HIPAA & Cybersecurity Updates - Top three actions over next 2 years for Healthcare CIOs regarding security survey:
- 50% = identify opportunities for performance improvements and cost savings
- 42% = providing training for staff
- 39% = developing and hiring the correct skill sets
The North Dakota Department of Health and Cavalier County Health notified 35,316 patients that their PHI was exposed after email phishing attack
Tri-State Specialists of Iowa, South Dakota and Nebraska notified 17, 500 patients that their PHI was exposed after email phishing attack
All Pro Sports notified 3,429 users of DJO Mobility Products of Lewisville, TX that their PHI was exposed after email phishing attack.
Northwest Eye Surgeons/Sight Partners of Seattle, WA notified 20,838 patients that their PHI was exposed after cybersecurity breach
University of California-San Francisco (UCSF) School of Medicine notified an unknown number of patients that their PHI was exposed after cyberattack.
HackerOne, headquartered in San Francisco, CA, who organizes bug bounty events to have hackers get paid for finding vulnerabilities, reported:
- 9 hackers have earned more than $1 million each for their work
- 13 hackers have earned at least $500,000
- 146 hackers have earned at least $100,000
- $40 million has been paid out in 2019
- $3,650 = average bounty paid for critical vulnerability found
- $979 = average amount paid per vulnerability
- Google has paid out $21 million since 2010
Dr. Spyros Panos, previously convicted of stealing PHI, plead guilty to committing fraud a second time:
- Agreed to forfeit $876,389.97 and pay restitution
- Will be sentenced on 3/16/2020 in New York
Northampton Public Library of Pennsylvania notified an unknown number of patrons that their info may have been exposed after ransomware attack
Mercy Iowa City Hospital of Iowa notified 60,473 patients that their PHI was exposed after email phishing attack
Morphisec Security is warning customers in higher education vertical in the U.S. of the Jupyter malware from Russia, that attempts to open a backdoor into network, and steal valuable information and passwords to sell on the Dark Web
Schneider Electric is warning customers of its Trio Data Radio wireless communication mdevices that they are vulnerable to be hacked by the Drovorub malware from Russia
Area 1 Security is warning businesses in the U.S. of new TrickBot botnet email phishing campaign. If successful, the hackers deploy the following malware to take over networks and/or steal valuable info:
- Bazar backdoor
- Buer loader
- Ryuk ransomware
The University of Cincinnati Medical Center in Ohio has agreed to a $65,000 settlement and a corrective action penalty with the Office for Civil Rights to resolve a potential violation of the HIPAA Privacy Rule’s right of access standard.
Akropolis has offered the hacker who stole $2 million in Dai cryptocurrency a “bug bounty” reward in return for the missing funds.
University of Maryland researchers discovered that it is possible to install malware to convert a smart vacuum cleaner, like the Roborock, into a remotely controlled microphone to record nearby conversations.
The Delaware Division of Public Health notified an unknown number of patients that their COVID-19 test results and PHI may have been exposed after an email security event.
DataBreaches.net reported that operators of the Egregor ransomware sometimes use a feature that forces attacked networks to print out ransom notes to printers and MFPs that are attached to the affected network.
Consumer Watchdog reported that it has developed a method in which it can hack into a Tesla car, and take over its operation.
The Wash Tub Company, with car wash locations in San Antonio, TX area, notified an unknown number of customers that their info was exposed after payment card breach.
Pluto TV, headquartered in Los Angeles, CA, notified 3.2 million subscribers that their info was exposed after ransomware attack.
Timberline Billing Services of Des Moines, Iowa, notified 116,000 patients that their PHI was exposed after ransomware attack.