The Porter Clinic of Ogden, Utah was forced to pay $100,000 to the Department of Health and Human Services Office for Civil Rights (aka HIPAA Police) after an investigation prompted by a breach exposed the fact that a HIPAA Risk Analysis was never conducted.
- The FBI stated that ransoms worth $144.35 million were paid between 1/2013 and 7/2019 to hackers.
- The City of Cartersville, GA notified an unknown number of citizens that their info may have been exposed during recent ransomware attack, and admitted to paying $380,000 in ransom to restore network.
- Hamilton County Sheriff’s Office in Tennessee notified an unknown number of citizens that their info may have been exposed after network crash.
- Interactive Medical Systems Corp. of Wake Forest, North Carolina and Brunswick County, NC notified an unknown number of patients that their PHI may have been exposed after an email phishing attack.
- Railworks Corp., headquartered in New York City, NY notified an unknown number of employees and customers that their info may have been exposed after ransomware attack.
- TBK Bank of Texas notified an unknown number of customers that their info may have been exposed during recent ransomware attack.
- La Salle County government office in Texas notified an unknown number of citizens that their info may have been exposed after ransomware attack.
- UPMC (University of Pittsburgh Medical Center) in Susquehanna, PA lost a court case where it tried to convince a Lycoming County judge to dismiss a lawsuit filed against the hospital, after one of its employees was caught illegally accessing PHI of patients.
- Researchers at Avira, announced they have found a flaw in internet security cameras that lets hackers snoop on users' video feeds and even hijack the device to scan a network for other holes
- Riverview Health of Noblesville, IN notified 2,610 patients that their PHI was exposed due to direct mail error.
- Microsoft reports on ransomware:
o Average ransom demand for REvil ransomware attack = $260,000
o Wadhrama ransomware uses ‘smash and grab” attack with ransom demands made within one hour of infiltration into network, and also conducts reconnaissance within the network
Hackers charges up to $18,268 per device compromised
o Parinacota ransomware uses RDP (remote desktop protocol) brute force attack to enter network, scanning for vulnerable devices
- Walgreens is informing customers that their PHI may have been exposed when its pharmacy app was breached
o app is used by tens of millions of individuals — the Android application has over 10 million installs and the iOS app has over 50 million.
- Quest Diagnostics announced it has agreed to a $195,000 class action settlement
o will resolve claims that a 2016 data breach compromised the PHI of 34,000 patients.
- Four Queens Casino and Binion’s Casino in Las Vegas notified an unknown number of customers that their info may have been exposed after ransomware attack.
- The Hillsboro R-3 School District in Missouri notified an unknown number of students that their PHI was exposed after an employee illegally accessed the info.
- New ransomware called PwndLocker has started targeting the networks of businesses and local governments with ransom demands over $650,000
o when executed PwndLocker will attempt to disable a variety of Windows services using the 'net stop' command so that their data can be encrypted.
- Arkansas Children's Hospital notified an unknown number of patients that their PHI may have been exposed after a cybersecurity threat
- The FDA stated that the new SweynTooth malware could attack certain medical devices that use Bluetooth Low Energy.
- Ponemon Institute and Keeper Security publish new report
o 53% have responded to cyberthreats in the last 12 months
o "Electronic health records are some of the most lucrative documents on the dark web, so it's not surprising that the healthcare industry is highly-targeted by cybercriminals"
o "While the majority of healthcare organizations have already experienced a cyberattack, this research shows the industry still doesn't have the necessary resources and budget allocated to preventing and responding to major data breaches."
o The average data breach results in more than 7,000 patient and employee records being lost or stolen
o average cost of a data breach is $1.8 million, which represents the disruption costs of normal operations
o 33% of healthcare organizations believe that they have a sufficient budget to support IT security
o 87% reported that their organizations don't have the personnel needed to achieve an effective cybersecurity position
o 66% agreed that passwords are an important aspect of preventing cyberattacks
o 51% don't have visibility into employee password practices
o 49% have a plan for how to respond to a cyberattack
o 90% dedicated less than 20% of their IT budgets to cybersecurity
average of 13% percent allocated
- The US Justice Department charged an employee of the Defense Department, Mariam Taha Thompson, with sharing classified information with Hezbollah terrorist group, including names of those spying for the U.S.
- Princess Cruises and Holland America notified an unknown number of customers that their info may have been exposed during recent email phishing attack.
- CrowdStrike published threat report
o Malware-free or fileless techniques accounted for 51% of attacks last year
o hackers turn to stolen credentials to breach corporate networks
o increased attacks from threat actors such as those from China and North Korea
o hackers on average require 9 hours to infiltrate network
o after detecting a breach, businesses take 37 hours on average to investigate and contain the attack
Original Post