Skip to main content

Cybersecurity Updates



  • CVS Health, headquartered in Woonsocket, Rhode Island, may have inadvertently exposed over a billion PHI, impacting an unknown number of patients.
    • Apparently left a online database on Internet without password protection exposing 204GB of medical data
  • OSF HealthCare, headquartered in Peoria, Illinois, notified an unknown number of patients that their PHI apparently has been posted on Dark Web after being hit by the Xing ransomware hacking group.
  • Coastal Family Health Center, headquartered in Mississippi, notified an unknown number of patients that their PHI apparently has been posted on Dark Web after being hit by the Xing ransomware hacking group.
  • Five Rivers Health Centers of Ohio notified 156,000 patients that their PHI was exposed after an email phishing attack.
  • Sky Lakes Medical Center of Oregon notified an unknown number of patients that their PHI was exposed after being hit by Ryuk ransomware hacking group.
  • Sol Oriens Corp. of Albuquerque, New Mexico, a nuclear weapons subcontractor, notified an unknown number of customers that their info may have been exposed after being hit by REvil aka Sodinokibi ransomware hacking group.
  • Cancer Centers of Southwest Oklahoma notified 8,000 patients that their PHI was exposed after ransomware attack.
  • The Federal Communications Commission is warning hospitals about hacking groups hitting them with robocalls:
    • Robocallers use spoofed caller ID to trick hospital staff into thinking it is a real patient calling
    • Try to obtain PHI
    • Or demand ransom to stop the bombardment of calls
  • Survey conducted by Software Advice claims that 20% of the U.S. population is aware that their PHI has been exposed after a breach.
  • Ransomware report published by Cybereason:
    • 81% are highly concerned about ransomware
    • 27% do not have a specific plan in place to manage attack
    • 58% are not sure they have the right people in place
    • 32% lost some executives as result of attack
    • 53% lost brand value after attack
    • 66% suffered significant loss of revenue
    • 42% said cyber insurance did not cover all costs
    • 29% forced to lay off employees as a result
    • 80% had second attack after paying ransom
  • Trinity Health System Twin City Hospital in Ohio notified 9,500 patients that their PHI was exposed after ransomware attack.
  • Stillwater Medical Center of Oklahoma notified an unknown number of patients that that PHI was exposed after ransomware attack.
  • Superior Health Plan, headquartered in Austin, TX, notified 2,781 patients that their PHI that their PHI was exposed after cyberattack.
  • Researchers at Ruhr University of Germany are warning of a new type of hacking attack that could exploit misconfigurations in TLS servers.
  • Could redirect HTTPS traffic from a web browser to a different endpoint allowing hackers to steal info.
    • Named the attacks ALPACA, short for application layer protocol confusion
  • Northwest Congenital Heart Care of Renton, WA, notified 1,166 patients that their PHI was exposed after theft of an external hard drive.
  • Chainalysis reports that ransom payments from companies to hackers increased 341% to a total of $412 million during 2020.
  • Chiropractic Economics magazine reported on ransomware:
    • 2-4 chiropractors are hit by ransomware per week
    • Average cost to solve ransomware attack is $158,000
  • Southwest Airlines delayed or cancelled hundreds of flights during the past week due to “network issues”
  • Peloton is notifying uses of its exercise bikes that McAfee found that hackers can remotely access the bike’s camera and microphone and monitor users
    • Hackers can also add apps to control panel disguised at Netflix and Spotify to trick users to enter their login and password, which is then used to steal info
  • South Texas Health System notified an unknown number of patients that their PHI may have been exposed after a report was mistakenly sent via email to wrong destination.
  • Lightfoot, Franklin & White Law Firm of Birmingham, Alabama notified an unknown number of clients that their info may have been exposed after ransomware attack.
  • Reproductive Biology Associates of Atlanta, Georgia notified 38,538 patients that their PHI was exposed after ransomware attack.
  • Carnival Cruises, headquartered in Miami, FL, notified an unknown number of customers that their info may have been exposed after data breach.
  • St. Joseph’s/Candler Health of Savannah, Georgia notified an unknown number of patients that their PHI was exposed after ransomware attack.
  • San Juan Regional Medical Center of New Mexico notified 68,792 patients that their PHI was exposed after ransomware attack.
  • First American Financial Corp., headquartered in Santa Ana, CA,was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years.
  • This week, the U.S. Securities and Exchange Commission settled its investigation into the matter after the Fortune 500 company agreed to pay a paltry penalty of less than $500,000.
  • Judson Independent School District of Live Oak, Texas, notified an unknown number of students that their info was exposed after ransomware attack.
  • Coastal Medical Group of Old Bridge, new Jersey has notified an unknown number of patients that their PHI was exposed after ransomware attack.
  • Jones Family Dental of Ashland, Oregon is notifying an unknown number of patients that their PHI may have been exposed after cyber attack.

If you like something I've posted please feel free to click the "like" button!

Last edited by Art Post
Original Post

Add Reply

Post
×
×
×
×
Link copied to your clipboard.
×
×