Maria Perez
Maria is an experienced writer, providing content for Healthcare Industry News since 2021. Working as a senior writer, Maria focuses on news reporting, making the complex healthcare topic comprehensible for readers. Maria’s expertise and dedication to delivering accurate stories make him a trusted source on our site.
by Maria Perez | Oct 19, 2021 | Compliance News, Healthcare Information Technology
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) gave a joint advisory regarding persistent BlackMatter ransomware attacks.
The group continues to run attacks in the U.S.A. since July 2021. It has conducted attacks on critical infrastructure entities including two agencies in the U.S. Food and Agriculture Sector. Data has been received that connects the group to the DarkSide ransomware gang that executed attacks from September 2020 to May 2021. The Colonial Pipeline attack with the BlackMatter ransomware is likely a rebrand of the DarkSide operations.
Inquiry into the attacks has provided agencies with vital data concerning the tactics, techniques, and procedures (TTPs) of the group, and an examination has been conducted on a ransomware sample in a sandbox environment.
The ransomware gang is identified to employ already compromised credentials to acquire access to the systems of victims, then utilizes the Server Message Block (SMB) protocol and the Lightweight Directory Access Protocol (LDAP) to acquire access to the Active Directory (AD) and locate all hosts on the system. The BlackMatter group deploys ransomware and then encrypts the hosts and shared drives remotely when they are located. The gang has been found to exfiltrate files and normally requires ransom payments of around $80,000 – $15 million in Bitcoin or Monero.
In the shared advisory, the NSA, CISA and FBI mentioned TTPs, provide Snort signatures which could be employed for uncovering the network activity linked with BlackMatter ransomware attacks, and various mitigations to cut down the possibility of a breach by the group.
Mitigations comprise of:
- Employing detection signatures to distinguish and prohibit attacks in progress
- Utilizing strong passwords tolerant to brute force attacks
- Using multi-factor authentication to prohibit the usage of compromised credentials
- Patching and making updates to systems quickly
- Confining access to sources in networks
- Employing network segmentation and traversal tracking
- Employing admin disabling tools to support identity and privileged access administration
- Employing and enforcing backup and recovery plans and processes
by Maria Perez | Oct 12, 2021 | Compliance News
New legislation was launched that necessitates ransomware attack victims to make known any payments given to the threat actors to the Department of Homeland Security (DHS) within 48 hours after making the ransom payment.
Sen. Elizabeth Warren (D-Mass.) and Rep. Deborah Ross (D-N.C.) brought in the Ransom Disclosure Act. The bill seeks to offer the DHS the facts it requires to check ransomware attacks and increase comprehension of how cybercriminal groups run their business, hence letting the DHS get a good overview of the ransomware threat confronting the United States.
Between 2019 and 2020, ransomware attacks grew by 62% across the world, and by 158% in the U.S.A. The Federal Bureau of Investigation (FBI) got 2,500 complaints concerning ransomware attacks in 2020, 20% higher in comparison to the past year and $29 million more reported losses due to ransomware attacks in 2020. Not every ransomware attack is documented. Numerous victims opt to privately pay the threat actors to obtain the keys to decrypt their information and stop the public disclosure of any stolen information during the attack.
Chainalysis is convinced ransomware groups around the world received more or less $350 million in cryptocurrency in 2020, which grew by 311%. Attacks kept on increasing in 2021. Based on Check Point’s mid-year security report, the first 6 months of 2021 had 93% higher ransomware attacks compared to the matching period of time the previous year.
Like the ransomware attack on Colonial Pipeline has proven, the groups responsible for these attacks create a major national security risk. That attack contributed to the shutdown of a serious fuel pipeline for approximately one week. The attack on JPS Foods affected food manufacturing, and a large number of attacks on the healthcare market have impacted the capacity of healthcare companies to give proper care to patients. This year, CISA mentioned ransomware attacks hamper care and have an effect on patient results, and there was a loss of life in the U.S.A. which is supposed to have been caused by a ransomware attack.
Ransomware attacks keep on increasing given that they are lucrative and grant ransomware gangs and their affiliates an excellent revenue. There is additionally little chance of being found and brought to the law. Sadly, investigations of ransomware groups could be affected by a deficiency of data, consequently the launch of the Ransom Disclosure Act.
Though the FBI urges the ransomware attacks reporting to aid investigations, it isn’t compulsory. Sad to say, considering that victims aren’t expected to report attacks or ransom payments to government authorities, the crucial information needed to fully grasp these cybercriminal businesses are lacking to stop these attacks, explained Congresswoman Ross. This law will put in place critical reporting requirements, such as the amount of ransom asked by the attackers and paid, and which currency is used. The U.S. is unable to continue to combat ransomware attacks without being aware of this information.
The Ransom Disclosure Act will call for:
- Ransomware victims (except persons) to reveal any ransom payments in 48 hours after giving the payment, together with the amount, currency employed, and any details that were obtained on the entity requiring the ransom.
- The DHS will be expected to publish data exposed during the past year regarding the ransoms paid, not including identifying details related to the entities who made payments.
- The DHS will need to build a website for people to voluntarily submit a report of the ransom payments.
- The Secretary of Homeland Security will have to do an analysis on commonalities between ransomware attacks and the scope to which cryptocurrency was involved in the attacks, and give suggestions for securing data systems and fortifying cybersecurity.
by Maria Perez | Oct 6, 2021 | Compliance News
Schneck Medical Center located in Seymour, IN has reported that it suffered a cyberattack that had affected its company operations.
The medical center discovered the attack on September 29, 2021 and made an announcement on the same day. As a response to the incident, all IT systems inside its facilities were stopped as a safety precaution. Third-party cybersecurity specialists were called in to help investigate the incident and reestablish its IT system as soon as possible. According to Schneck Medical Center, it took time to investigate the cyberattacks and to fully resolve the recovery of IT systems, however, steps were taken to lessen interruption to its IT systems.
Schneck Medical Center stated the majority of medical services were not impacted by the cyberattack and patients can come for booked medical services and appointments as usual. Patients will get individual notification when for any reason their scheduled visit is delayed because of the cyberattack.
Schneck Medical Center stated in its breach notification that it is committed in taking care of people. It will continue to deliver excellent care to communities and will give more updates as necessary.
At this point, it is uncertain whether patient data was exposed. More information will be published concerning the attack when the investigation affirms that attackers indeed obtained access to systems that contain patient data.
PHI Possibly Exposed in Epilepsy Foundation of Texas Due to Phishing Attack
An unauthorized person potentially accessed the email account of an Epilepsy Foundation of Texas employee and possibly acquired sensitive patient information. Epilepsy Foundation of Texas found out about the email account compromise on or around June 8, 2021 because the email account had been used for sending fraudulent email messages. After immediately securing the email account, the foundation conducted an investigation to find out the nature and extent of the breach.
The investigation affirmed the breach of the account after the employee replied to a phishing email. A review of the breach and the data within the email account was finished on September 2, 2021. Then efforts were made to acquire the correct address details of the affected persons in order to send notifications. The foundation began sending notification letters to affected persons on October 1, 2021.
Epilepsy Foundation of Texas mentioned the breached email account included first and last names, birth dates, driver’s license numbers, medical details, medical insurance data, Social Security numbers, financial account numbers, biometric information, usernames and passwords, and payment card numbers.
After the attack, security practices were evaluated and were now improved. Epilepsy Foundation of Texas stated it doesn’t know of any incidents of attempted or actual patient data misuse, but it has instructed impacted patients to exercise care and keep track of their accounts and explanation of benefits statements for indications of bogus activity.
by Maria Perez | Sep 29, 2021 | Compliance News
PHI of Up to 3,634 Persons Compromised at Vista Radiology Ransomware Attack
Vista Radiology based in Knoxville, TN has advised 3,634 patients concerning a ransomware attack suffered on July 11, 2021 which caused the shutdown of its network. A prominent computer forensics agency carried out an extensive investigation of the attack. At the onset of the investigation, it seemed to indicate the main goal of the ransomware attack was to encrypt its files, and that there wasn’t any exfiltration of information involved. Nonetheless, Vista Radiology was advised on July 15 that certain information was discovered that files or folders including patient information were accessed and looked at.
The investigation established that the attacker encrypted the data files and a part of the files was accessed before encryption. The files that were viewed just comprised a number of patient data and no considerable amount of information was exfiltrated by the hackers. It cannot be determined whether the protected health information (PHI) of any specified patients were viewed, therefore notification letters were delivered to all patients possibly affected by the ransomware attack. The investigation revealed that PHI had not been obtained or abused.
Vista Radiology stated the encrypted records had backup copies and may be recovered and that it didn’t make a deal with the malicious third party. Measures have since been undertaken to strengthen the security of its system environment, which required a comprehensive rebuild and overhaul of network security. All impacted individuals were sent notifications and provided one year of free identity and credit monitoring services at no cost.
Mankato Clinic Privacy Breach Impacts 535 Individuals
Mankato Clinic based in Mankato, MN has identified a compromise of the PHI of 535 patients. On August 3, 2021, an employee emailed a spreadsheet that contains patient information by an employee to an external email account by mistake. The error was discovered within a couple of minutes. The email recipient was contacted and informed to get rid of the email and spreadsheet properly.
The recipient affirmed that the email message was gone and the spreadsheet was not opened; nonetheless, the email wasn’t encrypted therefore there is a slight possibility that it can be intercepted during transmission. The spreadsheet included these types of patient data: Name, address, email address, telephone number, birth date, sex, healthcare company’s name, diagnosis data, medical record number, and primary insurance provider.
The investigation affirmed the error happened because of the usage of the email auto-complete function. All workers were given HIPAA training, hence the staff involved knew the occurrence was a HIPAA breach and self-reported the problem.
by Maria Perez | Sep 22, 2021 | Compliance News
Barlow Respiratory Hospital based in Los Angeles, CA has reported that it has encountered a ransomware attack last August 27, 2021. The Vice Society ransomware gang executed the attack and obtained access to its system as well as the electronic medical record system. Before deploying ransomware to encrypt records, the gang exfiltrated patient records, a number of which were shared on the ransomware gang’s dark web data leak page.
Barlow Respiratory Hospital explained while the attack affected a few IT systems, the medical center was able to proceed with operations following its emergency processes and patient care wasn’t cut off.
Upon recognition of the data breach, the authorities were alerted and a third-party cybersecurity agency was involved to help with the investigation and identify the magnitude of the data breach. The attack investigation is still ongoing.
Although a number of ransomware groups have stated they won’t target healthcare companies, Vice Society is not part of that group. The ransomware operation sprang up in June 2021 and already attacked several healthcare organizations, like Eskenazi Health based in Indianapolis. The ransomware gang has been taking advantage of new security issues, for example, the Windows PrintNightmare vulnerabilities.
A representative of Barlow Respiratory Hospital said they will go on to work with the authorities to support the investigation. Also, they are working hard, with the help of a cybersecurity agency, to examine what files may have been compromised in the incident. If needed, they will advise the people whose data may have been impacted, as per applicable guidelines and regulations, sooner or later.
Missouri Delta Medical Center Experiences Hive Ransomware Attack
The protected health information (PHI) of patients of Missouri Delta Medical Center located in Sikeston, MO was compromised in a ransomware attack executed by the Hive ransomware gang. At the beginning of this month, a part of the stolen information was loaded to the ransomware gang’s data leak website in order to force the medical center into shelling out the ransom payment. The Hive ransomware group has attacked a number of healthcare companies in the past couple of weeks, which include Memorial Health System.
Missouri Delta Medical Center involved the expert services of a prominent forensic security firm to look into the attack and find out the nature and extent of the breach. The provider was later on advised by a third party that a number of patient records were stolen and shared on the web. In accordance with the write-up on the Hive gang’s data leak webpage, the names, telephone numbers, addresses, birth dates, race/sex, Social Security numbers, next of kin information, diagnoses, and financial details of 95,000 persons was stolen during the attack. That data was enclosed in 400 GB of files that were copied before file encryption.
Missouri Delta Medical Center mentioned the attack did not affect its capacity to deliver health care for patients. The attack investigation is in progress nevertheless at this phase it seems that the attack didn’t impact its electronic medical record system.
Missouri Delta Medical Center apologizes for any trouble this event may have created and is doing something to improve security and minimize the risk of an identical incident taking place down the road. The center continues to be focused on keeping on assisting the community.
