Tagged With "exposed"
Topic
Cybersecurity News
The average American has had their personal data stolen or exposed at least 4 times in 2019, according to new research published by Interest Research. - The finance vertical is suffering from a 238% increase in cyberattacks during COVID- 19 pandemic according to research published by VMware Carbon Black Security. - Nebraska Medical Center of Omaha, NE notified 1311 patients that their PHI was exposed after an employee illegally accessed - Sophos Security reports following on ransomware: o...
Topic
Cybersecurity Update
- TV celebrity Scott Disick, father of 3 children with Kourtney Kardashian, has filed a lawsuit against All Points Lodge Rehab in Edwards, Colorado for a HIPAA breach. o He reportedly had recently checked himself into the facility for substance abuse, and apparently an employee at the facility may have sold this story to tabloid publications. - Ann and Robert Lurie Children’s Hospital of Chicago, IL notified 4,824 patients that their PHI was illegally accessed by a former employee. - Vanessa...
Topic
Hackers Expose Data of 2.4M UK Cellphone Co. Customers
Hackers Expose Data of 2.4M UK Cellphone Co. Customers British data protection watchdog the Information Commissioner's Office said Monday that it is investigating a hacking breach of mobile phone retailer Carphone Warehouse that may have exposed the...
Topic
Cybersecurity Update
- Tessian Security published research report showing that there is a 47% increase in breach incidents over the last 2 years caused by insiders (existing employees) o Includes both accidental data loss as well as deliberate data exfiltration by negligent or disgruntled employees o Amtrak, headquartered in Washington D.C., informed an unknown number of customers that their info was exposed after hacking incident. - Advanced Intelligence LLC is reporting that operators of NetWalker ransomware...
Topic
Cybersecurity Update
- UPMC (University of Pittsburgh Medical Center) notified 65,000 patients that their PHI was stolen and placed on Dark Web to be monetized. - Privacy Affairs magazine published results of research of what hackers are selling stolen info on the Dark Web. Examples: o Credit card info = $12 to $20 each o Driver’s license = $70 to $550 each o Auto insurance card = $70 each o Facebook account = $74 each o Instagram account = $55 each o Tick Tok account = $15 each - KIPP SoCal, charter schools in...
Topic
Cybersecurity Update
- Hanger Prosthetics & Orthotics, Inc. of Kirksville, Missouri notified 6,033 patients that their PHI was exposed after two boxes of paper medical records were found in a storage facility. - Domestic violence app supported by Dr. Phil suffers data breach o Aspire News, an app designed to assist domestic violence victims, has suffered a data breach with recordings from victims found on unsecured cloud storage. o included more than 4,000 voice recordings along with victim details, home...
Topic
Cybersecurity Update
Cybersecurity Update Bill Gates, Barack Obama, Jeff Bezos, Joe Biden, Kanye West, Elon Musk and many other high profile people had their Twitter accounts hacked. o All their followers received a tweet trying to convince users to send in $1000 in bitcoin - The US National Security Agency is warning hospitals, universities and pharmaceutical companies that Russian hackers are attempting to steal COVID-19 research using email phishing and malware attacks. - Wells Fargo ordered all of its...
Topic
Cybersecurity Update
Cybersecurity Update - Fortified Health Security reports that malicious attackers caused 60% of healthcare data breaches so far this year. - Children’s Hospital of Colorado, located in Aurora, notified 2,553 patients that their PHI was exposed after an email phishing attack. - Interpol reports that from January to April, it detected the following tied to COVID-19 topics: o 907,000 spam messages o 737 malware incidents o 48,000 malicious URLs - Becker’s Health IT magazine reports that...
Topic
Cybersecurity Updates
Cybersecurity Updates Fortinet Security published report on healthcare cybersecurity: o 87% of healthcare providers use IoT devices o 79% are making cloud adoption a strategic priority o 59% of breaches are carried out by internal threats o 60% increase in cyber attacks in past year o 41% of breaches are caused by email o 51% fail to comply with HIPAA Right to Access 83% recognize that HIPAA compliance is not enough to address cyber threats 72% on average comply with HIPAA Security Rule...
Topic
Cyber Security News
Cybersecurity NEWS - Adobe Corp. notified customers that it has fixed 5 critical flaws that would allow hackers to run JavaScript in browers o Would allow hackers to steal info, and move laterally through network - Microsoft notified users that specially crafted Windows 10 themes and theme packs could be used in “Pass-the-Hash” hacking incidents o Could steal Windows account credentials from unsuspecting users - IBM is warning users of new Raccoon malware, which can attack TLS 1.0, 1.1 and...
Topic
Cybersecurity Update
HIPAA & Cybersecurity Updates - The federal Office for Civil Rights (under Department of Health & Human Services) announced following settlements based on HIPAA violation investigations: o $15,000 = All Inclusive Medical Services of California o $70,000 = Northeast Behavioral Health, part of Beth Israel Lahey Health of Massachusetts o $3500 = Dr. Patricia King Psychiatric Clinic of Chesapeake, VA o $10,000 = Wise Psychiatry of Centennial, CA o $38,000 = Housing Works Health of New...
Topic
Cybersecurity Update
Department of Health & Human Services’ Office for Civil Rights (OCR) stated that so far in 2020, the PHI (protected health information) of 13.7 million patients hasbeen affected by data breaches. Causes: 66% = hacking 21% = unauthorized access/disclosure 7% = theft3% = improper disposal 3% = loss Premera Blue Cross, headquartered in Mountlake Terrace, Washington, paid the largest HIPAA fine in history, when it agreed to pay the feds $6.85 million in regards to breach that exposed PHI of...
Topic
Cybersecurity Update
US District Attorney announced that Richard Liriano was sentenced to 30 months in prison and a $351,850.25 fine for illegally accessing the PHI of patients while he worked for the Hospital For Special Surgery in New York. The City of Odessa, Texas notified an unknown number of citizens that their info may have been exposed in recent breach. People of Praise, located in South Bend, IN, notified an unknown number of members that their info was exposed after hacking incident. The University...
Topic
Cybersecurity Updates
Cybersecurity Updates Cyber consulting firms are getting dragged into post-breach lawsuits, according to article published by Bloomberg Law. o Accenture Plc’s unit was compelled to provide info during recent suit filed against Marriott International o Was forced to turn over cybersecurity firm Mandiant’s report on a cloud hack in another case. o Class action lawyers claim it could provide “a vivid trail for liability” The feds report that in the month of October, 2020, over 2.1 million...
Topic
Cybersecurity Updates
HIPAA & Cybersecurity Updates First Impressions Orthodontics/Professional Dental Alliance of Connecticut, notified 23,000 patients that their PHI was exposed after ransomware attack. The Connecticut Department of Social Services notified 37,000 patients that their PHI was exposed after an email phishing attack. The federal government is proposing a new law named “The Internet of Things Cybersecurity Improvement Act”, to increase awareness and standards regarding security of these devices...
Topic
Cybersecurity Update
Cybersecurity Updates University of Vermont (UVM) Health claims that the total cost of recent ransomware attack will exceed $63 million. Cedar Springs Hospital of Colorado Springs, Colorado, notified an unknown number of patients that their PHI was exposed after an external drive was stolen. Dental Care Alliance, headquartered in Sarasota, Florida, notified over 1 million patients that their PHI was exposed after a ransomware attack. Dyras Dental Clinic of Lansing, Michigan notified an...
Topic
Cybersecurity Updates
The FBI is reporting that pranksters are hacking into smart devices in the home, accessing the audio and video feeds from the devise (i.e. Alexa, smart TVs, etc.) and then contacting local law enforcement to report a fake crime Hacker than watches the live footage of police response This is called “swatting” Ticketmaster Corp. of New York agreed to pay $10 million to resolve charges stemming from insider-caused breach. Former employee Zeehsan Zaidi pled guilty to the incident T-Mobile Corp.,...
Topic
Cybersecurity Updates
Cybersecurity Updates Froedtert Health of Milwaukee, Wisconsin, notified 760 patients that their PHI was exposed after being illegally accessed by a former employee. Hendrick Health of Abilene, TX notified 640,436 patients that their PHI was exposed after ransomware attack. Salem Clinic of Oregon notified 20,000 patients that their PHI was exposed after ransomware attack hit Metro Presort, which processes the clinic’s mail. The Center for Alternative Sentencing and Employment Services...
Topic
Cybersecurity Updates
Wall Street Journal published report called “Hospital Suffer New Wave of Hacking Attempts” Great Plains Health of Nebraska’s Christopher Stroud admitted that up to 70,000 attempts per day from hackers trying to get into the hospital’s network Hackers give interview with Cisco researcher: Identified as “Aleks”, and lives in Siberia, Russia In his early 30s Has university level education Uses Mimikatz and PowerShell as tools Is part of the Lockbit ransomware gang Healthcare is his favorite...
Topic
Cybersecurity Updates
Cybersecurity Updates With a single update, a popular barcode scanner app on Google Play transformed into malware and was able to hijack up to 10 million devices as reported by Malwarebytes Lavabird Ltd.'s QR code barcode scanner was an Android app that had been available on Google's official app repository for years accounting for over 10 million installs ESET Cybersecurity is reporting that there is a 768% growth in Remote Desktop Protocol (RDP) attacks over the course of 2020 detected 29...
Topic
Cybersecurity Notes
Cybersecurity The federal government, via Department of Health & Human Services’ Office For Civil Rights, is reminding all healthcare facilities that they have until 3/1/2021 to report any breaches that exposed PHI of fewer than 500 patients. Crowdstrike published report warning the healthcare industry of increased cyberattacks from state sponsored hacking gangs located in: North Korea Vietnam Iran Russia China ZDNet is warning of a sharp rise in hacking attacks aimed at colleges and...
Topic
Cybersecurity Update
IBM published results of new research on the average total cost of a breach by vertical market: $7.13 million = healthcare $6.39 million = energy $5.85 million = finance $5.06 million = pharma $5.04 million = tech $3.9 million = education Average amount of days before breach is discovered: 329 days = healthcare 324 days = government 283 days = education Security Week magazine reports on ransomware: Ransomware gangs earned at least $350 million in 2020 311% increase YoY $154,000.00 = average...
Topic
Cybersecurity Notes
FBI published results of research: Total losses from internet crime exceeded $4.2 billion in 2020 In 2019, losses were only $3.5 billion FBI published warning to school systems in the U.S., that they are being targeted by PYSA ransomware, aka Mespinoza. Jean Francois Eap, CEO of Sky Global, was indicted for allegedly participating in a hacking and illegal narcotic distribution ring Sky Global is a provider of custom handsets and a subscription-based end-to- end encrypted messaging app Check...
Topic
Cybersecurity Update
Spectra Logic of Boulder, CO notified an unknown number of customers that their info may have been exposed after ransomware attack. - The University of Pittsburgh Medical Center (UPMC) and Charles Hilton & Associates Law Firm have been sued related to a breach that exposed the PHI of 36,000 patients. - Proofpoint published report on Insider Caused Breaches: o $3.86 million is average total cost of an insider caused data breach o 30% of breaches a involve internal threat actoss 62% =...
Topic
Cybersecurity Updates
Cybersecurity Updates Capital One notified 100 million customers that their info was exposed after former Amazon Web Services (AWS) employee Paige Thompson posted data on GitHub after illegally accessing the info. HealthNet of California notified 1,236,902 patients that their PHI may have been exposed after cyberattack. Check Point Research is warning of a new malware that attacks Android based mobile devices Is in an app on Google Play store that entices users by offering free Netflix...
Topic
Cybersecurity Updates
Cybersecurity Updates Mandiant Security Software published results of 2020 breaches 25% increase in ransomware attacks 78% of ransomware attacks had dwell time of 30 days or less 1% had dwell time of 700 days or more 59% were detected internally Tenable Research published report More than 18,000 common vulnerabilities and exposures (CVEs) were reported in 2020, up 6% (this includes Ripple20 and others than impact some brands of printers and MFPs) 46% of breaches in healthcare were from...
Topic
Cybersecurity Update
HIPAA & Cybersecurity Updates - In an internal memo, the US Department of Justice outlined the creation of a new initiative to "pursue and disrupt" ransomware operations. include the takedown of command-and-control (C2) servers used to manage ransomware campaigns legal seizure of "ill-gotten gains" generated by such schemes. The American College of Emergency Physicians, headquartered in Irving, TX notified an unknown number of patients that their PHI may have been exposed after...
Topic
Cybersecurity Notes
The average ransom payment to ransomware operators is now $220,298, up 43% YoY, according to Coveware Security Reverb Inc. headquartered in Chicago, IL, notified an unknown number of users for its musical instrument marketplace website that their info may have been exposed during recent data breach. Sapphire Community Health of Hamilton, MT notified 4,000 patients that their PHI was stolen during recent ransomware attack. Centennial School District of Portland, Oregon notified 6,100 students...
Topic
Cybersecurity Notes
Colonial Pipeline Company, headquartered in Alpharetta, Georgia, was hit by ransomware and forced to shut down its fuel pipeline operation that spans 5,500 miles from Houston, TX to Linden, NJ. This may cause a further spike in gasoline cost. Judge Eldon E. Fallon sentenced Edward Tolliver of New Orleans, LA to 124 months in federal prison for making and selling fake credit cards using stolen identities he acquired from Dark Web sites. SmileDirectClub, headquartered in Nashville, TN,...
Topic
Cybersecurity News
Colonial Pipeline, headquartered in Alpharetta, Georgia suffered possible the most publicized ransomware attack in history: Pipeline was shutdown, causing gas prices to soar and gas stations to run out of gas in AL, AR, DC, DE, FL, GA, KY, LA, MD, MS, NJ, NY, NC, PA, SC, TN, TX and VA Company admitted it paid the hackers $5 million to get password to de-encrypt the network The DarkSide hacking group in Russia was responsible Brownsville Community Health Center of Brownsville, TX notified an...
Topic
Cybersecurity Updates
Cybersecurity Updates The federal Office for Civil Rights reports that it is aware of 34.4 million patient records that have been breaches in the past 12 months. The FBI announced that it has received more than 1 million cybercrime complaints over the past 14 months. Ascension Standish Hospital of Michigan notified an unknown number of patients that their PHI was exposed during a recent breach. Ascension St. Joseph Hospital of Tawas City, Michigan notified an unknown number of patients that...
Topic
Cybersecurity Updates
Cybersecurity Updates Bose Corp. of Framingham, Massachusetts, notified an unknown number of customers that their info was exposed after ransomware attack. $1.37 billion of transactions for stolen information were made in 2020 using the Russian dark web Hydra marketplace, according to Flashpoint Security. Trinity Health System of Logan, West Virginia notified “thousands” of patients that their PHI was exposed after security breach. Clover Park School District of Washington notified an...
Topic
Cybersecurity Updates
Cybersecurity Updates CVS Health, headquartered in Woonsocket, Rhode Island, may have inadvertently exposed over a billion PHI, impacting an unknown number of patients. Apparently left a online database on Internet without password protection exposing 204GB of medical data OSF HealthCare, headquartered in Peoria, Illinois, notified an unknown number of patients that their PHI apparently has been posted on Dark Web after being hit by the Xing ransomware hacking group. Coastal Family Health...
Topic
Cybersecurity Updates
Cybersecurity Updates Kaseya Software, headquartered in Ireland, with US headquarters in Miami, Florida, notified 1,500 companies that use its software, and it was attacked by ransomware o a result of an attack on its remote device management software o the REvil hacking group in Russia is asking for $70 million in ransom in exchange for a universal decryption tool Practicefirst Medical Management Solutions notified 1.2 million patients that their PHI was exposed after ransomware attack...
Topic
Cybersecurity Notes
Deep Dive published results of healthcare survey: 75% of hospitals, doctors and health systems are unprepared for cyberattacks that could compromise PHI of 500 patients or more 96% = believe hackers are trouncing security measures in place $134 billion will be spent on cybersecurity solutions in the U.S. healthcare industry over next 5 years $18 billion to be spent in 2021 82% do not believe that money is being spent effectively Funds destined for cybersecurity are routinely spent after the...
Topic
Cybersecurity Notes
Cybersecurity Denton County of Texas notified 1,286,106 patients that their PHI may have been exposed after it was inadvertently exposed online from a COVID-19 database. The FBI published a warning to businesses in the U.S. of an expected increase in ransomware attacks during upcoming holiday season. Beaumont Health of Michigan notified 1,500 patients that their PHI was exposed after cyber security incident. Tech Republic magazine reports that “Cybercriminals are holding schools ransom for...
Topic
Cybersecurity Notes
Central Texas Medical Specialists, aka Austin Cancer Centers, notified an unknown number of patients that their PHI was exposed after ransomware attack. The Alaska Department of Health & Social Services notified an unknown number of patients that their PHI was exposed after ransomware attack. Simon Eye, headquartered in Wilmington, Delaware, notified an unknown number of patients that their PHI was exposed after email phishing attack. The City of Mount Vernon in New York notified an...
Topic
Cybersecurity Notes
ReproSource of Massachusetts notified 350,000 patients that their PHI was exposed after ransomware attack. Jonathan Toebbe, a US Navy nuclear engineer, was arrested for allegedly attempting to sell top secret nuclear submarine designs to a foreign intelligence agency for $100,000 in bitcoin. Independent Health of Williamsville, New York notified 541 patients that their PHI was exposed after it was inadvertently emailed to “business partners” Mandiant Security published warning for healthcare...
Topic
Cybersecurity Notes
UF Health Central Florida of Leesburg, FL was sued by patients for negligence regarding a ransomware attack that exposed PHI or 700,000 patients The U.S. Department of Treasury reports that it has identified 177 cryptocurrency wallets associated and used by the top 10 ransomware gangs. $5.2 billion in potential ransom payments transacted Average ransomware payment of $102,273 The top ransomware operator, REvil of Russia, was shut down Unknown entity hijacked the payment portal The U.S.
Topic
Cybersecurity Notes
Deloitte published results of survey: 98% of C-suite executives have come across at least one cybersecurity event during last year 86% have noticed uptick in attacks 14% have no incident response plan 40% of healthcare organizations have not yet implemented an incident response plan 27% are most worried about actions of “well-meaning” employees who inadvertently allow hackers in 41% have implemented solutions to monitor staff use of network The federal Dept. of Health & Human Services...
Topic
Cybersecurity Notes
The US Cybersecurity and Infrastructure Agency (CISA) and the FBI published a warning that hackers see US holidays and weekends as a great time to launch attacks, including ransomware. 82% of healthcare organizations have experienced an IoT cyberattack in past 18 months, according to study conducted by Medigate and CrowdStrike. Oluwaseun Medayedupin of Nigeria was arrested for allegedly luring US companyemployees to deploy ransomware at the companies they work for. Was called a “partnership...
Topic
Cybersecurity Notes
Cybersecurity Updates Franciscan Alliance Health System of Indiana was sued by a former employee, Christina A. Padgett, who was terminated after illegally accessing PHI from the facility. CrowdStrike published new research on ransomware attacks: 45% of businesses admit to at least one such supply chain ransomware attack in last 12 months 84% concerned 3rd party attacks will become major cyber threat over next 3 years $1.55 million is average ransom payment to hackers 96% admitted that after...
Topic
Cybersecurity Notes
Cybersecurity Updates Anne Arundel Medical Center/Luminis Health of Maryland notified an unknown number of patients that their PHI was exposed after email phishing attack. South Georgia Medical Center of Valdosta, Georgia announced that a former employee was arrested for stealing PHI that affected an unknown number of patients. The International Committee of the Red Cross, headquartered in Switzerland, notified an unknown number of donors that their PHI was exposed after ransomware attack.
Topic
Cybersecurity Notes
Cybersecurity Spokane Health District of Washington notified an unknown number of patients that their PHI was exposed after email phishing attack. Welfare, Pension, and Annuity Funds of Local No. ONE I.A.T.S.E. of New York notified 20,579 patients that their PHI was exposed after email phishing attack. Loyola University Medical Center of Illinois notified 16,934 patients that their PHI was exposed after email phishing attack. Signature Healthcare Brockton Hospital of Massachusetts notified...
Topic
Cybersecurity Notes
The San Francisco 49ers NFL football team notified an unknown number of customers that their info may have been exposed after ransomware attack. Suncoast Skin Solutions of Florida notified 57,730 patients that their PHI was exposed after ransomwar attack. South City Hospital of St. Louis, Missouri, notified 21,601 patients that their PHI was exposed after server was stolen Colorado Department of Human Services notified 6,132 patients that their PHI after cyberattack. Sound Generations of...
Topic
Cybersecurity
The U.S. federal government is warning organizations that cyberattacks will increase due to the war in Ukraine. Fed gov warns healthcare industry that hackers are using the “Log4j” vulnerability in devices (including some printers and MFPs) to infiltrate networks. The federal Office for Civil Rights (aka HIPAA police) reported that it is aware of 2,304,607 patients that had their PHI exposed in 1/2022 due to breaches. 58% of organizations that have been hit with ransomware have paid the...
Topic
Cybersecurity
cybersecurity breaches in the news Ascension Michigan Health System notified 27,177 patients that their PHI was exposed after cyber attack. Duncan Regional Hospital (aka DRH Health) of Stephens County, Oklahoma, notified 92,000 patients that their PHI was exposed after ransomware attack. Norwood Clinics of Alabama notified 228,103 patients that their PHI was exposed after cyber attack. Bako Diagnostics, headquartered in Alpharetta, Georgia, notified 25,745 patients that their PHI was exposed...
Topic
Cybersecurity Notes
Denso Car Parts manufacturing notified an unknown number of customers that their info was exposed after ransomware attack. Protenus Security published results of US healthcare vertical breach data collected in 2021: 50,406,838 patients had their PHI exposed due to a breach, up 24% 75% of breaches caused by external hackers 13% caused by insiders Breaches were undiscovered for an average of 132 days 5% of all breaches involved paper medical records (print, copy, fax Verizon published...
Topic
Cybersecurity Notes
Ransomware report published by SonicWall: 67.6% of ransomware attacks are aimed at U.S. 421.5 million hits last year, up 98% Average of 2,170 ransomware attacks per customer 20 attempts per second Griggsville-Perry Public School District of Illinois notified an unknown number of students that their info may have been exposed online after ransomware attack. Suggested selling prices of offering a cyber security audit from ConnectWise: $100 for every router, server, switch and firewall $25 per...
Topic
Cybersecurity Notes
St. Joseph’s Healthcare Hamilton of Canada announced it has fired an employee for illegally accessing the PHI of at least 4 dozen patients. Val Verde Regional Medical Center of Del Rio, TX notified 96,000 patients that their PHI was exposed after ransomware attack. Spokane Regional Health District of Washington notified 1,260 patients that their PHI was exposed after second email phishing attack in past 3 month. Cancer and Hematology Centers of Western Michigan notified an unknown number of...