Vulnerabilities in Mission Critical SAP Systems Actively Exploited by Multiple Threat Groups
Apr08

Vulnerabilities in Mission Critical SAP Systems Actively Exploited by Multiple Threat Groups

Researchers at security firm Onapsis have observed cybercriminals exploiting multiple vulnerabilities in mission-critical SAP systems. Since mid-2020, there have been more than 300 observed attacks exploiting one or more of six unpatched vulnerabilities. Vulnerabilities in SAP systems are highly sought after by cybercriminals due to the widespread use of SAP systems. SAP says 92% of the Forbes Global 2000 use SAP to power their operations, including the majority of pharmaceutical firms, critical infrastructure and utility companies, food distributors, defense contractors and others. Over 400,000 organizations use SAP globally and 77% of the world’s transactional revenue touches a SAP system. Onapsis reports critical SAP vulnerabilities are typically weaponized within 72 hours of patches being released. Unprotected SAP applications in cloud environments are often discovered and compromised in less than 3 hours. Despite the high risk of exploitation, many organizations are slow to apply patches. One of the vulnerabilities currently being exploited is 11 years old, while the others...

Read More
Orthopaedics Practice Discovers Year-Long Email Breach Affecting 125,000 Patients
Apr07

Orthopaedics Practice Discovers Year-Long Email Breach Affecting 125,000 Patients

The Centers for Advanced Orthopaedics has discovered multiple employee email accounts have been accessed by unauthorized individuals. The practice, which serves patients in Virginia, Maryland, and Washington DC, identified suspicious activity in its email system on September 17, 2020. Third party cybersecurity experts were engaged to assist with the investigation and determined several email accounts had been accessed by unauthorized individuals between October 2019 and September 2020. A review of the affected email accounts was conducted to determine the types of information that had been exposed and it was confirmed on January 25, 2021 that protected health information may have been viewed or acquired by cybercriminals. The email accounts contained information of patients, employees, and their dependents. Patient information was mostly restricted to names, dates of birth, diagnoses, and treatment information. A subset of patients also had one or more of the following data types stored in the account: Social Security number, driver’s license number, passport number, financial...

Read More
Third Party Data Breaches Reported by Apple Valley Clinic & BioTel Heart
Apr07

Third Party Data Breaches Reported by Apple Valley Clinic & BioTel Heart

Apple Valley Clinic in Minnesota has started notifying 157,939 patients that some of their protected health information was compromised in a ransomware attack on one of its information technology vendors. Apple Valley Clinic, which is part of Allina Health, used Netgain Technology LLC to host its information technology network and computer systems. In November 2020, Netgain was attacked with ransomware which took its data centers offline. Netgain notified Apple Valley Clinic on December 2, 2020 that patient data may have been compromised in the ransomware attack. Allina Health received confirmation on January 29, 2021 that patient information had been involved. The types of information compromised included names, dates of birth, bank account and routing numbers, Social Security numbers, patient billing information, and some medical information including symptoms and diagnoses. While several healthcare providers had PHI compromised, Apple Valley Clinic was the only Allina Health location to be affected. Apple Valley Clinic has since taken steps to improve information security,...

Read More
TigerConnect Named Leader in Telemedicine Software by GetApp
Apr06

TigerConnect Named Leader in Telemedicine Software by GetApp

TigerConnect, the market-leading leading provider of HIPAA-compliant clinical communication and collaboration solutions in healthcare, has been named a category leader in the 2021 GetApp software rankings. Every year, GetApp assesses a wide range of technology solutions to identify the top products on the market to help small- and medium-sized businesses choose the best software solutions to meet their needs. The Gartner company has been assessing business software solutions for the past 10 years to help SMBs make the right decisions on software that can solve problems, improve productivity and efficiency, and accelerate growth. Each software solution is assessed across five categories, based on unbiased ratings from genuine users of the solutions. The top-rated products are named as Leaders in their respective categories. Users of the products assess software solutions on ease of use, value for money, functionality, customer support, and the likelihood to recommend the software to friends, colleagues, and other businesses. This year, the TigerConnect communication and...

Read More
More Than 1.2 Million Health Net Members Affected by Accellion Cyberattack
Apr06

More Than 1.2 Million Health Net Members Affected by Accellion Cyberattack

Several healthcare organizations have recently confirmed they have been affected by the December 2020 Accellion cyberattack. The attack has been linked to the Clop ransomware gang, as its leak site was used to publish samples of data stolen in the attack, although ransomware is not believed to have been used. Accellion provided a file transfer solution that was used for transmitting files that were too large to be sent via email. In the case of Health Net, the platform was used for exchanging files with healthcare providers and others who support its operations. Health net reports that names, addresses, dates of birth, insurance ID numbers, and health information was obtained by the attackers. Accellion notified Health Net about the breach on January 25, 2021. Health Net has reported the breach as affecting 1,236,902 individuals across Health Net Community Solutions (686,556 individuals), Health Net of California (523,709 individuals), and Health Net Life Insurance Company (26,637 individuals). Trinity Health has recently alerted 586,869 patients that their PHI was compromised in...

Read More