility. Researchers and teams are thus advised to take the aforementioned approach without running the same risks, and constantly seek to document and share the procedures used to produce synthetic data.  

Read more »
Ransomware attack
ALPHV Blackcat Ransomware BlackCat Data Breach Healthcare Data Henry Schein Ransomware attack

Henry Schein Data Breach: Healthcare Giant Reports Second Attack in Two Months


U.S. based healthcare company Henry Schein has confirmed another cyberattack this month conducted by threat actor ‘BlackCat/ALPHV’ ransomware gang. The company was previously attacked by the same group in October. 

Henry Schein

Henry Schein is a Fortune 500 healthcare products and services provider with operations and affiliates in 32 countries, with approximately $12 billion in revenue reported in 2022. 

It first made public on October 15 that, following a cyberattack the day before, it had to take some systems offline in order to contain the threat.

On November 22, more than a month later, the company announced that parts of its apps and the e-commerce platform had once more been taken down due to another attack that was attributed to the BlackCat ransomware.

"Certain Henry Schein applications, including its ecommerce platform, are currently unavailable. The Company continues to take orders using alternate means and continues to ship to its customers," the announcement said.

"Henry Schein has identified the cause of the occurrence. The threat actor from the previously disclosed cyber incident has claimed responsibility."

Today, the company released a statement, noting that it has restored its U.S. e-commerce platform and that it is expecting its platforms in Canada and Europe to be back online shortly. 

The healthcare services company is apparently still taking orders through alternate methods and distributing them to customers in the affected areas.

Henry Schein’s BlackCat Breach

Following the breach, the ransomware gang BlackCat added Henry Schein to its dark web leak forum, taking responsibility for breaching the company’s network. BlackCat notes that it has stolen 35 terabytes of the company’s crucial data. 

The cybercrime organization claims that they re-encrypted the company's devices while Henry Schein was about to restore its systems, following a breakdown in negotiations toward the end of October.

This would make the event this month the third time that BlackCat has compromised Henry Schein's network and encrypted its computers after doing so on October 15.

"Despite ongoing discussions with Henry's team, we have not received any indication of their willingness to prioritize the security of their clients, partners, and employees, let alone protect their own network," the threat actors said.

The ransomware group further warned of releasing their internal payroll data and shareholder folders to their collective blog by midnight. 

Initially discovered in November 2021, BlackCat is believed to have rebranded itself from the popular DarkSide/BlackMatter gang. DarkSide has earlier gained global recognition by initiating attacks on Colonial Pipelines, prompting extensive law enforcement probes.

Moreover, the FBI has linked the ransomware group to over 60 breaches, between November 2021 and March 2022, affecting companies globally.  

Read more »
User Privacy
Confidential Data Data Breach Data protection Healthcare Data Protocols unauthorised access United States User Data User Privacy

Welltok Data Breach: 8.5 Million U.S. Patients' Information Compromised

The personal data of 8.5 million American patients was at risk due to a data breach that occurred recently at Welltok, a well-known supplier of healthcare solutions. Since cybersecurity specialists found the intrusion, the organization has been attempting to resolve the issue and minimize any possible harm.

According to reports from Bleeping Computer, the breach has exposed a vast amount of sensitive data, including patients' names, addresses, medical histories, and other confidential information. This breach not only raises concerns about the privacy and security of patient data but also highlights the increasing sophistication of cyber threats in the healthcare sector.

Welltok has promptly responded to the incident, acknowledging the breach through a notice posted on their official website. The company has assured affected individuals that it is taking necessary steps to investigate the breach, enhance its security measures, and collaborate with law enforcement agencies to identify the perpetrators.

The impact of this breach extends beyond the United States, as reports from sources suggest that the compromised data includes patients from various regions. This global reach amplifies the urgency for international cooperation in addressing cyber threats and fortifying data protection measures in the healthcare industry.

Cybersecurity analysts estimate that the breach may have affected up to 11 million patients, emphasizing the scale and severity of the incident. The potential consequences of such a breach are far-reaching, ranging from identity theft to unauthorized access to medical records, posing serious risks to individuals' well-being.

This incident underscores the critical need for organizations, especially those handling sensitive healthcare data, to continuously assess and strengthen their cybersecurity protocols. As technology advances, so do the methods employed by malicious actors, making it imperative for companies to stay vigilant and proactive in safeguarding the privacy and security of their users.

The ongoing risks to the healthcare sector are brought home sharply by the Welltok data hack. The company's efforts to stop the breach and safeguard the impacted parties serve as a reminder of the larger difficulties businesses encounter in preserving the confidentiality of sensitive data in the increasingly linked digital world.

Read more »
TechCrunch
Data Breach Digital healthcare system Healthcare cybersecurity Healthcare Data Sensitive Information TechCrunch

Truepill Data Breach: Navigating Healthcare's Digital Security Crisis

The recent Truepill data breach has generated significant questions regarding the security of sensitive patient data and the vulnerability of digital platforms in the rapidly changing field of digital healthcare.

The breach, reported by TechCrunch on November 18, 2023, highlights the exposure of millions of patients' data through PostMeds, a pharmacy platform relying on Truepill's services. The scope of the breach underscores the urgency for healthcare organizations to reevaluate their cybersecurity protocols in an era where digital health is becoming increasingly integrated into patient care.

Truepill, a prominent player in the digital health space, has been a key facilitator for various healthcare startups looking to build or buy telehealth infrastructure. The incident prompts a reassessment of the risks associated with outsourcing healthcare services and infrastructure. As explored in a TechCrunch article from May 17, 2021, the decision for startups to build or buy telehealth infrastructure requires careful consideration of the potential security implications, especially in light of the Truepill breach.

One striking revelation from the recent breach is the misconception surrounding the Health Insurance Portability and Accountability Act (HIPAA). Contrary to popular belief, as noted by Consumer Reports, HIPAA alone does not provide comprehensive protection for medical privacy. The article highlights the gaps in the current legal framework, emphasizing the need for a more robust and nuanced approach to safeguarding sensitive healthcare data.

The Truepill data breach serves as a wake-up call for the entire healthcare ecosystem. It underscores the importance of continuous vigilance, stringent cybersecurity measures, and a comprehensive understanding of the evolving threat landscape. Healthcare providers, startups, and tech companies alike must prioritize the implementation of cutting-edge security protocols to protect patient confidentiality and maintain the trust that is integral to the doctor-patient relationship.

As the digital transformation of healthcare accelerates, the industry must learn from incidents like the Truepill data breach. This unfortunate event should catalyze a collective effort to fortify the defenses of digital health platforms, ensuring that patients can confidently embrace the benefits of telehealth without compromising the security of their sensitive medical information.

Read more »
US Healthcare
Cyber Attacks cybersecurity research Healthcare Data Healthcare organizations Proofpoint US Healthcare

88% of Healthcare Organizations Have Suffered a Cybersecurity Incident in Past Year


Organizations included in the healthcare sector, like hospitals and clinics, have struggled with a series of cyberattacks in recent years, resulting in their inability to provide even the minimum services because of computer outages and loss of important files in the data breaches.

In a recent report published on Wednesday by research conducted by Proofpoint, an email security company, around 90% of healthcare organizations have experienced at least one cybersecurity incident in the past year. 

In the past two years, more than half of the healthcare organizations have reported to have experienced an average of four ransomware attacks. 68% of the organizations surveyed noted that the attacks “negatively impacted patient safety and care.”

The aforementioned report conducted by Proofpoint includes a survey of more than 650 IT and cybersecurity professionals in the US healthcare sector, highlighting the healthcare sector's ongoing susceptibility to common attack methods. It occurs as the Cybersecurity and Infrastructure Security Agency works to provide greater assistance to small, rural hospitals that are underfunded and wilting under constant cyberattacks.

As healthcare organizations struggle to find alternatives to their outdated technology so they can keep providing services, these efforts are using up more and more of their resources. Between 2022 and 2023, the cost of the time spent minimizing the attacks' consequences on patient care rose by 50%, from around $660,000 to $1 million.

In the case of ransomware assault in hospital systems, where computer networks shut down, the impact is rapid and extensive. 

Stephen Leffler, president and chief operating officer of the University of Vermont Medical Center, spoke about how a ransomware assault in October 2020 brought about a catastrophe at his facility during a congressional hearing in September. For 28 days, senior physicians had to train junior physicians on how to use paper records as the National Guard assisted the IT department in a round-the-clock operation to wipe and reconfigure every computer in the network.

Leffler remarked, "We literally went to Best Buy and bought every walkie-talkie they had." This was due to their internet-based phone system being offline. Between 2022 and 2023, the cost of patient care grew by 50%, from about $660,000 to $1 million.

Leffler, who has been an emergency medicine doctor for 30 years, further commented “I've been a hospital president for four years. The cyberattack was much harder than the pandemic by far.” 

Read more »
Subscribe to: Posts (Atom)