Maria Perez
Maria is an experienced writer, providing content for Healthcare Industry News since 2021. Working as a senior writer, Maria focuses on news reporting, making the complex healthcare topic comprehensible for readers. Maria’s expertise and dedication to delivering accurate stories make him a trusted source on our site.
by Maria Perez | Aug 3, 2021 | Compliance News
The Los Angeles Fire Department has learned that the COVID-19 vaccination information of 4,900 personnel was by mistake exposed on the web.
A listing that contained the full names of employees, birth dates, employee numbers, and COVID-19 vaccination data (vaccination doses, dates, or refused vaccine) had been shared on a webpage available to anyone. At that time that the site was active, it was possible to see the web page and do lookups of the database for names and worker numbers. The database was not secured by password and no details were inputted to authenticate users. In case a wildcard lookup was done, a table was made that showed the records of all 4,900 workers.
The website – covid.lacofdems.com – was registered privately and was connected to the Fire Department’s Emergency Medical Service’s department. The web page, which was not authorized, was developed on April 29, 2021 and was inactivated on July 15, 2021. The site was said to have been made to enable Department staff to access lost vaccination data.
Before the deactivation, a news reporter at the LA Times acquired the information from the data storage. An inquiry into the website owner confirmed that it was hosted by a unit staff and wasn’t protected utilizing a government software program or system.
After discovering the breach and compromise of vaccine status data, some firefighters utilized social media to complain about the privacy breach. The union of firefighters, Local 1014, has requested a complete investigation of the breach.
Mailing Vendor Error Resulted in Delivering Letters to Wrong MassHealth Members
Standard Modern Company, Inc. located in New Bedford, MA has alerted 2,707 patients regarding an accidental exposure of their personal data.
Standard Modern Company is the mailing services provider to the Massachusetts Executive Office of Health and Human Services. On May 24, 2021, Standard Modern Company was advised that a number of MassHealth members had obtained letters that comprised the details of other MassHealth members. All mailings were halted as the occurrence was reviewed, with the investigation verifying an internal program problem had taken place that impacted mailings from May 10, 2021 to May 18, 2021. The mistake resulted in the creation of wrong labels on some mailed notifications.
In every instance, a letter that contains a member’s name, ID number, date of birth, and last four numbers of their Social Security Number, was mailed to another MassHealth member.
Standard Modern Company has discontinued making use of the internal program that generated the mistake, and further safety measures were enforced to enhance its mailing methods and stop more mistakes.
Every one of the 2,707 affected persons only had minimal data exposed to one other person, and there were no documented incidents of improper use of any of the compromised details. A telephone line was set up for impacted people to know more concerning the breach and have their issues responded to, and free access to Triple Bureau Credit Monitoring and cyber monitoring services were given at no cost for two years.
The privacy and security law company in Buffalo, NY Beckage PLLC assisted Standard Modern Company when looking into and addressing the data breach.
by Maria Perez | Jul 30, 2021 | Compliance News, Healthcare Information Technology, Telehealth News
Healthcare organizations are increasingly utilizing health information technology to give patients virtual health care services. With telehealth services, patients located in rural places and the seniors receive necessary medical services. Because of the pandemic, there is a substantial development in telehealth to give virtual medical care services to individuals to minimize the COVID-19 spread.
Based upon FAIR Health, private insurance providers saw growth in telehealth claims by 4,347% a year ago. Actually, virtual care telehealth nowadays is the fastest expanding facet of medical care. The Centers for Medicare and Medicaid Services has committed to providing ongoing assistance for online medical care services. According to Frost & Sullivan, a seven-fold increase in telehealth services is expected by 2025.
The critical advancement of healthcare services has taken place immediately and at a moment when cybercriminals are much more focusing on the healthcare industry. Attackers are able to easily exploit vulnerabilities to acquire access to sensitive medical data and disrupt services to get a profit. A 2020 study by SecurityScorecard and DarkOwl exhibited a nearly exponential increase in targeted attacks on telehealth firms with the skyrocketing popularity of telehealth.
To reach the 100 % potential of virtual healthcare services, it is necessary for healthcare sector stakeholders to find and manage the privacy and security risks to medical data, which can be difficult in a complicated, interconnected ecosystem such as medical care.
The Healthcare and Public Health Sector Coordinating Council (HSCC) has published a white paper to offer the healthcare sector guidance on pinpointing cybersecurity vulnerabilities and risks linked to the use and provision of telehealth and telemedicine.
The published Health Industry Cybersecurity-Securing Telehealth and Telemedicine guidance aims to support the healthcare programs, doctors, vendors, providers, and patients, who all carry the responsibility of ensuring that telehealth gives the best service along with privacy and security protection to an appropriate level.
The report details the cyber threats linked to telehealth and telemedicine and explains the regulatory challenges of telehealth services, offering audit resources, help with policies and procedures, and recommending guidelines to abide by.
The guidance paper talks about the policy structure of healthcare cybersecurity, discusses rules and business policies, cybersecurity priorities, and comes with strategies for utilizing and protecting telemedicine services.
At this time, no federal agency has the ability to create and enforce privacy and security requirements for the entire telehealth setting. At least, telehealth systems must implement security and privacy relative to all types of care.
Healthcare organizations are advised to adhere to the guidelines suggested in the white paper and make use of the ideas well suited for their risk profile to improve privacy and security protection to get the utmost benefits from telehealth and telemedicine services.
The HIC-STAT white paper may be downloaded on this page.
by Maria Perez | Jul 27, 2021 | Compliance News
The Nebraska Department of Health and Human Services has reported a security incident concerning the protected health information (PHI) of clients of Aging Partners, a division of the City of Lincoln.
The Lincoln Information Services Department uncovered the breach on May 25, 2021. Workers had clicked links in phishing email messages and shared information to their email accounts, which got over 46,000 email messages. A computer forensics firm assisted in confirming that an unauthorized person accessed the email account from May 18 to May 21.
An audit of the messages in the account affirmed that some included patient details like names, dates of birth, addresses, telephone numbers, Social Security numbers, type/amount of service, dates of service, and a few health information like diagnoses, care examination, and prescription medication listings. Emails additionally included bank account numbers or other financial data of some people. 6,600 of the emails enclosed the PHI of Aging Partners’ customers, though only 1,513 persons were affected. For most affected people, only names were contained in the email accounts.
All people impacted by the attack are currently being advised and credit monitoring and identity theft protection solutions are being given to persons who had their financial details enclosed in the breached email accounts.
UNC Health Phishing Attack
UNC Health has reported that an unauthorized individual accessed an email account including the PHI of patients of the University of North Carolina at Chapel Hill School of Medicine (SOM) and the University of North Carolina Hospitals (UNC Hospitals).
On May 20, 2021, UNC Health uncovered the compromise of the email of a SOM faculty member. That person offered medical services at UNC Hospitals. The email account was made secure promptly, and an investigation was started to ascertain the scope of the breach. With the assistance of a third-party cybersecurity agency, UNC Health established that the email account breach was only on April 20, 2021. The breach didn’t affect any other systems or email accounts.
An analysis of the account showed the possible breach of these types of data: Patients’ names, birth dates, diagnosis and treatment data, and/or details concerning a research study patients might have been associated with or were qualified for at UNC Hospitals/SOM. The email account had the medical insurance data of fewer than 30 patients and the Social Security numbers of less than 10 patients. There were no documented incidents of patient information misuse.
More email security steps are being enforced and employees are given more training to help them distinguish phishing email messages.
by Maria Perez | Jul 20, 2021 | Compliance News
The infamous REvil ransomware gang’s Internet and dark sites have unexpectedly vanished, days right after President Biden called Vladimir Putin to do something against ransomware groups and other cyber criminals executing attacks from inside Russia on U.S.A. businesses.
At about 1 a.m. on Tuesday, the web pages that the gang uses for leaking data files of ransomware victims, their command and control system, and their ransom negotiation chat server disappeared and have continued to be offline from that time on. For one of the group’s web pages, the server IP address cannot be resolved through DNS queries.
REvil has become one of the high-profile ransomware-as-a-service operations. The gang was associated with lots of ransomware attacks in the U.S.A. and around the world, such as the new attack on JBS Foods and the supply chain attack on Kaseya. Ransomware was employed in attacks on approximately 60 managed service providers (MSPs) and approximately 1,500 of their clients on July 2. A $70 million ransom demand was set to give the keys to decrypt the victims’ files, with the demand going down to $50 million right after.
Though it is not strange for ransomware operations to proceed quietly, or for systems to be momentarily taken out, the timing of the shutdown implies either the U.S. or Russian government has made a move. The FBI hasn’t said anything on the REvil servers shut down, and the press secretary of the president of the Russian Federation, Dmitry Peskov, advised TASS reporters that he didn’t know the rationale what happened to the servers. It is likely that the loss of the system is because of hardware breakdown or basically the gang making a decision to lay low, specifically after such a serious attack.
Ransomware gangs have encountered a good deal of scrutiny subsequent to the DarkSide ransomware group’s attack on the Colonial Pipelin. Soon after the attack, the White House reported that attempts to target ransomware groups and their infrastructure will be intensified. Subsequent to the attack, the DarkSide RaaS operation closed down, as a result of the law enforcement’s subtle takedown of their infrastructure.
At the Geneva summit, President Biden chatted with Vladamir Putin concerning cyberattacks done on U.S. businesses from cybercriminal groups working within Russia and told him to take action to break up the gangs, even if the attackers weren’t state-sponsored.
A few days ago, President Biden talked with Putin demanding action against ransomware gangs working outside of Russia. Biden stated to reporters right after the call that the U.S. is going to make a move to take down the ransomware gangs’ servers if Russia failed to.
A number of news outlets, like the BBC, have announced the shutdown was a result of action undertaken by the U.S.A. to cut off the group’s system. A BBC reporter chatted with one person, presumably an REvil affiliate, who mentioned the group had closed its infrastructure right after a partial takedown by federal authorities and growing pressure from the Kremlin.
Bitali Kremez of Advanced Intel stated that according to uncorroborated facts, REvil server infrastructure acquired a [Russian] government legal request pressuring REvil to fully get rid of server infrastructure and go away. Nonetheless, it isn’t confirmed.
It is very premature to tell what has occurred and if the shutdown will be short-lived or long-term. As is usually the case right after shutting down a Ransomware-as-a-Service operation, the gang may merely come back with another name, as REvil did before.
by Maria Perez | Jul 14, 2021 | Compliance News
Kaseya has made an announcement of a security update issued for the Kaseya KSA remote management and monitoring software tool to correct the zero-day vulnerabilities, which the REvil ransomware gang lately exploited in attacks targeting its customers and their prospects.
The vulnerabilities exploited in the attack were part of a set of seven vulnerabilities that the Dutch Institute for Vulnerability Disclosure (DIVD) reported to Kaseya last April 2021. Kaseya had created patches to fix four of the seven vulnerabilities identified in its Virtual System Administrator program and launched these during its April and May security releases; nevertheless, before the release of the patches for the last three vulnerabilities, an REvil ransomware affiliate exploited at least one of them.
The attack impacted roughly 60 clients including managed service providers (MSPs) that used the Kaseya VSA on-premises. The REvil ransomware group acquired access to their servers, encrypted them, and transmitted their ransomware to roughly 1,500 business customers of those firms.
After the attack on July 2, 2021, Kaseya told its consumers to turn off their on-premises VSA servers until the exploited vulnerabilities were resolved and its SaaS servers were de-activated as the SaaS software also had vulnerabilities, though its cloud-based service wasn’t affected by the attack. Those servers are currently being restarted incrementally and the last three patches were launched in the VSA 9.5.7a (9.5.7.2994) update.
The three vulnerabilities resolved in the most recent security update are
CVE-2021-30116 – a business logic and credential leak vulnerability
CVE-2021-30119 – a cross-site scripting vulnerability
CVE-2021-30120 – a 2FA bypass vulnerability.
Kaseya states that a further three vulnerabilities in the software were likewise sorted out by the new update. These are a failure to utilize a secure flag for user portal session cookies, a vulnerability that permitted files to be uploaded to a VSA server, and an issue where a password hash was compromised, which caused weak passwords to become prone to brute force attacks.
Kaseya has proposed a procedure for using the update to reduce risk. This entails making sure the VSA server is separated and not linked online, looking for Indicators of Compromise (IoCs) to know if servers or endpoints had been breached, then implementing the update.
The complete method to update on-premises VSA servers and protecting them is pointed out in the Kaseya On Premises Startup Readiness Manual.
