Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Medibank data breach. Show all posts

CentraState: Potential Cyberattack at CentraState Prompts Hospital to Divert Ambulances


The CentraState Medical Center's cybersecurity issue has caused the hospital to divert ambulances and the majority of new patients to other institutions. 

The Medical Center’s spokesperson, Lori Palmer says that the hospital’s critical care has not been affected and they are still taking some walk-in patients. "We are still accepting patients if people walk into the (Emergency Department). We have patients currently here, many of whom are currently being taken care of," she told. 

In addition, Friday's outpatient services were scheduled to be suspended at 1 p.m. and stay that way until further notice. 

While the cybersecurity issue was detected early Friday, the hospital is currently attempting to identify the extent and origin of the situation. Palmer adds that the hospital has immediately informed about the issue and alerted the state Department of Health and Senior Services. 

It is yet not clear whether the investigation involves the New Office of Homeland Security, which deals with cyberattack cases. 

Late November saw the release of an alert from the New Jersey office and its cybersecurity unit, the New Jersey Cybersecurity and Communications Integration Cell, warning the public to be on the lookout for any indications of cyber threats targeting individuals, organizations, and businesses throughout the state during the upcoming holiday season. 

Moreover, the alert level of the office is currently at “blue” or “guarded,” i.e. a general risk related to hacking or malicious activities, although no "known exploits have been identified or known exploits have been identified but no significant impact has occurred."

CentraState's cybersecurity issue comes weeks after many other hospitals reported a security breach, that later made news headlines. Some of the recent cases are listed below: 

  • Medibank Data Breach: In November, last year, Medibank hospital announced that it has faced a data breach, in which the attacker apparently accessed data involving patients’ names, date of birth, addresses, phone numbers, and email addresses. 
  • WakeMed Data Breach: Later, WakeMed and Duke Hospital of North Carolina reported that the personal and protected medical data of thousands of local patients may have been exposed to Facebook, by tracking pixel.

The Risks of Stockpiling Personal Data


Data is priceless, but gathering it in one place can be risky, for it suddenly becomes a resource that is tremendously valued and something that bad players, cyber criminals, or threat actors are eager to get a hold of. Particularly when businesses are storing data, more than they actually need. 

This is one of the phenomena that security agencies were aware of for a long time and has now become a critical priority for regulators and policymakers. 

In regards to this, Paul Warren-Tape, Head of Operations for ID verification leader OCR Labs Pty Ltd. says, “Looking at the Optus attack, this was a big concern because fraudsters were using stolen PII (personally identifiable information) to try and commit identity crime […] We need to understand why a telco stores copies of people’s identity documents in the first place, as to provide ongoing services they only need to know a person’s name, address and their contact details.” Warren-Take further notes that the Medibank breach is also “deeply concerning.”

“The concerns relate to organizations not having a clear understanding of their complete data footprint, including: what do they hold, should they even be holding that information, where is it held and who else is holding it, is it all secure?” 

According to Warren-Take, every organization, specifically the ones at the top of the markets, is starting to consider what is the bare minimum of the data they should retain after confirming a person’s identity.  “They’ve obviously got regulatory requirements to verify the identity of their customers. And I think they’re subsequently holding on to copies of identity documents to demonstrate they’ve performed an identity check for audit and regulatory compliance purposes.” 

“And another reason is because prior to the raft of breaches information has been perceived as wealth, not risk,” he further told. “But holding that information opens them up to be honeypots for certain attacks, and health insurance companies may not be as well versed about cyber risks as, say, the banks are.” 

Moreover, Warren-Tape notes that banks in Australia have a higher security posture, are more experienced and cyber-aware but cannot rest on their laurels, as the threat landscape is continually evolving.  

Hospitals Cautioned Against Cybercrime, Following Medibank and Optus Wake-Up-Calls


Hospital facilities in Australia have been cautioned that they are likely to be forced to pay ransoms to threat actors in order to protect patients, as the threat to cyber security grows in the wake of "wake-up call" attacks. 

In the aftermath of massive hacks that affected millions of Medibank and Optus customers, the alarming alert is at the top of the list of predictions made by cyber security experts as we are approaching year 2023. 

According to the cybersecurity firm, Palo Alto Networks, it is high time that the hospitals, government agencies and businesses start considering whether they would be paying ransom and how much they would pay. 

It’s Just the Beginning

Mohiuddin Ahmed, a senior computing and security lecturer at Edith Cowan University, asserts the sentiments. He did not only predict the increasing threats over the upcoming year, but also an increase in attacks on Australia's vital infrastructure, with "highly digitized" hospital systems among the prospective targets. 

He warns saying, it is “just the beginning” for cyber attempts and attacks. 

The recent breaches on Medibank and Optus would prompt criminals to wonder if Australia has other vulnerabilities. 

"We use lots of internet-connected healthcare devices and if those devices are hacked and remotely compromised by these cyber criminals, we'll be left in a situation where we have to pay ransom, otherwise people's lives will be at stake," Dr. Ahmed says. 

"Imagine that for senior citizens using pacemakers or any other embedded or implanted devices […] Who knows, if we do not pay attention, if we do not follow cyber hygiene, things [may] go catastrophic,” he adds. 

According to Dr. Ahmed, International threat actors are apparently targeting Australia, partly due to its affluence and partly since the COVID pandemic has increased the cost of living. 

Cybercrime: a Battlefield

Cyber security researcher Mamoun Alazab on the other hand equates cybercrime to a battlefield, saying it is a matter of time when - not if – Australia will witness data leaks, eventually affecting more people than in the Medibank and Optus data breach cases. 

The associate professor of information technology at Charles Darwin University anticipates that the government will now be better organized in terms of cyber warfare, since it has become a part of national security. 

While Cyber Security Minister Clare O’Neil announced last month of a 100-strong standing cybercrime operation, that would be put to action by the federal police and Australian Signals Directorate. Dr. Alazab warns that publicly announcing the operation could entice criminals into attempting more cyberattacks. 

"We focus so much on [Australia's] offensive operation — we need to focus on the defensive operation […] We are encouraging other … criminal groups to get together to prove us wrong, to cause more embarrassment," Dr. Alazab said.  

Medibank Data Breach: Hackers Threaten to Release Data Within 24 Hours


Australian health insurance company, Medibank announces that it would not be fulfilling the ransom demands of the threat group or individual involved in the mid-October data breach. The insurance company confirmed this less than a day after the breach. The threat actor, claiming to have possession of the data is now threatening the company to release it within 24 hours if the ransom demand is not made. 

A day before this announcement, on November 7, Medibank confirmed that its 9.7 million current and former customers had their basic personal data accessed by hackers. The victims include 5.1 million Medibank customers, 2.8 AHM and 1.8 million international customers. 

The accessed data involved victims’ names, date of birth, addresses, phone numbers and email addresses. 

Medibank adds that along with the personal information, the hackers had access to the health claims data for 16,000 of its customers, 300,000 AHM customers and 20,000 international customers.

For the first time, Medibank confirmed they believed that the data was not just accessed but could have been taken by the criminal or criminals involved. The health insurer yesterday said it would not pay any ransom to the hackers. Medibank made a public statement, refusing to be paying the ransom demand. 

In the message, the supposed hacker quotes Confuscious, implying Medibank is making a "mistake" by not paying the ransom. The malicious actor then said that they would release the data within the next 24 hours, and advised readers to "sell Medibank stock". 

Around midnight, the threat actor or group posted a ransom demand to its dark web blog, “data will be public [sic] in 24 hours.” “P.S. I recommend to sell Medibank [sic] stocks,” the post further read. 

By the close of trade on Tuesday, the insurance company’s shares went down by 21 percent from AU$3.51 to AU$2.78 in the last three weeks, following the announcement of the data breach. 

Medibank called the threat to release the data “distressing developments.” 

Following the data breach, David Koczkar, CEO of Medibank, apologized to those affected, saying that "We unreservedly apologize to our customers. We take seriously our responsibility to safeguard our customers and support them. The weaponization of their private information is malicious, and it is an attack on the most vulnerable members of our community."  

After the threat surfaced, Medibank contacted its customers, warning them of possible scam and direct phishing attacks. The company also urged all those who were victims of cybercrime or had been contacted by someone claiming to have their data to report it to the Australian Cyber Security Centre. 

Moreover, Medibank continues to work with the Australian Government, along with the Australian Cyber Security Centre and the Australian Federal Police to investigate the cyberattack and prevent the leak and selling of its customer's stolen data.