Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label US Healthcare. Show all posts
US Healthcare
Cyber Security CyberCrime Cyberhackers Cyberstrealing CyberThreat Everest Gang Malware attacks NASA ransomware attacks US Healthcare

Everest Gang Poses New Cybersecurity Threat to US Healthcare

 


According to the Health Sector Cybersecurity Coordination Center, the Everest Ransomware group is a threat profile of the recent ransomware attack that took place at Gramercy Surgery Center in New York. The Everest Ransomware group is behind the recent attack. In addition to this, the group has also claimed responsibility for attacks on Horizon View Medical Center in Las Vegas, 2K Dental in Ohio, Prime Imaging in Tennessee, and Stages Pediatric Care in Florida, with more attacks targeted toward the healthcare and public health sectors since 2021. 

More than 120 victims have been added to the site of this group, of which 34% are in the United States, and 27% of them are in the healthcare industry, according to information gathered from their data leak. At least 20 attacks have been carried out by the group between April 2021 and July 2024 on healthcare organizations, with disproportionately high rates of attacks on medical imaging organizations during that period.

As one of the most prevalent types of cybercrime experienced by the world today, ransomware has rapided over the last few years. As a result, criminals are luring victims with highly automated and easy-to-distribute crypto-locking malware to encrypt systems forcibly to demand Bitcoin ransoms in exchange for keys that would allow them to unlock the systems. There are several sources of information available on this Ransomware Resource Center, including information on emerging ransomware variants, threat intelligence on attackers, as well as best practices for detecting, responding, and remediating ransomware. 

A relatively new Russian-speaking ransomware group is looking for targets in the healthcare sector and claims to have stolen sensitive patient information in recent attacks on at least two medical care providers in New York and Nevada. The Everest ransomware group was first identified in December 2020. Following the attack on the Brazilian government and NASA in April 2012, it quickly became well-known within the cybercrime community after several high-profile targets were targeted. 

The group has used double extortion tactics to extort money and exfiltrate data by infecting files with ransomware and then encrypting them with a ransom payment to be paid to decrypt the files and prevent them from being uploaded to its dark web data dump site. According to researchers, there are similarities between the encryptor used by Everest, as well as other ransomware groups, such as Ransomed, which is known to work in collaboration with Everest. Everest has previously been associated with BlackByte ransomware. 

Ransomware is only a recent attack method that was used by the group, as they initially focused on data exfiltration to run malware. Everest, a company that's been around since late 2022, has become a market leader in the initial access broker (IAB) niche. IABs are a group of malicious hackers whose primary objective is to breach company networks, install malware to provide remote access to those networks, and then sell that access to other groups of malicious hackers who need that access to carry out their threats. 

When it comes to threat groups making money with ransomware attacks, this tactic is relatively uncommon. That is because if a threat group can breach company networks and has an encryption tool, it might be able to make more money if it conducts the attack itself rather than outsource access to another group. It is possible that this could be happening to keep a low profile and avoid any law enforcement scrutiny as the explanation. Among the many victims listed on Everest's dark web leak site is Gramercy Surgery Center, which was struck down in January of this year. 

According to the company, it has exfiltrated from the New York-based practice 450 gigabytes of data, including patient and doctor information, which it claims is all private and confidential. Gramercy announced in a statement published on its website on June 18 that it may have been the victim of a cyberattack and that it would be investigating the matter. From June 14 to June 17, Gramercy Medical Center determined that some documents were lost within its information technology environment and as part of the incident, copies of these documents were made and viewed within its systems. 

There is a report that Gramercy reported the hacking incident to federal regulators on Aug. 9 as a data breach by HIPAA regulations that affects nearly 51,000 people. In addition, Everest also listed the Nevada-based Horizon View Medical Center on its data leak site and alleged that the Medical Records Information, which included test results and other sensitive information about patients, had been stolen. The notice about the alleged incident was not posted on Horizon View's website as of Thursday, and the company did not immediately respond to an inquiry for comment from Information Security Media Group regarding Everest's statements regarding the alleged incident.

Following the HHS HC3 alert, the American Hospital Association on Wednesday issued a warning to hospitals regarding the threat of Everest that could pose a threat to patient safety. To move from one victim's network to another, the group employs compromised user accounts and remote desktop protocols to gain entry into the victim's computer networks. It is well known that Everest attacks are made possible by exploiting weak or stolen credentials. 

They can exploit the credentials of several systems that are within an organization. They use tools like ProcDump to make copies of the LSASS process which allows them to steal additional credentials. Following the recommendations of the AHA and HC3, hospitals and healthcare organizations should set up network monitoring systems so that alerts can be sent out for activations of the Cobalt Strike. The US authorities have advised organizations within the healthcare sector to undertake a thorough review of their cybersecurity infrastructure in response to emerging threats from the Everest Gang. 

Specifically, they have recommended the meticulous examination of domain controllers, servers, workstations, and active directories to identify and address any new or unrecognized user accounts. Additionally, it is advised that organizations regularly back up their data, implement air-gapping for data copies, and ensure that backup copies are stored offline and secured with strong passwords. Moreover, the Everest Gang's malicious activities are not confined solely to the healthcare industry. 

The group has also targeted a wide array of sectors, including construction and engineering, financial services, legal and professional services, manufacturing, and government institutions. The authorities have urged all organizations within these industries to remain vigilant and adopt stringent cybersecurity measures to safeguard against potential breaches.
Read more »
US Healthcare
Ascensions Health System cyber attack Cyber Attacks Personal Data Sensitive data US Healthcare

Ascension Health System Hit by Cyberattack, Personal Data Likely Compromised

 



In a recent cybersecurity incident, Ascension, a major health system, has disclosed that cybercriminals stole files potentially containing personal information. This comes about a month after Ascension initially reported falling victim to a ransomware attack.

Ascension revealed that the attackers managed to extract files from seven of its 25,000 file servers. While the investigation is ongoing, preliminary findings suggest that these files may include protected health information and personally identifiable information. However, Ascension has yet to determine the exact data compromised or the specific patients affected.

Despite the breach, Ascension reported no evidence indicating that data from its electronic health records were stolen. The attack was traced back to an employee inadvertently downloading a malicious file, mistaking it for a legitimate document.

In response to the attack, Ascension is offering free credit monitoring and identity theft protection services to patients and employees. Those interested in these services can call 1-888-498-8066 to enrol. 

The attack, discovered on May 8, caused paradigm altering disruptions across Ascension’s network. Some elective surgeries and appointments were postponed, and one hospital in Illinois temporarily redirected ambulances to other facilities. Nurses at several hospitals faced challenges, such as difficulties in accessing doctors’ orders for medications and tests, and issues with their standard procedures for medication administration.

Ascension Illinois has recently restored its primary technology for electronic patient documentation, allowing hospitals and doctors' offices to resume electronic documentation, charting, and order sending. This restoration marks a crucial step in returning to normal operations.

This incident at Ascension is part of a troubling trend of cyberattacks targeting healthcare institutions. Earlier this year, Lurie Children’s Hospital in Chicago and the University of Chicago Medical Center also faced cyber incidents. Healthcare systems are prime targets for cybercriminals due to their size, reliance on technology, and the vast amounts of sensitive data they handle, according to the U.S. Department of Health and Human Services.

As cyber threats expand their territory, healthcare systems must remain vigilant and enhance their cybersecurity measures to protect sensitive patient information. The Ascension attack underscores the critical need for robust security protocols and employee awareness to prevent future breaches.


Read more »
US Healthcare
Cybersecurity Digital Communication Direct Secure Messaging Technology US Healthcare

Changing How Healthcare Works: Big News in Communication

 



In a pivotal transformation within the healthcare industry, a prominent shift is currently unfolding. Direct Secure Messaging (DSM) has emerged as a game-changer, modernising the way vital information is shared among healthcare providers, pharmacies, and laboratories. Traditionally, healthcare communication has relied heavily on outdated methods like faxing, costing the US healthcare system billions annually and compromising patient safety. DSM, however, introduces a secure and efficient alternative, addressing concerns about privacy and security.

DSM operates on a secure protocol, similar to email but comes with enhanced security measures. Healthcare providers receive unique digital certificates that act as a digital signature, ensuring authenticated identity and encrypting messages for authorised recipients only. This means medical records, lab results, and other sensitive information can be sent directly through electronic health record (EHR) systems or DSM-enabled platforms, eliminating the need for cumbersome and insecure methods like faxing.


Key Benefits of Direct Secure Messaging

1. Security: DSM employs advanced encryption techniques, minimising the risk of unauthorised access during transmission.

2. Efficiency: By eliminating manual processes like printing and faxing, DSM streamlines communication workflows, saving time and resources for healthcare providers.

3. Accuracy: Unlike faxing, DSM ensures the accurate and reliable transmission of information in its original format.

4. Interoperability: Built on standardised protocols, DSM facilitates seamless communication between different healthcare systems, promoting interoperability.

5. Compliance: With increasing regulatory requirements, DSM aids healthcare organisations in complying with data privacy regulations such as HIPAA.

Direct Secure Messaging represents a significant leap forward in healthcare communication, aligning with the digital age's demands for secure, efficient, and interoperable solutions. As healthcare continues to evolve, DSM is poised to play a crucial role in shaping the future of healthcare delivery.


Advantages of Direct Secure Messaging in Healthcare Referrals

DSM has become a trusted method for secure and interoperable communication of health information, particularly in healthcare referrals. Offering a secure alternative to fax, DSM transforms healthcare referrals, care coordination, and clinical communication.

1. Secure and Interoperable Communication: DSM provides a trusted mechanism for exchanging health information, ensuring seamless communication between healthcare providers.

2. Improved Patient Care Coordination: By expediting information exchange, DSM positively impacts patient care coordination, providing timely and comprehensive data for informed decision-making.

3. Efficiency and Reliability: DSM is highly efficient and reliable, reducing the time for referrals and facilitating prompt patient appointments.

4. Data Mapping and Integration: DSM enables seamless data mapping and integration between different healthcare systems, minimising the effort required for data transfer and enhancing patient care.

In a broader spectrum, Direct Secure Messaging emerges as a transformative tool for healthcare referrals, simplifying communication, reducing burdens on providers, and benefiting both patients and care teams. With its reliability, ease of use, and ability to streamline data integration, DSM represents a significant step towards enhancing the overall efficiency and effectiveness of healthcare communication.

As healthcare embraces the digital revolution, Direct Secure Messaging stands at the forefront, ushering in an era where communication is not only instant and seamless but also prioritises the utmost security and efficiency in patient care.


Read more »
Vulnerabilities and Exploits
HSS Ransomware Groups US Department of Health and Human Services US Healthcare Vulnerabilities and Exploits

US Health Dept Urges Hospitals to Patch Critical ‘Citrix Bleed’ Vulnerability


This week, the US Department of Health and Human Services (HSS) has warned hospitals of the critical ‘Citrix Bleed’ Netscaler vulnerability that has been exploited by threat actors in cyberattacks.

On Thursday, the department’s security team, Health Sector Cybersecurity Coordination Center (HC3), issued an alert where it urged all U.S. healthcare businesses to protect their NetScaler ADC and NetScaler Gateway equipment from ransomware gang invasions.

"The Citrix Bleed vulnerability is being actively exploited, and HC3 strongly urges organizations to upgrade to prevent further damage against the Healthcare and Public Health (HPH) sector. This alert contains information on attack detection and mitigation of the vulnerability,” the alert read.

"HC3 strongly encourages users and administrators to review these recommended actions and upgrade their devices to prevent serious damage to the HPH sector."

Prior to the aforementioned warning, Citrix had already issued two warnings urging admins to patch their appliances in priority. It also urged administrators to terminate all open and persistent sessions. Moreover, in order to stop hackers from obtaining authentication tokens even after the security upgrades have as well been installed.

Thousands of Servers Exposed, Many Already Breached

Cybersecurity professional Kevin Beaumont has been monitoring and analyzing cyberattacks against a variety of targets throughout the globe, such as Boeing, DP World, Allen & Overy, and the Industrial and Commercial Bank of China (ICBC), and he discovered that these targets were probably all compromised through the use of Citrix Bleed exploits. 

On Friday, Beaumont revealed that the U.S.-based managed service provider (MSP) experienced a ransomware attack by a threat group, that has exploited a Citrix Bleed vulnerability a week earlier. 

The MSP continues to work on securing its susceptible Netscaler appliances, which may leave its clients' networks and data open to additional intrusions.

The vulnerability was fixed by Citrix in early October, but Mandiant subsequently discovered that it has been actively exploited as a zero-day since at least late August of 2023. 

AssetNote, an external attack surface management company, on October 25, released a CVE-2023-4966 proof-of-concept exploit explaining how session tokens can be accessed by cybercriminals from Citrix appliances that has not been patched. 

According to Japan-based threat researcher Yukata Sejiyama, over 10,000 Citrix servers – many of which belonged to some important organizations globally – were still susceptible to Citrix Bleed attacks more than a month after the critical flaw was patched.

"This urgent warning by HC3 signifies the seriousness to the Citrix Bleed vulnerability and the urgent need to deploy the existing Citrix patches and upgrades to secure our systems," said John Riggi, a cybersecurity and risk advisor for the American Hospital Association, a healthcare industry trade group that represents 5,000 hospitals and healthcare providers across the U.S.

According to Riggi, this case also highlights the ferocity with which ‘foreign ransomware gangs,’ (majorly the Russian-speaking groups), continue to attack medical facilities and other healthcare institutions. Ransomware attacks interrupt and delay health care delivery, placing patient lives in danger.  

Read more »
US Healthcare
Cyber Attacks cybersecurity research Healthcare Data Healthcare organizations Proofpoint US Healthcare

88% of Healthcare Organizations Have Suffered a Cybersecurity Incident in Past Year


Organizations included in the healthcare sector, like hospitals and clinics, have struggled with a series of cyberattacks in recent years, resulting in their inability to provide even the minimum services because of computer outages and loss of important files in the data breaches.

In a recent report published on Wednesday by research conducted by Proofpoint, an email security company, around 90% of healthcare organizations have experienced at least one cybersecurity incident in the past year. 

In the past two years, more than half of the healthcare organizations have reported to have experienced an average of four ransomware attacks. 68% of the organizations surveyed noted that the attacks “negatively impacted patient safety and care.”

The aforementioned report conducted by Proofpoint includes a survey of more than 650 IT and cybersecurity professionals in the US healthcare sector, highlighting the healthcare sector's ongoing susceptibility to common attack methods. It occurs as the Cybersecurity and Infrastructure Security Agency works to provide greater assistance to small, rural hospitals that are underfunded and wilting under constant cyberattacks.

As healthcare organizations struggle to find alternatives to their outdated technology so they can keep providing services, these efforts are using up more and more of their resources. Between 2022 and 2023, the cost of the time spent minimizing the attacks' consequences on patient care rose by 50%, from around $660,000 to $1 million.

In the case of ransomware assault in hospital systems, where computer networks shut down, the impact is rapid and extensive. 

Stephen Leffler, president and chief operating officer of the University of Vermont Medical Center, spoke about how a ransomware assault in October 2020 brought about a catastrophe at his facility during a congressional hearing in September. For 28 days, senior physicians had to train junior physicians on how to use paper records as the National Guard assisted the IT department in a round-the-clock operation to wipe and reconfigure every computer in the network.

Leffler remarked, "We literally went to Best Buy and bought every walkie-talkie they had." This was due to their internet-based phone system being offline. Between 2022 and 2023, the cost of patient care grew by 50%, from about $660,000 to $1 million.

Leffler, who has been an emergency medicine doctor for 30 years, further commented “I've been a hospital president for four years. The cyberattack was much harder than the pandemic by far.” 

Read more »
US Healthcare
Data Breach Data Leak Exposed Patient Records Ransomware attack US Healthcare

US Healthcare Startup Brightline Impacted by Fortra GoAnywhere Assaults

 

A firm providing virtual mental health services for children is the latest victim of Fortra's widespread ransomware onslaught, which has spread its effects even further. 

The American healthcare behemoth Blue Shield of California confirmed that data from one of its providers, Brightline, that was housed in its GoAnywhere file transfer platform had been taken in a data breach notice filed with the Maine attorney general's office. Threat analysts identified Brightline as a potential victim of the mass breach last week. It offers online coaching and therapy for kids. 

The breach notification verified that hackers—perhaps members of the Russia-linked Clop ransomware gang who claimed to have infiltrated over a hundred businesses via an unreported security flaw—accessed and possibly exfiltrated the personal information of over 63,000 patients. 

The group has announced that they will release the data taken from Brightline "soon" on Clop's dark web leak site, which they use to expose the stolen material absent payment of a ransom.

On its website or on social media, Brightline has not yet made the breach publicly acknowledged. John O'Connor, a representative for Brightline, declined to comment on TechCrunch's inquiries, although he did not deny that the hack has a 63,000 person impact. The number of young Brightline customers who are impacted is unknown. 

According to Blue Shield's breach report, the patient names, addresses, dates of birth, gender, Blue Shield subscriber ID numbers, phone numbers, e-mail addresses, plan names, and plan group numbers were all compromised. 

Nevertheless, Brightline is not the only healthcare provider among the 130 firms being affected by the Clop group. US Wellness, a provider of corporate health and wellness initiatives, also acknowledged that hackers had gained access to user personal information including names, addresses, dates of birth, and member ID numbers. 

Because of the severity of the Fortra vulnerability's effects on healthcare institutions, the U.S. government's health sector cybersecurity coordination centre, or HC3, issued a warning in February to help companies prepare for Clop's attacks. 

The City of Toronto, Investissement Québec, and Virgin Red are among the ever-expanding list of victims the group is known to have targeted outside of healthcare institutions. 

Virgin Red was contacted by Clop and, according to Jodie Burton, learnt that hackers had "illegally gotten some Virgin Red files via a cyber-attack on our provider, GoAnywhere." Although Fortra had promised them that their data was secure, TechCrunch has heard from other victims who, like them, only discovered that data had been taken after receiving a ransom demand.
Read more »
Subscribe to: Posts (Atom)