IBM X-Force: Healthcare Cyberattacks Doubled in 2020
Mar03

IBM X-Force: Healthcare Cyberattacks Doubled in 2020

A new report from IBM X-Force shows healthcare cyberattacks doubled in 2020 with 28% of attacks involving ransomware. The massive increase in healthcare industry cyberattacks saw the sector rise from last place to 7th, with the finance and insurance industry the most heavily targeted, followed by manufacturing, energy, retail, professional services, and government. Healthcare accounted for 6.6% of cyberattacks across all industry sectors in 2020. The 2021 X-Force Threat Intelligence Index report was compiled from monitoring data from over 130 countries and included data from more than 150 billion security events a day, with the data gathered from multiple sources including IBM Security X-Force Threat Intelligence and Incident Response, X-Force Red, IBM Managed Security Services, and external sources such as Intezer and Quad9. The most common way networks were breached was the exploitation of vulnerabilities in operating systems, software, and hardware, which accounted for 35% of all attacks up from 30% in 2019. This was closely followed by phishing attacks, which were the initial...

Read More
Microsoft Patches 4 Actively Exploited Flaws in Microsoft Exchange Server
Mar03

Microsoft Patches 4 Actively Exploited Flaws in Microsoft Exchange Server

Microsoft has released out-of-band security updates to fix four zero-day Microsoft Exchange Server vulnerabilities that are being actively exploited by a Chinese Advanced Persistent Threat (APT) group known as Hafnium. The attacks have been ongoing since early January, with the APT group targeting defense contractors, law firms, universities, NGOs, think tanks, and infectious disease research organizations in the United States. Exploitation of the flaws allows the attackers to exfiltrate mailboxes and other data from vulnerable Microsoft Exchange servers, run virtually any code on the servers, and upload malware for persistent access. Hafnium is a previously unidentified sophisticated APT group that is believed to be backed by the Chinese government. The group is chaining together the four zero-day vulnerabilities to steal sensitive data contained in email communications. While developing the exploits required some skill, using those exploits is simple and allows the attackers to exfiltrate large quantities of sensitive data with ease. While the APT group is based in China, virtual...

Read More
Roundup of Recent Healthcare Phishing and Malware Incidents
Mar02

Roundup of Recent Healthcare Phishing and Malware Incidents

A round up of recent healthcare privacy breaches that have been reported to the HHS’ Office for Civil Rights and state Attorneys General recently. Twelve Oaks Recovery Discovers Malware Infection and Data Theft Twelve Oaks Recovery, a Navarre, FL-based addiction and mental health treatment center, has discovered an unauthorized individual gained access to its network, installed malware, and stole documents from its systems. The attack was detected on December 13, 2020 when unusual network activity was detected. A forensic investigation confirmed malware had been deployed on December 13, and the following day data exfiltration was confirmed. A review of the documents obtained by the attacker revealed they contained the protected health information of 9,023 patients, and included names, addresses, dates of birth, medical record numbers, and Social Security numbers. Twelve Oaks Recovery has enhanced its network monitoring tools and taken steps to prevent similar breaches from occurring in the future. Rainbow Rehabilitation Centers Discovers Email Account Breach Rainbow Rehabilitation...

Read More
NSA Releases Guidance on Adopting a Zero Trust Approach to Cybersecurity
Mar02

NSA Releases Guidance on Adopting a Zero Trust Approach to Cybersecurity

The National Security Agency (NSA) has recently released new guidance to help organizations adopt a Zero Trust approach to cybersecurity to better defend against increasingly sophisticated cyber threats. Zero Trust is a security strategy which assumes that breaches are inevitable or have happened and an intruder is already inside the network. This approach assumes that any device or connection may have been compromised so it cannot be implicitly trusted. Continuous verification is required in real time from multiple sources before access is granted and for system responses. Adopting a Zero Trust approach to security means adhering to the concept of least-privileged access for every access decision and constantly limiting access to what is needed, with anomalous and potentially malicious activity constantly examined. “Zero Trust is a security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgement that threats exist both inside and outside traditional network boundaries,” explained the NSA in the guidance....

Read More
Universal Health Services Ransomware Attack Cost $67 Million in 2020
Mar01

Universal Health Services Ransomware Attack Cost $67 Million in 2020

2020 was a particularly bad year for healthcare industry ransomware attacks, with one of the worst suffered by the King of Prussia, PA-based Fortune 500 healthcare system, Universal Health Services (UHS). UHS, which operates 400 hospitals and behavioral health facilities in the United States and United Kingdom, suffered a cyberattack in September 2020 that wiped out all of its IT systems, affecting its hospitals and other healthcare facilities across the country. The phone system was taken out of action, and without access to computers and electronic health records, employees had to resort to pen and paper to record patient information. In the early hours after the attack occurred, the health system diverted ambulances to alternative facilities and some elective procedures were either postponed or diverted to competitors. Patients reported delays receiving test results while UHS recovered from the attack. UHS worked fast to restore its information technology infrastructure following the attack and worked around the clock to return to normal business operations; however, the...

Read More