Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Healthcare Firm. Show all posts

Ransomware Group Siphons Data of 1 Million Patients Using a New Zero-Day Flaw

 

One of the biggest healthcare organisations in the United States, Community Health Systems (CHS), has acknowledged this week that they had been the target of a cyberattack. In a recent ransomware attack, hackers gained access to the protected and personal health information of up to 1 million individuals. Tennessee is the home of CHS, which operates 80 hospitals across 16 states. 

GoAnywhere MFT, a well-known file transfer programme created by Fortra (formerly HelpSystems), which enables big businesses to share data safely, is to blame for the data breach. According to CHS, Fortra just informed them of a security incident that led to the unapproved disclosure of patient data. 

In a filing with government officials on February 13, Community Health Systems revealed the hack. As noted by TechCrunch, this is Community Health Systems' second recent data breach involving patient information.

The newly discovered zero-day vulnerability was used in a hacking campaign by the Russian-affiliated ransomware cybercrime outfit Clop. Almost a hundred businesses utilising the Fortra software, including CHS, are said to have been compromised.

CVE-2023-0669 is the official tracking number for the zero-day flaw in Fortra's GoAnywhere software, which was first discovered on February 2 by security expert Brian Krebs. Because Fortra's website at the time was not publicly accessible, Krebs posted the vulnerability report on his Mastodon account. 

The University of Colorado, Kroger, Morgan Stanley, and Qualys are just a few of the public institutions and commercial targets that the Clop ransomware group has previously targeted. 

In the medical field, ransomware can occasionally but severely result in fatal outcomes, especially in a large, multi-state hospital unit. A patient lost their life in September 2020 at Düsseldorf University Hospital in Germany as a result of a ransomware outbreak that prevented emergency surgery. 

Using cryptocurrency transactions as a means of payment for the decryption of victims' data, ransomware has grown into a multi-billion dollar criminal industry.

Kaiser Permanente Reveals Data Leak of Nearly 70,000 Medical Records

 

Kaiser Permanente, California’s biggest hospital system has disclosed a data breach in one of its subsidiaries that put the sensitive medical data of almost 70,000 patients at risk. 

In a letter sent to patients on June 3, the healthcare provider termed the breach as a “security incident” that occurred on April 5 and involved unauthorized access to an employee’s emails. 

The leaked data included the first and last names of patients’, medical record numbers, dates of service, and laboratory test result information, the disclosure letter states. Sensitive data such as Social Security numbers and credit card numbers were not leaked in the data breach. 

After discovering that a hacker secured access to employees’ emails, Kaiser Permanente terminated the access within hours and launched an internal investigation to identify the scope of the data breach. Although there was no sign that the unauthorized party accessed the protected health information (PHI) contained in the emails, the healthcare firm could not rule out the possibility. 

Furthermore, the healthcare provider has taken multiple steps to boost the security which includes resetting the employee’s password for the email account where unauthorized activity was detected and additional training on safe email practices. 

“The breach occurred almost three months ago, yet Kaiser Permanente has only recently notified potentially impacted people that their data may have been compromised. During this time, the affected individuals could have been targeted by attackers using any specific information stolen in convincing social engineering campaigns. It’s critical that as a part of their larger cybersecurity culture, organizations include assessing their ability to quickly understand the scope of a potential breach in risk analysis or tabletop exercises,” stated Chris Clements, Vice President of Solutions Architecture at cybersecurity firm Cerberus Sentinel. 

Security tips to counter data breach 

The data breach took place nearly three months ago, but the healthcare firm just recently alerted potentially affected individuals that their private data may have been exposed. During the three-month period, the hackers may have exploited data to secure access to other restricted systems and also used it to access financial data such as credit card information, software codes, or online banking passwords.

As data breach attacks are becoming more common, it is critical to understand how to mitigate the risks. Here are some easy tips to shield your data from the threat of a security breach. 

• Change and Secure Your Passwords 
• Update data security features 
• Use Access Controls 
• Safeguard physical data 
• Encrypt data 
• Protect portable devices