Patients Notified of Phishing Attack at Cheyenne Regional Medical Center
Dec12

Patients Notified of Phishing Attack at Cheyenne Regional Medical Center

Cheyenne Regional Medical Center in Wyoming has recently learned that patient information may have been compromised as a result of a phishing attack discovered in April. The medical center was alerted to a potential security breach following the detection of suspicious activity related to employee payroll accounts on or around April 5, 2019. Around a week later, the medical center leared that employee email accounts had been compromised. The investigation revealed the attackers had gained access to employee email accounts between March 27, 2019 and April 8, 2019. The aim of the attack appears to have been to access employee payroll information, although patient information contained in email accounts may also have been accessed. The types of information potentially accessed varied from patient to patient and may have included names, dates of birth, Social Security numbers, driver’s license numbers, dates of service, provider names, medical record numbers, patient identification numbers, medical information, diagnoses, treatment information, and health insurance information. A very...

Read More
Ryuk Ransomware Decryptor Bug May Result in Permanent Data Loss
Dec11

Ryuk Ransomware Decryptor Bug May Result in Permanent Data Loss

Cybersecurity firm Emsisoft has issued a warning about a recently discovered bug in the decryptor used by Ryuk ransomware victims to recover their data. A bug in the decryptor app can cause certain files to be corrupted, resulting in permanent data loss. Ryuk ransomware is one of the most active ransomware variants. It has been used in many attacks on healthcare organizations in the United States, including DCH Health System in Alabama and the recent attack on the IT service provider Virtual Care Provider. Ryuk ransomware is distributed in several ways. Scans are conducted to identify open Remote Desktop Protocol ports, brute force attacks on RDP are also conducted, and the ransomware is downloaded by exploiting unpatched vulnerabilities. Ryuk ransomware is also installed as a secondary payload by Trojans such as TrickBot. There is no free decryptor for Ryuk ransomware, so recovery depends of whether viable backups have been made, otherwise victims must pay a sizeable ransom for the keys to decrypt their files. When Ryuk ransomware victims pay the ransom, they are provided with a...

Read More
Phishing Attacks Reported by Sunrise Community Health and Katherine Shaw Bethea Hospital
Dec11

Phishing Attacks Reported by Sunrise Community Health and Katherine Shaw Bethea Hospital

Evans, CO-based Sunrise Community Health has discovered the email accounts of several employees were compromised as a result of employees responding to phishing emails. The email accounts were accessed by unauthorized individuals between September 11, 2019 and November 22, 2019. Assisted by third party computer forensics experts, Sunrise Community Health determined on November 5, 2019 that the compromised email accounts contained the protected health information of certain patients. The types of data present in the email accounts varied from patient to patient and may have included names, dates of birth, Sunrise patient ID numbers, Sunrise provider names, dates of service, types of clinical examinations performed, the results of those examinations, diagnoses, medication names, and names of health insurance carriers. Sunrise Community Health does not believe the aim of the attack was to obtain patient information, but the possibility of unauthorized data access and data theft could not be ruled out. The attackers appeared to be targeting invoice and payroll information. The...

Read More
Adstream Confirmed as HIPAA Compliant by Compliancy Group
Dec11

Adstream Confirmed as HIPAA Compliant by Compliancy Group

Compliancy Group has announced that the global advertising technology and services provider, Adstream, is fully compliant with the Health Insurance Portability and Accountability Act (HIPAA) and has implemented an effective HIPAA compliance program. Adstream helps brands and agencies create, optimize, store, and distribute content. The Adstream platform is an all-in-one digital asset management and ad delivery platform that is connected to publishers, broadcasters, and social media networks. More than 6,000 agencies, brands, and companies use Adstream’s cloud-based software to view the entire advertising process, from production to distribution. The ad delivery network is the largest of its kind and includes more than 100,000 media destinations in over 140 countries. Adstream wanted to expand its client base and start serving healthcare organizations. In order to do so, the company first needed to implement policies, procedures, and safeguards to ensure the confidentiality, integrity, and availability of healthcare data and met its responsibilities under HIPAA as a business...

Read More
Deadline for Upgrading Windows 7 Devices is Fast Approaching
Dec10

Deadline for Upgrading Windows 7 Devices is Fast Approaching

Healthcare organizations still using Windows 7 and Windows 2008 only have a few days to upgrade the operating systems before Microsoft stops providing support. Support for both operating systems will come to an end on January 14, 2020. From January 14, 2020, no more patches and updates will be released by Microsoft so the operating system will potentially be vulnerable to attack. Cyberattacks are unlikely to start the second support is stopped, but any vulnerabilities in the operating system discovered after January 14 will remain unaddressed. Exploits could therefore be developed to exploit Windows 7 flaws and through those compromised devices, attacks could be launched on other devices on the network. As the number of vulnerabilities grow, the risk of a cyberattack will increase. According to Forescout the healthcare industry has the largest percentage of Windows 7 devices of any industry. A report earlier this year suggested 56% of healthcare organizations are still using Windows 7 on at least some devices and 10% of devices used by healthcare organizations are running Windows 7...

Read More