Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Healthcare Hacking. Show all posts

Massive Data Breach Hits London Hospitals Following Cyber Attack

 

In a severe cyber attack targeting a London hospital, hackers have published a massive 400GB of sensitive data, raising significant alarm within the healthcare sector. This breach underscores the escalating threat posed by cybercriminals to critical infrastructure, especially within public health services. 

The attack, attributed to a sophisticated hacking group, involved infiltrating the hospital’s IT systems, exfiltrating vast amounts of data, and subsequently releasing it online. The compromised data reportedly includes patient records, internal communications, and operational details, posing severe privacy risks and operational challenges for the hospital. The cybercriminals initially demanded a hefty ransom for the decryption of the stolen data and for not making it public. When the hospital administration, adhering to governmental policies against ransom payments, refused to comply, the hackers followed through on their threat, releasing the data into the public domain. 

This move has not only compromised patient privacy but has also led to significant disruptions in hospital operations. Experts warn that the healthcare sector is increasingly becoming a prime target for ransomware attacks due to the sensitive nature of the data and the critical need for operational continuity. The incident has once again highlighted the urgent need for robust cybersecurity measures within healthcare institutions. Public healthcare providers often operate with complex IT systems and limited budgets, making them vulnerable targets for cyber attacks. 

The ramifications of such breaches are far-reaching, affecting not just the targeted institution but also the patients relying on its services. In response to the breach, the hospital has ramped up its cybersecurity protocols, working closely with cybersecurity experts and law enforcement agencies to mitigate the damage and prevent future incidents. Efforts are also underway to support affected patients, ensuring that their data is secured and providing necessary assistance in the wake of the breach.  

This incident serves as a stark reminder of the persistent and evolving threat landscape that healthcare providers face. It underscores the necessity for continuous investment in cybersecurity infrastructure and the implementation of proactive measures to safeguard sensitive data against potential breaches. 

As the investigation into this attack continues, healthcare institutions worldwide are urged to reassess their cybersecurity strategies, ensuring that they are equipped to defend against such malicious activities. The leak of 400GB of sensitive data stands as a testament to the devastating impact of cybercrime on critical public services, emphasizing the importance of vigilance and robust security practices in the digital age.

LAPSUS$ Group Targets SuperCare Health

 


SuperCare Health, a California-based respiratory care provider, has revealed a data breach that exposed the personal details of over 300,000 patients. Someone had access to specific systems between July 23 and July 27, 2021. By February 4, the company had assessed the scope of the data breach, learning the attackers had also acquired patient files including sensitive personal information such as:
  • Names, addresses, and birth dates.
  • A medical group or a hospital.
  • Along with health insurance details, a patient's account number and a medical record number are required. 
  • Data about one's health, such as diagnostic and treatment information. 
  • A small number of people's Social Security numbers and driver's license information were also revealed. 

"We have no reason to suspect any information was published, shared, or misused," according to SuperCare Health, but all possibly impacted patients should take extra security precautions to avoid identity theft and fraud. 

On March 25, the company notified all affected customers and implemented extra security steps to prevent the following breaches. The breach has affected 318,379 people, according to the US Department of Health and Human Services. Based on the number of people affected, this is presently among the top 50 healthcare breaches disclosed in the last two years. SuperCare Health further told, "We have reported the event to a Federal Bureau of Investigation and it will cooperate to help us identify and prosecute those involved." 

In the last several months, several healthcare institutions have revealed massive data breaches. Monongalia Health System (400,000 people affected), South Denver Cardiology Associates (287,000 people affected), Norwood Clinic (228,000 people affected), and Broward Health (228,000 people affected) are among the organizations on the list (1.3 million). 

Last week, the Health Department issued an advisory to healthcare groups, warning companies about the impact of a major cybercrime attack by the Lapsus$ cybercrime group. In recent months, the hackers have targeted Samsung, NVIDIA, Vodafone, Ubisoft, Globant, Microsoft, and Okta, among others. The organization takes information, often source code, and threatens to release it unless they are paid.

LAPSUS$ steals confidential information from organizations which have been hacked, then threatens to disclose or publish the information if the requested amount is not paid. The LAPSUS$ extortion ring, on the other hand, has abandoned the typical ransomware strategies of file encryption and computer lockout. 

According to the notice, the Health Department is aware of healthcare institutions which have been hacked as a result of the Okta attack; Okta has verified that more than 300 of its clients have been affected by the breach. In the light of the incident, Police in the United Kingdom have identified and charged several accused members of the Lapsus$ gang.

Brazil's Ministry of Health has been Subjected to a Second Cyberattack in Less than a Week

 

Brazil's Ministry of Health has been subjected to a second cyberattack in less than a week, compromising a number of internal systems, including the platform that stores COVID-19 vaccination data. The announcement came three days after the department had suffered its first big ransomware attack, from which it was still recuperating. On Monday evening, health minister Marcelo Queiroga confirmed the second attack, saying the latest incident, which occurred in the early hours of the same day, was smaller than the first.

The initial cyberattack, which was discovered on Friday, rendered all Ministry of Health websites inaccessible. According to a message left by the Lapsus$ Group, which has claimed responsibility for the attack, 50TB of data was extracted and then erased from the MoH's systems. Queiroga later stated that the department has a backup of the data that was allegedly obtained during the cyberattack. 

According to the Federal Police, which is investigating the issue, the first attack exposed data on COVID-19 case notifications as well as the broader national vaccination programme, in addition to ConecteSUS. 

According to Queiroga, the department is currently attempting to restore the systems as soon as possible. However, he stated that the second attack meant that ConecteSUS, the platform that issues COVID-19 vaccination certificates, will not be accessible as scheduled. Queiroga stated that while the attempt was unsuccessful and no data was lost, the second incident "caused turmoil" and "got in the way" of restoring systems. The minister did not say when the impacted systems would be operational again. 

The governmental confirmation of the second cyberattack was followed by a statement issued by the Ministry of Health stating that Datasus, the department's IT function, performed a preventive systems maintenance exercise on Monday, resulting in systems being temporarily unavailable. Because of the second attack, civil servants were sent home on Monday because it was impossible to access the health ministry's core systems, such as the platforms that create COVID-19 pandemic reports. 

The Brazilian government's Institutional Security Office (GSI) issued a statement confirming new attacks on cloud-based systems managed by government agencies had taken place. It did not, however, disclose which departments or services were targeted. It went on to say that teams are being instructed to keep evidence and that best practices for incident management are being followed. 

An attack on the Brazilian Health Regulatory Agency (Anvisa) occurred in September; the hack targeted the healthcare declaration for travelers, which is required for visitors entering Brazil through airports. The attack occurred shortly after the cancellation of a World Cup qualification match between Brazil and Argentina, which Anvisa called off after four Argentine players were accused of violating COVID-19 travel guidelines.

Significant Rise in Cyberattacks Against Healthcare Facilities, 68 Attacks in Q3 2021

 

Cyberattacks against healthcare facilities increased alarmingly last month, around 68 healthcare providers were locked out of their networks by ransomware attacks in the third quarter of this year, putting patient security and privacy at risk. 

Without a holistic whole-facility cybersecurity approach, specialists fear that patients would be unable to get essential care at a targeted facility. The Hillel Yaffe Medical Center in Hadera, Israel, and Johnson Memorial Health Hospital in Franklin, Indiana, are just two examples of the medical facilities targeted. 

The early-October cyberattack at Johnson Memorial Hospital locked databases and compromised patient data. A ransom amount was surprisingly not demanded. Hillel Yaffe Medical Center was attacked by Black Shadow, a reportedly Iran-backed group, in early November. Investigators believed it would take many weeks to recover and grasp the full scope of what had happened because 290,000 people's personal data had been leaked. 

Healthcare facilities' legacy OT equipment becomes exposed to hackers as they upgrade. Water, HVAC, oxygen, electrical, and other key systems are all connected, yet they may not be properly monitored or protected in terms of cybersecurity. Any of these utilities being compromised will have a detrimental influence on patient care, perhaps putting the lives of individuals being treated at risk. 

Ilan Barda, CEO of Radiflow stated, “Accessing patient data is worrisome, but the idea of hackers gaining access to components in a specific ward or even a single operating room is alarming.” 

“CISOs at facilities should focus on both IT systems and OT environments, starting from risk assessment to threat monitoring. There should be continuous holistic risk management for more mature organizations that combine both IT and OT systems. With Radiflow, teams can monitor the full range of a healthcare OT security from one central location.” 

With 68 global attacks on healthcare facilities in Q3 of this year alone, the US Department of Health and Human Services (HHS) had warned of worrisome trends in 2021.

Ransomware Groups are Escalating Their Attacks on Healthcare Organizations

 

Ransomware groups have shown no signs of declining their attacks on hospitals, apparently intensifying attacks on healthcare institutions as countries all over the world cope with a new wave of COVID-19 virus. 

Two healthcare institutions in California and Arizona have begun sending out breach notification letters to thousands of people after both disclosed that sensitive information — including social security numbers, treatment information, and diagnosis data —, was obtained during recent hacks. 

LifeLong Medical Care, a California health facility, is mailing letters to about 115 000 people informing them of a ransomware attack on November 24, 2020. The letter does not specify which ransomware gang was responsible. Still, it does state that Netgain, a third-party vendor that offers services to LifeLong Medical Care, "discovered anomalous network activity" only then concluded that it was a ransomware assault by February 25, 2021. 

Netgain and LifeLong Medical Care finished their investigation by August 9, 2021. They discovered that full names, Social Security numbers, dates of birth, patient cardholder numbers, treatment, and diagnosis information were accessed and/or obtained during the assaults. 

Credit monitoring services, fraud alerts, or security freezes on credit files, credit reports, and stay attentive when it comes to "financial account statements, credit reports, and explanation of benefits statements for fraudulent or unusual behavior," as per LifeLong Medical Care. 

For further information, anyone with questions can call (855) 851-1278, which is a toll-free number. 

After being struck by a ransomware assault that revealed confidential patient information, Arizona-based Desert Wells Family Medicine was compelled to issue a similar letter to 35 000 patients. 

On May 21, Desert Wells Family Medicine learned it had been hit by ransomware and promptly engaged an incident response team to assist with the recovery. The incident was also reported to law enforcement. 

According to the healthcare institution, the ransomware gang "corrupted the data and patient electronic health records in Desert Wells' possession before May 21". After the malicious actors accessed the healthcare facility's database and backups, it was unrecoverable. 

Desert Wells Family Medicine stated in its letter, "This information in the involved patient electronic health records may have included patients' names in combination with their address, date of birth, Social Security number, driver's license number, patient account number, billing account number, health insurance plan member ID, medical record number, dates of service, provider names, and medical and clinical treatment information." 

The organization stated that it is presently reconstructing its patient electronic health record system and will provide free credit monitoring and identity theft prevention services to victims. 

"Patients should also check statements from their healthcare providers or health insurers and contact them right away if they notice any medical services they did not get," the letter continued. 

These recent assaults, according to Sascha Fahrbach, a cybersecurity evangelist at Fudo Security, indicate that the healthcare business, with its precious personal information, remains an enticing and profitable target for hackers and insiders. 

"There were more than 600 healthcare data breaches last year, with more than 22 million people affected, and unfortunately, this trend shows no sign of slowing down. Healthcare operators need to reassess their security posture, as well as shifting their mindset when it comes to safeguarding their data," Fahrbach added. 

"In particular, third parties remain a security liability which needs to be urgently addressed. Many in the healthcare industry are not taking the proper steps to mitigate third-party remote access and third-party vendor risk." 

After the Hive ransomware knocked down a hospital system in Ohio and West Virginia last month, the FBI issued a notice two weeks ago, adding that the gang frequently corrupts backups as well.

Hive has targeted at least 28 companies so far, including Memorial Health System, which was struck by ransomware on August 15.

Irish Health System and 16 U.S. Health and Emergency Networks Hit by Conti Ransomware Gang

 

According to the Federal Bureau of Investigation, the same group of online extortionists responsible for last week's attack on the Irish health system has also targeted at least 16 medical and first-responder networks in the United States in the past year. The FBI said cybercriminals using the malicious software called 'Conti' have attacked law enforcement, emergency medical services, dispatch centers, and municipalities, according to a warning issued by the American Hospital Association on Thursday. 

In May of 2020, the Conti ransomware appeared on the threat landscape. It has some links to other ransomware families. Conti has evolved quickly since its discovery, and it's known for how quickly it encrypts and deploys around a target system. Conti is a “double extortion” ransomware that steals and attempts to reveal data in addition to encrypting it. 

The FBI didn't specify who was targeted in these hacks or whether ransoms were paid, only that these networks "are among more than 400 organizations worldwide victimized by Conti, with over 290 of them based in the United States." The new ransom demands have been as high as $25 million, according to the study. 

On Thursday, Ireland said experts were looking into a decryption tool that had been posted online, which could help activate IT systems that had been crippled by a major ransomware attack on the country's healthcare provider. The government stated that it had not paid any ransom and would not pay any in return for the alleged key. It didn't respond to claims that the gang had threatened to release reams of patient information next week. 

This ransomware attack has prevented access to patient information, forced medical facilities to cancel appointments, and disrupted Covid-19 testing around the country for the past week. Ossian Smyth, Ireland's e-government minister, has described it as "perhaps the most serious cyber crime assault on the Irish state." 

The hackers who took down Ireland's healthcare system are said to be members of "Wizard Spider," a sophisticated cybercrime group based in Russia that has become more involved in the past year. The group has threatened to release medical records unless Ireland pays a $20 million fine.

Russian Foreign Ministry urged whole world to abandon cyber attacks on healthcare facilities during a pandemic


Against the background of the coronavirus pandemic, Moscow calls for an end to cyberattacks on healthcare facilities and critical infrastructure. This was announced on Monday, July 20, by the Russian President's Special Representative for International Cooperation in the Field of Information Security, Director of the Department of International Information Security of the Russian Foreign Ministry, Andrei Krutskikh.

He stressed that Russia shares the opinion of many countries that the information and communication infrastructure in the health sector is needed.

"We propose to secure the obligation for states to refrain from attacks not only on medical facilities, but also in general on the critical information infrastructure of institutions that provide vital public services," said Krutskikh.

In particular, the diplomat noted the spheres of education, energy, transport, as well as banking and finance. In addition, he added that work on this will continue at the  United Nations platforms on international information security.

In addition, the Russian Ministry of Foreign Affairs offered Germany to hold consultations on cybersecurity.

"We consider it extremely important to resume a full-scale dialogue in this format with the involvement of the necessary range of experts on international information security. This will help neutralize an unnecessary irritant in our bilateral relations and transfer interaction on the issue of information security into a practical plane," said Krutskikh.

Moreover, the special representative commented on the situation with  Russian Dmitry Badin.
According to Krutskikh, Russia has offered Germany several times to hold consultations on information security, including in 2018, but the German side disrupted the planned talks.

Earlier, E Hacking News reported that the Office of the German Federal Public Prosecutor issued an arrest warrant for a Russian whom they suspect of hacking into the computer systems of the German Parliament in 2015. The publication reports that the suspect's name is Dmitry Badin, he is allegedly an officer of the GRU.  Russia repeatedly denied accusations of involvement in hacker attacks.