Cybersecurity Update -
Fortified Health Security reports that malicious attackers caused 60% of healthcare data breaches so far this year.
- Children’s Hospital of Colorado, located in Aurora, notified 2,553 patients that their PHI was exposed after an email phishing attack.
- Interpol reports that from January to April, it detected the following tied to COVID-19 topics:
o 907,000 spam messages
o 737 malware incidents
o 48,000 malicious URLs
- Becker’s Health IT magazine reports that 1,101,829 patients had their PHI exposed due to breaches in the month of July, 2020
- Dallas County Hospital District of Texas notified an unknown number of patients that used a satellite COVID-19 testing center in a Salvation Army Office parking lot, that their PHI may have been exposed after a burglary.
- McAfee Security reports that the operators of NetWalker ransomware have earned more than $25 million from ransom payments since March of 2020.
- Sky-Go Security reports that Chinese hackers have found way to hack into the new Mercedes Benz E-Class automobiles.
- Malwarebytes published new report:
o Consumer threat detections down 2%
o Business threat detections up 13%
o Ryuk ransomware detections up 543%
o Sodinokibi ransomware detections up 820%
o North America had 48% of all detections, with 24 million
o Business endpoint detections (which includes printers/MFPs) up 52%
- Oxford University researchers claim that hackers can access content from anyone using satellite Internet service provider (i.e. StarLink, HughesNet, etc.)
o One of the reasons this is possible is because when data is being transferred
across satellite broadband communications by ISPs, it isn't encrypted because
that's the fasted way to transmit the data over vast distances
o able to intercept traffic using a $90 satellite dish and a $200 digital video
broadcasting satellite tuner – both available second hand online.
- City of Lafayette, Indiana, notified an unknown number of citizens that their info may have been exposed after being hit by ransomware, and admitted it paid the hackers $45,000 to restore systems.
- The University of California – San Francisco admitted that it paid the Netwalker hacking group $1.14 million to restore its systems after ransomware attack on its School of Medicine.
- Blacklist Alliance, headquartered in Carlsbad, CA, notified an unknown number of customers that it inadvertently exposed their info on a publicly accessible website.
- Arizona State University research shows that:
o Email phishing campaigns take 21 hours on average
o Phishing victims experience a fraudulent transaction 5 days after attack
- Twitter informed customers that a vulnerability in its Android app could have been exploited by malicious applications to access private data.
- Mitsubishi Electric-made factory automation products have 3 security vulnerabilities that can be exploited by hackers, according to CISA.
- Muskingum Valley Health Center of Ohio notified more than 7,000 patients that their PHI was exposed after ransomware attack.
- Kaspersky Security reports that Oilrig, a hacking group in Iran, is now using DNS (domain name system)-over-HTTPS (hypertext transfer protocol secure) in its attacks.
o Creates covert communication channels by funneling data and hiding it inside non-standard protocols
- Zello Inc., announced an unknown number of customers that its push-to-talk app was breached, exposing their info.
- Jamf Inc. reports that hackers can deliver malware to macOS systems using a Microsoft Office document containing macro codes.
- FHN Memorial Hospital of Freeport, IL notified an unknown number of patients that their PHI was exposed after email phishing attack.
- HHS' Office of Civil Rights (i.e. HIPAA police) has opened an investigation at UPMC Susquehanna over a 2018 incident in which an employee wrongfully accessed another employee's medical record, according to PennLive.com.
- Schools in the Community School Corporation of Southern Han**** County
District in Indiana notified an unknown number of students that their info may have been exposed after cyber attack
- Scholarship America, headquartered in Minneapolis, MN, notified an unknown number of students that their info may have been exposed after a hack involving Microsoft Office 365 accounts.
- Capital One, headquartered in Virginia, has agreed to pay an $80 million fine to U.S. regulators over a major hacking incident last year in which authorities say about 100 million credit card applications were illegally accessed.
- Hudson ISD of Lufkin, TX notified an unknown number of students that their info may have been exposed after website was hacked.
- The State of Kentucky’s Office of Unemployment Insurance notified an unknown number of citizens that their info may have been exposed after suffered its second data breach in four months after a claimant reported being able to view another claimant's personal data.
- Boyce Healthcare Technologies of Long Island City, NY, a maker of ventilators,
notified an unknown number of customers that their info may have been exposed after ransomware attack.
- Highpoint Foot and Ankle Clinic in Chalfont, PA notified 25,554 patients that their PHI may have been exposed after ransomware attack.
- Moderna Corp. of Cambridge, Mass, reported that it has targeted by hackers who were looking for COVID-19 vaccine data.
- CheckPoint Security is warning user of devices that run Android OS, that also use the Qualcomm Snapdragon processor of a major security vulnerability
o “are essentially gateways for attackers to get control over Android devices”
o found more than 400 vulnerabilities
o potential hacker could create a malicious app that exploits these vulnerabilities to bypass the usual security checkpoints and take data, including photos, videos and location information.