Cybersecurity Updates
The Foundation Surgical Hospital of San Antonio, TX notified an unknown number of patients that their PHI was exposed after it was inadvertently made accessible on a public website.
- The federal government is warning healthcare organizations of a new fraud attempt where facilities are receiving bogus postcards with info about a mandatory HIPAA compliance risk assessment
o Postcards direct people to a fake website in attempt to steal info
- Premier Health of Ohio notified an unknown number of patients that their PHI was exposed after an email phishing attack.
- Imperial Valley College of California notified an unknown number of students that their info may have been exposed after ransomware attack.
- Ashley County Medical Center of Crossett, Arkansas notified 772 patients that their PHI was exposed after a former employee accessed the info for malicious purposes.
- Piedmont Orthopedic Clinic/OrthoAtlanta of Georgia notified an unknown number of patients that their PHI was exposed after ransomware attack.
- Allergy and Asthma Clinic of Fort Worth, TX notified 69,777 patients that their PHI was exposed after hacking incident.
- Breitbart News is reporting that Antifa anti-police terrorists have hacked the following police departments to “Dox” their employees:
o Los Angeles Police Department
o LA County Sheriff’s Office
o Maryland’s Department of Public Safety and Correctional Services
o Minneapolis Police Department
o Santa Monica Police
o Long Beach Police
o California Highway Patrol
HP published report on security issues in healthcare vertical with following facts:
o 23% of breaches involved paper records
o 18% of companies monitor printers/MFPs for threats
o 82% of healthcare customers have dealt with cybersecurity attacks on IoT
devices
o 3 times more incidents in healthcare than other verticals in 2019
o $17 billion was total cost of all healthcare breaches in 2019
o 85% do NOT maintain audit logs of printers/MFPs
o 69% have no antimalware protection on printers/MFPs
o 55% of printers/MFPS lack security settings
o 86% do not have encryption for printers/MFPs
o 60% do not use passwords
o 50% have not printer/MFP security management
- InMotionNow Software of Morrisville, North Carolina, notified several of its customers that it had inadvertently exposed private information after it was left in unsecure cloud storage site:
o Brotherhood Mutual
o Kent State University
o Purdue University
o Potawatomi Hotel & Casino of Milwaukee, WI
o Zagg Consumer Electronics
o Freedom Forum Institute
o Myriad Genetics
o Performance Health
- Olympia House Rehab Clinic of Petaluma, CA notified an unknown number of patients that their PHI was exposed after ransomware attack.
- The Center for Fertility and Gynecology in Tarzana, CA notified an unknown number of patients that their PHI was exposed after ransomware attack.
- Researchers from GitHub and Micro Focus Fortify published report warning users of security vulnerabilities allowing hackers to achieve remote code execution:
o Microsoft SharePoint
o Altassian Confluence
o Alfresco
o dotCMS
- Bleeping Computer magazine is warning of a new Russian ransomware gang known as “Avaddon” is now attacking organizations in the U.S. and other countries.
o Also reporting that RedCurl is another new Russian hacking group targeting
companies in the U.S.
- Adit Inc., a medical software provider, headquartered in New York City, NY, notified an unknown number of firms that 3.1 million records were inadvertently exposed on a public website, and may have been stolen by malicious actors.
- The FBI sent out an alert warning U.S. firms of an Iranian hacking group, named “Fox Kitten aka Parisite”, that it attacking high-end F5 computer networking devices.
- Char49 Security is reporting that the Find My Mobile feature of Samsung smartphones can be used by hackers to intercept communications.
- The SANS Cybersecurity Training Organization notified an unknown number of members that their info may have been exposed after email phishing attack.
- Wall Street Journal reported that TikTok enabled its Android app to collect millions of users’ unique identifiers for at least 15 months. TikTok is controlled by Chinese government.
- The FBI and NSA published joint security alert containing details about a new strain of Linux malware that was developed by Russian hacking group, APT28, aka Fancy Bear or Sednit
o named Drovorub, is being used to plant backdoors inside hacked networks
o allows the attacker to perform many different functions, such as stealing files and remote controlling the victim's computer
- Tyler C. King, age 31, of Dallas, Texas, was sentenced by Judge Tom McAvoy to 57 months in prison for hacking into of a New York-based technology company and stealing information to resell.
- Check Point Security reported that an exploit in Amazon’s Alexa voice platform can give attackers access to users’ personal information, speech histories, and Amazon accounts.
- C1 Security published new report on healthcare data breaches:
o The number of HHS breach reports from healthcare organizations is down 10.4% in the first half of 2020, compared to the second half of 2019
o number of reported breached records is down nearly 83%.
o total of 3.8 million individual records were breached through hacking and IT
incidents
o Rite Aid, headquartered in Camp Hill, PA, notified 9,200 patients that their PHI
was exposed when some of its locations were looted by rioters in several cities in the U.S.
- BioTel Heart, headquartered in Malvern, PA, notified 61,000 patients that their PHI was exposed after it was inadvertently left exposed online.
- Northern Light Health of Brewer, Maine notified 657,000 people that their info was exposed after its Northern Light Health Foundation fundraising firm had its database exposed.