Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Healthcare cybersecurity. Show all posts

Ascension Breached Due to Employee Downloading Malicious File

 

Ascension, one of the largest healthcare systems in the United States, disclosed that a ransomware attack in May 2024 was initiated when an employee mistakenly downloaded a malicious file onto a company device.

The healthcare provider indicated that the employee likely believed they were downloading a legitimate file, classifying the incident as an "honest mistake."

The ransomware attack disrupted the MyChart electronic health records system, phone lines, and systems for ordering tests, procedures, and medications. In response, Ascension took some devices offline on May 8 to address what was initially termed a "cyber security event."

As a result, staff had to record procedures and medications manually since electronic patient records were inaccessible. Ascension also temporarily halted some non-urgent elective procedures, tests, and appointments and redirected emergency medical services to other facilities to avoid delays in patient care.

As of Wednesday, Ascension reported that certain services remain affected and that efforts to restore electronic health record systems, patient portals, and phone systems, as well as test, procedure, and medication ordering systems, are ongoing.

An ongoing investigation revealed that the attackers accessed and stole files from only seven of the thousands of servers on Ascension's network.

"Currently, we have evidence showing the attackers accessed files from a limited number of servers used by our staff for daily tasks. These servers account for seven out of approximately 25,000 across our network," an Ascension spokesperson stated. "While the investigation continues, we believe some of the compromised files may contain Protected Health Information (PHI) and Personally Identifiable Information (PII), though the specific data affected varies."

However, Ascension has not found evidence that the attackers accessed data from its Electronic Health Records (EHR) and other clinical systems, which contain comprehensive patient records.

Though Ascension has not officially identified the responsible party, CNN reported that the Black Basta ransomware group is suspected to be behind the attack.

Shortly after the incident, the Health Information Sharing and Analysis Center (Health-ISAC) issued a warning that Black Basta had intensified its attacks on the healthcare sector.

Since its emergence in April 2022, Black Basta has targeted numerous high-profile organizations, including Rheinmetall, Capita, ABB, and the Toronto Public Library. Research by Elliptic and Corvus Insurance indicated that the group had extorted over $100 million from more than 90 victims as of November 2023.

As a major nonprofit health network, Ascension operates 140 hospitals and 40 senior care facilities. In 2023, it reported a total revenue of $28.3 billion. The organization employs 8,500 providers, with 35,000 affiliated providers and 134,000 associates across 19 states and the District of Columbia.

Ascension Cyber Attack Heightens Focus on Healthcare Cybersecurity Measures

 

The healthcare sector is increasingly targeted by cybercriminals, as evidenced by recent high-profile attacks that disrupt services and highlight vulnerabilities in this critical industry. The recent cyber attack on Ascension, in particular, has raised concerns due to its significant impact on healthcare operations, resulting in patient diversions and disrupted clinical services across its 139 hospitals.

This attack follows closely behind other major incidents involving United Health and Change Healthcare, where patient data was compromised, and significant financial demands were made. These attacks not only underscore the importance of robust cybersecurity measures within healthcare but also raise concerns about patient privacy and data security.

While details about the Ascension cyber attack are still emerging, there are suspicions that it could be a ransomware attack, given the patterns observed in similar incidents targeting healthcare organizations. Regardless of the exact nature of the attack, any threat to healthcare services has serious consequences.

There is growing evidence suggesting a connection between ransomware attacks and geopolitical aims, with some attacks possibly serving the interests of adversarial nations. This blurring of lines between criminal and state-sponsored activities underscores the need for a more aggressive approach in combating cyber threats to healthcare and critical infrastructure.

Phishing attacks remain a common entry point for cybercriminals, highlighting the need for organizations to adopt more comprehensive strategies to combat them. Traditional defenses like email filters and user awareness training have proven insufficient, emphasizing the importance of innovative approaches to email security.

The Ascension cyber attack serves as a wake-up call for the healthcare industry to strengthen its cyber defenses against evolving threats. As cybercriminals continue to target sensitive patient data and critical healthcare services, proactive measures are essential to safeguarding the integrity of healthcare systems and ensuring uninterrupted patient care.

Combatting Counterfeit Drugs Online: BrandShield's Success in Dismantling Illicit Websites

 

In the rapidly evolving landscape of online pharmaceuticals, the proliferation of counterfeit drugs poses a significant threat to consumer safety. Cybersecurity firm BrandShield has emerged as a stalwart defender in this battle, successfully dismantling over 250 websites selling counterfeit weight-loss and diabetes medications. Led by CEO Yoav Keren, BrandShield's efforts represent a concerted endeavor to combat the scourge of counterfeit pharmaceuticals and protect consumers from the dangers of fraudulent medications. 

The counterfeit drugs targeted by BrandShield predominantly belong to the GLP-1 class, including popular medications like Novo Nordisk's Ozempic and Wegovy, as well as Eli Lilly's Mounjaro and Zepbound. Originally developed to manage type 2 diabetes, these medications have garnered attention for their additional benefits in weight loss, with patients experiencing significant reductions in body weight. Unfortunately, the efficacy and popularity of these drugs have also made them lucrative targets for counterfeiters seeking to exploit the growing demand. 

According to Reuters, the majority of the illicit websites shut down by BrandShield were purveyors of counterfeit GLP-1 drugs, indicating the scale of the problem. Alarmingly, studies suggest that an estimated 95% of all online pharmacies operate unlawfully, highlighting the pervasive nature of the issue. 

Moreover, reported cases of harm linked to fake GLP-1 drugs have emerged in at least nine countries, underscoring the urgent need for action. BrandShield's recent crackdown on counterfeit drug websites represents a significant victory in the ongoing battle against online pharmaceutical fraud. The company's efforts have resulted in the closure of 90% of the identified pharmacy websites selling counterfeit GLP-1 medications. This operation accounts for just over 15% of the total counterfeit drug websites reported by BrandShield last year, emphasizing the scale of the challenge. 

Collaborating closely with the Pharmaceutical Security Institute (PSI), BrandShield employs rigorous evidence collection and intelligence gathering to identify and target illicit websites. By providing actionable intelligence to service providers hosting these websites, BrandShield facilitates their removal from the internet, effectively disrupting the operations of counterfeiters. Furthermore, the company coordinates with law enforcement agencies to investigate and prosecute criminal networks involved in the production and distribution of counterfeit drugs. 

In addition to targeting counterfeit drug websites, BrandShield's efforts extend to social media platforms, where it has removed nearly 4,000 fake drug listings. Notably, a significant portion of these listings—almost 60%—was found on Facebook, highlighting the need for vigilance across all online platforms. BrandShield's global reach ensures that illegal drug listings are eradicated from marketplaces in countries around the world, including India, Indonesia, China, and Brazil. 

Contrary to concerns raised earlier, the EMA found no evidence linking these medications to an increased risk of suicidal thoughts or self-injury. This reaffirmation of safety aligns with previous findings by the US Food and Drug Administration (FDA), providing reassurance to patients and healthcare providers alike. 

Overall, BrandShield's relentless efforts to combat counterfeit drugs online serve as a beacon of hope in the fight against pharmaceutical fraud. By dismantling illicit websites, removing fake drug listings, and collaborating with industry partners and law enforcement agencies, BrandShield is making significant strides towards safeguarding consumers and upholding the integrity of the pharmaceutical industry.

Swatting: Cyber Attacks on Healthcare

 


In a concerning trend, cybercriminals are using a tactic called "swatting" to target medical institutions via their patients, aiming to coerce hospitals into paying ransoms. Swatting involves making repeated false reports to the police about individuals, leading armed authorities to unsuspecting victims' homes. 

What's Happening

Threat actors are pressuring US hospitals by threatening patients with swatting incidents unless a ransom is paid. This extreme form of prank-calling has escalated to involve bomb threats and other serious allegations, forcing authorities to intervene in patients' homes.

The Motive 

The attackers believe that by applying this pressure on hospitals, they can secure a ransom payment. A recent incident at the Fred Hutchinson Cancer Center in Seattle involved stolen medical records, and the threat actors escalated by targeting patients with the swatting technique. 

The Impact

This disturbing tactic not only puts patients at risk but also adds an extra layer of urgency for hospitals to meet ransom demands. It highlights the high-stakes nature of cyber threats against medical institutions. 

When faced with cybercriminals making swatting threats, Fred Hutchinson Cancer Center took immediate action. They alerted the FBI and local police, who collaborated on investigating these threats as part of the broader cybersecurity incident. This highlights the seriousness of the situation and the coordinated effort to address the issue. 

In a parallel incident, Integris Health in Oklahoma encountered a cyber-attack that potentially exposed patients' personal data. Shockingly, some individuals received emails from threat actors, signalling an intention to sell their information if specific demands were not met. This underscores the direct impact on individuals and the concerning methods employed by cybercriminals. 

Recent events highlight the shifting nature of cyber threats targeting healthcare. Experts notice a change in tactics, where criminals are getting more extreme. It's important to note that how institutions deal with these tactics can differ widely. Stay aware, as the scenario keeps evolving. 

 Healthcare Cybersecurity: What You Need to Know

In the latest updates on cybersecurity in healthcare, a lot is happening that affects us all. Not only are there weird swatting and ransom tactics, but now there's a new worry – sneaky phishing attacks targeting our hospitals. Cybercriminals are using trickier methods to get their hands on private patient info. This means it's super important for hospitals to step up their online security game. 

Understanding these tactics is crucial for both hospitals and the public. Cybersecurity in healthcare affects individuals directly, putting personal information at risk. Staying informed empowers us to collectively contribute to the protection of healthcare systems and personal data.



Patient Privacy in Focus: Healthcare's Cyber Challenges





Amidst the rapid evolution of technology in healthcare, a crucial focus has come to light: the security of medical devices. Let's explore the intricacies of this issue together, understanding its importance and finding the right balance between advancing technology and strengthening our healthcare foundation. 

The Growing Threat 

Healthcare systems are prime targets for hackers looking to snag valuable patient data. This isn't just a disruption in patient care – there's a twist involving our medical gadgets. Beyond compromising records, even medical devices like MRIs and ventilators face potential risks, especially those running on outdated software. 

Government Recommendations 

A recent government watchdog recommended increased collaboration between the Food and Drug Administration (FDA) and the Cybersecurity and Infrastructure Security Agency (CISA) to enhance the security of medical devices. Although these devices haven't been the primary focus of cyber threats, their vulnerabilities pose risks to both hospital networks and patient well-being. 

Expert Insights 

Toby Gouker from First Health Advisory emphasises the critical nature of this issue, describing it as a significant vulnerability for health systems. Recognizing this weakness, healthcare providers must prioritise cybersecurity efforts, particularly concerning medical devices, to ensure the safety of patient data and uninterrupted healthcare services. 

Challenges in Legacy Devices 

Looking ahead, the focus on device security is not just a theoretical concern; according to Gouker, these devices will likely become more attractive targets as health systems improve their defences against hacking attempts targeting health records. Gouker emphasises the financial impact, pointing out that high-value devices like MRIs are often the backbone of hospital revenue. Disrupting these multimillion-dollar machines could potentially cripple entire health systems. 

Regulatory Measures and Connectivity Concerns 

A crucial detail is that, since March of the previous year, a new law mandates manufacturers to submit cybersecurity plans for new medical devices to the FDA. However, this regulation doesn't extend to the plethora of already-existing connected devices. Chelsea Arnone from the College of Healthcare Information Management Executives highlights the widespread connectivity, noting that everything from hospital beds to infusion pumps and vital-sign monitors is online and thus susceptible to hacking. Many of these devices use off-the-shelf software vulnerable to threats like viruses and worms. 

Urgent Need for a Comprehensive Approach 

Despite recent requirements for new devices, manufacturers have historically not been obligated to provide patches or solutions for vulnerabilities in ageing devices, although some have done so for a limited period. This information underscores the urgent need for a comprehensive approach to address cybersecurity risks in the evolving landscape of medical devices. 

Real-world Incident and Awareness Gap 

In a recent incident, a hospital discovered unauthorised access to a medical device from Russia, stressing on the challenges in addressing cybersecurity threats. An FDA report suggests managing cybersecurity risks for legacy devices, but only a fraction of health systems implement such measures due to cost and awareness issues. There's a pressing need for heightened awareness and cost-effective solutions to fortify medical device cybersecurity across healthcare organisations. 

In addressing healthcare cybersecurity challenges, bureaucratic obstacles appear to be of great concern, causing delays and inefficiencies in responding to hacking threats. Streamlining these processes is paramount. Be attentive, advocate transparency, and support efficient protocols to secure our healthcare systems against burgeoning cyber threats.



Truepill Data Breach: Navigating Healthcare's Digital Security Crisis

The recent Truepill data breach has generated significant questions regarding the security of sensitive patient data and the vulnerability of digital platforms in the rapidly changing field of digital healthcare.

The breach, reported by TechCrunch on November 18, 2023, highlights the exposure of millions of patients' data through PostMeds, a pharmacy platform relying on Truepill's services. The scope of the breach underscores the urgency for healthcare organizations to reevaluate their cybersecurity protocols in an era where digital health is becoming increasingly integrated into patient care.

Truepill, a prominent player in the digital health space, has been a key facilitator for various healthcare startups looking to build or buy telehealth infrastructure. The incident prompts a reassessment of the risks associated with outsourcing healthcare services and infrastructure. As explored in a TechCrunch article from May 17, 2021, the decision for startups to build or buy telehealth infrastructure requires careful consideration of the potential security implications, especially in light of the Truepill breach.

One striking revelation from the recent breach is the misconception surrounding the Health Insurance Portability and Accountability Act (HIPAA). Contrary to popular belief, as noted by Consumer Reports, HIPAA alone does not provide comprehensive protection for medical privacy. The article highlights the gaps in the current legal framework, emphasizing the need for a more robust and nuanced approach to safeguarding sensitive healthcare data.

The Truepill data breach serves as a wake-up call for the entire healthcare ecosystem. It underscores the importance of continuous vigilance, stringent cybersecurity measures, and a comprehensive understanding of the evolving threat landscape. Healthcare providers, startups, and tech companies alike must prioritize the implementation of cutting-edge security protocols to protect patient confidentiality and maintain the trust that is integral to the doctor-patient relationship.

As the digital transformation of healthcare accelerates, the industry must learn from incidents like the Truepill data breach. This unfortunate event should catalyze a collective effort to fortify the defenses of digital health platforms, ensuring that patients can confidently embrace the benefits of telehealth without compromising the security of their sensitive medical information.

Rising Healthcare Cyberattacks: White House Contemplates Response

 

Amidst a continuous stream of cyberattacks targeting the healthcare sector, leading to disruptions in hospitals and patient care, the Biden administration is taking a measured approach in formulating regulations to bolster the industry's cybersecurity defenses.

Andrea Palm, Deputy Secretary of Health and Human Services, stated that they are thoroughly exploring various options to ensure a comprehensive advancement of this agenda. The department oversees several critical aspects of healthcare cybersecurity, including incident preparedness, certification of health IT vendors, and compliance with data security and privacy regulations.

Health and Human Services has multiple potential avenues to regulate cybersecurity within its purview, making it distinct among federal agencies. It remains uncertain if internal disagreements on the right approach or the need for additional resources are delaying the development of healthcare cyber regulations.

During a recent cybersecurity roundtable with industry leaders, representatives from hospital associations and cybersecurity groups discussed concerns and ways for the government to address security gaps that have fueled ransomware attacks. One prevalent concern was the vulnerability of rural hospitals, underscoring how their cybersecurity shortcomings pose a risk to the entire industry.

Many rural hospitals lack specialized IT or cybersecurity staff, and even when present, executives may not be equipped to ask the right questions. To assist these facilities, suggestions included launching regional training programs or "boot camps" for rural hospital leaders.

Mark Jarrett of Northwell Health emphasized the importance of integrating cybersecurity discussions into patient care dialogues, suggesting that it should become a routine part of safety rounds in hospitals. Additionally, Mari Savickis urged the federal Centers for Medicare & Medicaid Services to incorporate cybersecurity into billing discussions with doctors.

Health and Human Services has collaborated with the Cybersecurity and Infrastructure Security Agency (CISA) to address cybersecurity concerns in the healthcare sector. CISA has identified hospitals as one of three priority communities with highly vulnerable targets. Nitin Natarajan, CISA's Deputy Director, emphasized the significance of cybersecurity in safeguarding patient safety.

However, a major challenge remains: how to make cybersecurity upgrades viable for the numerous small, under-funded medical providers across the U.S. One proposed solution is for larger hospital systems to directly offer cybersecurity services to smaller institutions in their regions, possibly with the aid of federal grants. This approach is being discussed, but no specific endorsement has been made yet.

Natarajan stressed that the industry should not solely rely on federal funding for this substantial undertaking, emphasizing the need for a collaborative effort to mitigate cybersecurity risks effectively.