Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Medical Data Leak. Show all posts

Ransomware Attacks Pose Significant Threats to the Security of Medical Devices

Cybercriminals are increasingly targeting health organizations of all sizes. The rise in healthcare-related cyberattacks suggests that smaller healthcare providers are experiencing a higher rate of cybercrime incidents. 

Recently Food and Drug Administration has disclosed that ransomware attacks targeting medical facilities are a major concern and what we are witnessing is only the visible tip of the iceberg in a much larger problem. 

Beyond headline-grabbing cyberattacks, there are hidden risks to patient safety caused by service providers who hack medical devices disguised as repair and maintenance. This dangerous method of hacking, whether it is intentional or reckless, poses significant cyber risks comparable to professional ransomware attacks. 

Unfortunately, medical devices for malicious purposes are often disregarded or not given enough attention by the medical device community, physicians, and patients who rely on these devices for critical life-saving treatments and services. 

Additionally, when examining the primary factors contributing to the rise in attacks on healthcare organizations, we can identify the following common reasons: 

  • Patient medical and billing information can be swiftly sold by malicious actors on the darknet for insurance fraud. 
  • The ability of ransomware to seize control of patient care and administrative systems increases the likelihood of substantial ransom payments. 
  • Tampering with internet-connected medical devices is a significant vulnerability. 

Following the report, the FDA stated that “Cybersecurity is a widespread issue affecting medical devices connected to the Internet, networks, and other devices. Cybersecurity is the process of preventing unauthorized access, modification, misuse or denial of use, or the unauthorized use of information that is stored, accessed, or transferred from a medical device to an external recipient.” 

The FDA's paper on improving cybersecurity practices for servicing medical devices explores how service entities can enhance the cybersecurity of these devices. 

According to the discussion paper, the FDA said that “defines service to be the repair and/or preventive or routine maintenance of one or more parts in a finished device, after distribution, for purposes of returning it to the safety and performance specifications established by the original equipment manufacturer (OEM) and to meet its original intended use.” 

These crimes have caused various disruptions, such as missed chemotherapy appointments, delayed ambulances, and sometimes the services devices do not work and it increases the risks of not getting treatment or health services at the right time. 

Ransomware attacks are very dangerous methods of cyberattacks that are getting their foot in every industry. For instance, the May ransomware attack on Colonial Pipeline resulted in gas shortages and panic buying. 

Nevertheless, hackers targeted the JBS meat processing company, raising concerns about potential meat shortages and the vulnerability of essential food providers. In another incident, the Baltimore County Public Schools system experienced a ransomware attack last fall, forcing a two-day halt to virtual classes.

Cybersecurity has a huge impact on every facet of the healthcare industry, encompassing the protection of confidential health data, insurance rates, and patient care. It is becoming essential for medical and device manufacturing companies to advance their methods against increasing cyber threats.

 Cyberattack Logan Health and Server Intrusion 

 

A sophisticated intrusion on the IT systems resulted in the compromise of a file server containing protected health information of Logan Health Medical Center which recently notified 213,543 patients, workers, and business associates warning the personal and health data may have been accessed by criminals.

Logan Health Medical Center, according to a letter, first observed evidence of illegal behavior on one of its servers on November 22, 2021. As a result, the hospital solicited the help of outside forensic experts to investigate the magnitude of the event and as to whether any sensitive personal information had been exposed. 

Logan Health CEO Craig Lambrecht reminded staff of its "vital responsibility in protecting patients' sensitive health information" in an email to employees, as well as a series of reminders on password security and responding with emails from unknown senders. 

Logan Health Medical Center confirmed on January 5, 2022, how an unauthorized party had gained access to files containing protected health information about specific staff and patients. On February 22, 2022, Logan Health began sending out data breach notification letters to all factions whose knowledge was contained in the affected files. 

After gaining access to a computer network, a cybercriminal can see and delete any data stored on the stolen servers. While most organizations can determine which files were accessed in the event of a data breach, it may not be able to determine which files the hacker really visited or whether any data was removed. 

The investigation into the Logan Health Medical Center data breach is still in its early stages. There is currently no proof of Logan Health being legally liable for the data breach. However, as more information about the breach surfaces, this could change. 

You can defend oneself from data theft or other forms of fraud by doing the following:

  • Determine what information has been tampered with.
  • Limit Who Has Access to Your Accounts in the future. 
  • Take steps to safeguard your credit and financial accounts.
  • Monitor your credit report and financial accounts regularly.

40M+ People had Health Information Leaked in 2021

 

This year, data breaches compromised the personal health data of almost 40 million people in the United States, a substantial increase from 2020 and a continuation of a pattern towards more and more health data hacks and leaks. 

Any health data breaches affecting 500 or more persons must be reported to the Office for Civil Rights at the Department of Health and Human Services, which makes the breaches public. As per the office's database, 578 breaches have been reported so far this year. Although this is less than the 599 breaches disclosed in 2020, the breaches last year only impacted approximately 26 million people. 

According to a survey from security firm Bitglass, hacking or other IT accidents have been the primary cause of people's health records being exposed since 2015. Before it, the majority of data breaches were caused by lost or stolen devices. 

The transition occurred in line with the federal rules in the United States requiring healthcare companies to adopt electronic medical records, as well as a broader shift toward digital instruments in healthcare, such as internet-connected monitoring. In the black market, medical records are valuable because they contain information that is more difficult to alter than a credit card and can be used to establish false medical claims or acquire medications. 

Patients may be harmed in several ways as a result of these breaches: their personal information may be revealed, and they may be forced to cope with the financial consequences of having their medical identity stolen. 

Hacking and attacks on healthcare institutions that shut down hospital computer systems might make it more difficult for hospitals to provide high-quality care, which can be hazardous to patients. According to research, more people die in hospitals as a result of data breaches, even if the incident does not result in a computer system shutdown. 

Although the risk of cyberattacks is increasing, many healthcare companies have not prioritised cybersecurity investment. A cyberattack on the Florida Healthy Kids Corporation health plan, for instance, resulted in the exposure of 3.5 million people's personal data in 2021. 

According to Health News Florida, an investigation conducted following the hack revealed that the plan's website had "significant vulnerabilities." However, experts suggest that the increase in attacks in 2020 and 2021, notably in ransomware attacks, is driving companies to take the threat more seriously.

Medatixx Struck by Ransomware Attack, Customers Advised to Change Passwords

 

Medatixx, a German medical software provider whose products are used in around 21,000 health institutions, advises customers to update their application passwords, following a ransomware attack that damaged their entire operations. 

The business stressed that the impact has not reached clients and is restricted to their internal IT systems and shouldn't affect their PVS (practice management systems). Threat actors may have obtained Medatixx users' credentials, as it is uncertain what data was taken during the attack. 

As a result, Medatixx advises clients to take the following precautions to ensure that their practise management software stays secure: 
  • Change the user passwords on practise software. 
  • On all workstations and servers, change the Windows logon passwords 
  • Passwords for TI connectors should be changed. The aforementioned are preventative steps, according to the business, but they should be implemented as soon as possible. 
The following are the software products whose users should respond to this emergency immediately:  
  • easymed
  • medatixx
  • x.comfort
  • x.concept
  • x.isynet
  • x.vianova
About the attack

The ransomware attack on Mediatixx occurred last week, and the firm is still recovering, with just e-mail and central telephone services restored so far. Additionally, all regional sales partners and customer support lines are operational, allowing clients to contact corporate staff with any questions they may have. There is no confirmation when the corporation will resume normal operations. 

Furthermore, it is unknown whether the actors were able to get any customer, doctor, or patient information. The company states that it has alerted Germany's data protection authorities about the occurrence and will provide an update after the inquiry is completed. 

Medatixx explained in the translated advisory, "It is not known at this point whether or not, and to what extent any data was stolen. It can therefore not be ruled out that the data stored by us has been stolen." 

As per Heise Online, Mediatixx solutions are used in around 25% of all medical institutions in Germany, and this might be the country's largest hack ever in the healthcare system. Furthermore, according to the German news agency, the attackers could steal user credentials through remote maintenance systems.

Personal Details of Las Vegas Cancer Center Patients Leaked in a Ransomware Attack

 

Las Vegas Cancer Center has announced that it suffered a ransomware attack over the Labor Day weekend. According to the administrators of the cancer center, the security breach was uncovered on September 07 when the entire staff returned to the office after the holiday. In the wake of the incident, the cancer center is notifying patients of ransomware attacks that may have exposed personal details of current and former patients.

“The breach was discovered when the office reopened on September 7th. LVCC immediately notified law enforcement and fully participated in an investigation by the FBI, and conducted its own internal investigation. LVCC also notified its electronic medical records vendor, which relies on the server data to build LVCC’s patient records database,” the news release stated. 

The attackers succeeded in encrypting data on the center's server despite LVCC’s server and computers being shielded by a firewall and multiple malware defense systems. Threat actors were able to access patient names, addresses, dates of birth, social security numbers, medical records, and insurance information as a result of the breach, according to the center. However, the center claims all patient details were stored in a proprietary format and were no longer of any use.

“All patient data was stored on the server in a format proprietary to LVCC’s electronic medical records system, and therefore likely not usable to the hackers. LVCC does not believe that any data was copied or transferred from its server, and has received no ransom demand from the hackers to unlock the data,” LVCC stated. 

Earlier this year in August, Indianapolis-based Eskenazi Health suffered a ransomware attack that compromised the personal details of the patients. Eskenazi officials discovered the attack when they noticed suspicious activity on their network. The ransomware attack led the hospital to go diversion, turning away ambulances, for several days in early August. 

A further investigation revealed that threat actors had secured access to the network on May 19 and launched the attack in a sophisticated manner by disabling the security protections to hide their activities.

Despite the data leak and ransom demand, the Eskenazi Health officials did not pay the hackers’ requested ransom. According to The American Hospital Association’s cybersecurity expert John Riggi, an estimated 30 percent of health care institutions pay the ransom when they are breached by a ransomware attack.

Beaumont Health: The Latest Victim of Accellion Breach

 

Beaumont Health, headquartered in Michigan, is the latest victim of the Accellion data breach, which began in December 2020 and has so far claimed 100 victims. Threat actors exploited zero-day vulnerabilities in Accellion's File Transfer Application (FTA), compromising the data of millions of patients. 

Approximately 1500 patients have been alerted by Beaumont Health that their personal information may have been compromised as a result of the December cyberattack on Accellion software. Beaumont hired Goodwin Procter LLP to offer legal services, and the firm used Accellion's File Transfer software to make massive transfers on behalf of its customers. 

Goodwin notified the healthcare provider on February 5 that patient data had been breached. Following the announcement of the Accellion breach, Goodwin conducted a digital forensics investigation and discovered that an unknown person had exploited a vulnerability in the application to obtain specific documents. 

“The potentially impacted information included a listing of roughly 1500 patients who had one of two procedures performed at a Beaumont Hospital,” mentioned in a statement issued on August 27 by Beaumont Health. 

“The list included the patient name, procedure name, physician name, the internal medical record number and the date of service. This incident is limited to these patients and does not affect all patients of Beaumont.” 

The healthcare provider also stated that the breach had no financial implications and neither Beaumont nor Goodwin had discovered any indication of the exposed data being exploited. 

On behalf of Beaumont, Goodwin contacted impacted people via mail on August 27 at their last known address to inform them about the data breach. The letter advises patients on the actions they should take to protect themselves from identity theft. 

“The notice letter specifies steps impacted individuals may take to protect themselves against identity fraud, including enrolling in complimentary credit monitoring services (if eligible), placing a fraud alert/security freeze on their credit files, obtaining free credit reports, remaining vigilant in reviewing financial account statements and credit reports for fraudulent or irregular activity on a regular basis and taking steps to safeguard themselves against medical identity theft,” stated Beaumont. 

“At Beaumont, protecting the privacy of personal information is a top priority,” the statement concluded. 

Goodwin is examining its data security policies and protocols in the aftermath of the incident. 

Accellion is now facing lawsuits

As the number of breaches escalates, Accellion is experiencing over a dozen lawsuits. In February, the Cybersecurity and Infrastructure Security Agency (CISA), together with security agencies in the United Kingdom, New Zealand, Singapore, and Australia, issued a warning to companies about the Accellion hack. 

Clop ransomware took responsibility for the assault and abused four previously unknown vulnerabilities. Some of the ransomware group's most recent victims include Kroger, Bombardier, Southern Illinois University School of Medicine, and Trillium Community Health Plan. 

In April, Trinity Health, located in Michigan, alerted over 580,000 patients that their information had been compromised. Demographic data, names, medical record numbers, and medical tests were among the information stolen. 

Centene also alerted over 1.3 million patients of the Accellion data leak in April. Contact information, birthdates, insurance ID numbers, and treatment information were all acquired by the hackers. 

During a major extortion attempt, the Clop ransomware published stolen data online, and some of the affected companies got emails from the intruders attempting to intensify extortion attempts. The number of victims continues to rise months after the initial attack.

Data Breach at Third-Party Provider Exposed Medical Information of US Healthcare Patients

 

A data breach at a third-party provider has potentially leaked patients' confidential medical information from Northwestern Memorial HealthCare (NMHC) providers.

Unknown attackers obtained unauthorized access to a database managed by Elekta, a cloud-based platform that manages legally mandated cancer reporting to the States of Illinois. 

The healthcare provider, located in Chicago, reported the attackers copied the datasets, which included patient names, dates of birth, Social Security numbers, health insurance information, and medical record numbers, according to a security alert. 

The database also constituted of clinical information related to cancer treatment, including medical histories, physician names, dates of service, treatment plans, diagnoses, and/or prescription information. 

Those potentially affected are patients of Northwestern Medicine Central DuPage Hospital, Northwestern Medicine Delnor Community Hospital, Northwestern Medicine Huntley Hospital, Northwestern Medicine Kishwaukee Hospital, Northwestern Medicine Lake Forest Hospital, Northwestern Medicine McHenry Hospital, Northwestern Memorial Hospital, Northwestern Medicine Valley West Hospital, and Northwestern Medicine Valley West Hospital. 

According to the NMHC, no financial information was accessed. Patients who are suspected of being impacted will be notified via post. The NMHC will also provide free credit monitoring to people whose Social Security numbers have been compromised. 

NMHC also stated it was “re-evaluating its relationship with Elekta”. 

“Patients are encouraged to review their health insurer or healthcare provider statements and to contact them immediately if they see any services they did not receive. We regret that this incident occurred and are committed to protecting the security and privacy of patient information.” the statement reads. 

According to the company, the attackers did not get access to NMHC's systems, networks, or health records. The incident served as a harsh warning of the dangers of relying on third-party software or services.

A well-known example of what might happen as a result of a cyber-attack on a service provider is the Blackbaud event. The ransomware assault, which revealed the personal information of financial donors, impacted hundreds of nonprofit organizations and fundraising campaigns.

120 Million Medical Records Leaked! Global Medical Report Sheds More Light.


Along with cyber-security within your phones and other devices, you must make sure the hospital you go to has enough cyber-protection as well!

The obnoxiousness of cyber-criminals is escalating by the hour. As if stealing data of organizations and loosely selling largely famous tech giants’ data online wasn’t enough, hackers have now thrown on the internet personal medical details of more than 120 million Indian patients, per sources.

With the leakage of these personal medical records, they have also been made available online for cyber-cons to exploit.

In a recent “Global Report” on “Medical Data Leak” it was acutely mentioned that in the enormous number of records that got leaked, the affected patients’ X-rays, MRIs and images of CT scans were the major components.

According to sources, the first such report was published by a German cyber-security firm in October 2019. According to the actions taken by several countries’ governments as a response to the publishing of the first report, the succeeding report segregated countries into the categories of “good”, “bad” and “ugly”.

It may or may not come as a shock to many, but India was a “proud winner” of the second position in the “Ugly” category right after the United States of America.


As stated by the succeeding report, the state of Maharashtra is positioned right at the top if we consider the number of “data troves” (308, 451 troves) that are available online providing access to more than 69 million images.

Per sources, the second position is Karnataka with 182, 865 data troves providing access to more than 13 million images!

Researchers found out that the number of data troves that are available online has risen exponentially especially speaking in terms of India.

What exactly induced the leakage isn’t as widely known as all that but the first report clearly insinuated that the leak was in a way prompted by the servers of the “Picture Archiving and Communications Systems (PACS)” as the leaked information is mostly stored there.

The problem possibly was that the servers aren’t as secure as they should be and are connected to the public internet network which makes them easily susceptible.

This leakage is really disconcerting because you can’t simply get hold of who those patients are. They could be ANYONE, ranging from common men to big shots!
Apart from that, these medical records could pose threats like extortion, identity theft, and the list is unending.