Cybersecurity Update
WeWork revealed that an employee discovered that if users entered “9999” on the network, they could print out other people’s jobs, whilewww.thinkarcoa.com using free office WiFi account. This has since been corrected.
The FBI is reporting that a Eastern European hacking group named “UNC1878” aks Wizard Spider, is using Ryuk ransomware to target hospitals in the U.S.NBC *News is reporting that 20 hospitals have been struck so far.
Wakefern Food Corp., headquartered in Keasbey, NJ, owner of ShopRite supermarkets, agreed to pay $235,000 to the State of New Jersey, to settle HIPAA and NJ Consumer Fraud violations as a result of a breach that exposed PHI of pharmacy department customers.
Abbott Laboratories Corp., headquartered in Chicago, IL, filed a lawsuit against former employee, Jerome Cavel, accusing him of stealing confidential info and trade secrets.
Mary Rutan Hospital of Bellefontaine, Ohio, notified an unknown number of patients that their PHI was exposed after it was inadvertently posted in Excel spreadsheet in publicly accessible website.
Sisters of Charity Health System, headquartered in Cleveland, OH, hotified 118,874 patients that their PHI was exposed after cyber attack.
Presbyterian Health, headquartered in Albuquerque, NM, notified 193,223 patients that their PHI was exposed after cyber incident.
Microsoft is reporting that over 100,000 computers remain affected by the Windows vulnerability known as SMBGhost, even though a patch is available.
The Maze ransomware gang sent out announcement that it is shutting down its operations. (group started in 2019, so has it collected enough ransom from customers that perpetrators can now retire?)
Coveware Security reports that in most cases, even if customer pays the hacker the ransom, the hacker still publishes the data on Dark Web to monetize. Other reports:
o Average ransom paid up 31% to $233,817
o 70% of ransomware victims have less than 1,000 employees
o Average days of downtime up 19% to 19 days
River Hospital of Alexandria, New York notified an unknown number of patients that their PHI was exposed after ransomware attack.
The Alamance Skin Center of Burlington, North Carolina, part of the Cone Health system, notified an unknown number of patients that their PHI was exposed after ransomware attack.
The Geo Group, headquartered in Boca Raton, Florida, which operates private prisons and detention centers around the U.S., notified an unknown number of prisoners that their PHI was exposed after ransomware attack.
Club Fitness, headquartered in St. Louis, Missouri, notified an unknown number of members that their info was exposed after ransomware attack.
- Riverside Psychiatric Medical Group of California agreed to pay HIPAA fine of $25,000 after withholding a woman’s PHI for 20 months.
HP reports a 1200% increase during Q3 of Emotet malware attacks in the U.S.
o Can convince users to run a malicious Microsoft Word document emailed to them
The University of Vermont Health Network called on the National Guard to assist their IT team recover from a ransomware attack.
Check Point Security is reporting that one hacking group has compromised the VoIP networks of almost 1, 200 organizations.
California voters approved the California Privacy Right Act (CPRA)
o Increased rights of citizens to know what kind of data bsuinesses have on them
o Restricts sale of data
o Forces businesses to correct inaccurate info
o Prohibits businesses’ retention of personal info for longer then reasonably necessary
o Triples the maximum penalties for violations involving people under 16