Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Healthcare Security. Show all posts

Cancer Hospital Suffers Ransomware Attack, Hackers Threaten to Swat Patients

Harm patients if the medical facilities don't pay

Extortionists are now threatening to harm hospital patients if the medical facilities don't pay the thieves' ransom demands. They do this by reporting bomb threats or other fictitious reports to the police, causing heavily armed police to come up at victims' houses.

Criminals vowed to turn on the patients directly after breaking into the IT system of Seattle's Fred Hutchinson Cancer Center in November and taking medical documents, including Social Security numbers, diagnoses, and lab results.


Understanding the reasons

The idea seems to be that the US hospital will be under pressure to pay up and stop the extortion because of those patients and the media coverage of any swatting. Similar tactics are used by other groups targeting IT service providers: in addition to extorting the suppliers, they often threaten or harass the customers of those companies.

"Fred Hutchinson Cancer Center was aware of cyber criminals issuing swatting threats and immediately notified the FBI and Seattle police, who notified the local police," a representative said. "The FBI, as part of its investigation into the cybersecurity incident, also investigated these threats."

The cancer center refuses to respond to further questions regarding the threats. The center has more than ten clinics in the Puget Sound region of Washington.

Patients were informed last month about a similar "cyber event" by Integris Health, another Oklahoman health network that runs a network of 43 clinics and 15 hospitals. During this incident, hackers may have gained access to personal information. Some of these individuals later complained that they received emails from unscrupulous people threatening to sell their personal information on the dark web.

What next?

"As we work with third-party specialists to investigate this matter and determine the scope of affected data and to whom that data relates, we are providing the latest information for patients and the public here," the spokesman for Integris said.

Some corporate types may not find these types of boilerplate responses to be as comforting as they seem. Concerning concerns are raised about how far thieves may go to obtain stolen goods in light of this most recent swatting threat.

According to Emsisoft threat analyst Brett Callow, "ransoms have been allowed to reach lottery jackpot levels, and the predictable upshot is that people are willing to use more and more extreme measures to collect a payout," The Register said.

The security shop demanded earlier this week that ransom payments be outlawed entirely, pointing out that extortion methods were evolving and now included swatting threats.

AHA, Federals Urge Healthcare Ogranizations to Minimize Citrix Bleed Vulnerability

Citrix Vulnerability

Healthcare departments under threat

The alert from the Department of Health and Human Services Health Sector Cybersecurity Coordination Center on Nov. 30 and the AHA warning on Friday come amid an outbreak of ransomware attacks alleged to involve Citrix Bleed exploitation that has hit companies in the healthcare and other sectors in recent weeks. This blog will cover the threats and everything related to the Citrix Bleed flaw.

CySecurity News had already reported on a Citrix bleed bug delivering sharp blows earlier in November 2023.

"HC3 strongly recommends companies to make improvements to prevent additional harm against the healthcare and public health sector," alerted the Department of Health and Human Services.

High severity Citrix Bleed Vulnerability

According to John Riggi, AHA's national adviser for cybersecurity and risk, the urgency of HHS's alert "confirms the gravity" of the Citrix Bleed vulnerability and the urgent requirement to install existing Citrix patches and upgrades to secure healthcare IT systems.

Google’s Mandiant report in October “identified zero-day exploitation of this vulnerability in the wild beginning in late August 2023. Successful exploitation could result in the ability to hijack existing authenticated sessions, therefore bypassing multifactor authentication or other strong authentication requirements. 

These sessions may persist after the update to mitigate CVE-2023-4966 has been deployed. Additionally, we have observed session hijacking where session data was stolen prior to the patch deployment and subsequently used by a threat actor, the report further added.

Foreign ransomware groups involved

Riggi said in a statement that this instance further shows the severity by which foreign ransomware groups, mainly Russian-speaking groups, continues targeting hospitals and health organizations. Ransomware threats interrupt and disrupt the delivery of healthcare, jeopardizing patients' lives. We must be attentive and strengthen our cyber security, as hackers will undoubtedly continue to target the field, particularly over the holiday season, he further added.

Rise in attacks during the holiday season?

NetScaler released an advisory on the flaw in October and then again in late November, citing reports of "a rapid spike in attempts" to take advantage of the vulnerability in unfixed NetScaler ADCs.

The AHA cautioned that exploiting the vulnerability allows hackers to evade password constraints and multifactor authentication mechanisms.

According to HHS HC3, the vulnerability has been routinely exploited since August. Citrix issued a patch for the vulnerability in early October, but the firm warned that compromised sessions would remain active after the patch was applied.

HC3 encourages all administrators to upgrade their devices according to NetScaler's instructions and to erase or "kill" any active or permanent connections with particular commands.

Also read: NetScaler's report to know full details about Citrix Bleed Threat.