Five Eyes Intelligence Alliance Warns of Increase in Cyberattacks Targeting Managed Service Providers
The Five Eyes intelligence alliance, which consists of cybersecurity agencies from the United States, United Kingdom, Australia, New Zealand, and Canada, has issued a joint alert warning about the increasing number of cyberattacks targeting managed service providers (MSPs). MSPs are attractive targets for cybercriminals and nation-state threat actors. Many businesses rely on MSPs to provide information and communication technology (ICT) and IT infrastructure services, as it is often easier and more cost-effective than developing the capabilities to handle those functions internally. In order to provide those services, MSPs require trusted connectivity and privileged access to the networks of their clients. Cyber threat actors target vulnerable MSPs and use them as the initial access vector to gain access to the networks of all businesses and organizations that they support. It is far easier to conduct a cyberattack on a vulnerable MSP and gain access to the networks of dozens of businesses than to target those businesses directly. When MSP systems are compromised, it may take...
Bill Introduced that Seeks to Improve Medical Device Cybersecurity
A new bill has been introduced that seeks to address the cybersecurity of medical devices that will require manufacturers of medical devices to meet certain minimum standards for cybersecurity for the entire lifecycle of the products. The medical device cybersecurity provisions of the bill – H.R. 7667 Food and Drug Amendments of 2022 – call for device manufacturers to “have a plan to appropriately monitor, identify, and address in a reasonable time postmarket cybersecurity vulnerabilities and exploits, including coordinated vulnerability disclosure and procedures,” and to “design, develop, and maintain processes and procedures to ensure the device and related systems are cybersecure.” The processes and procedures should include making “updates and patches available to the cyber device and related systems throughout the lifecycle of the cyber device.” Those patches and updates are required on a reasonably justified regular cycle to address known vulnerabilities, and, as soon as possible out of cycle, to address critical vulnerabilities that could cause uncontrolled...
Misconfigured AWS S3 Bucket Exposed Sensitive Data of Breast Cancer Patients
Researchers have identified a misconfigured AWS S3 bucket belonging to the Ardmore, PA-based breast cancer support charity, Breastcancer.org, The unsecured AWS bucket was identified by SafetyDetectives who discovered hundreds of thousands of files had been exposed over the Internet. The S3 bucket contained detailed exchangeable image file (EXIF) data, over 350,000 files, and more than 300,000 post images. In total, around 150GB of data had been exposed. The S3 bucket included more than 50,000 registered users’ avatars, many of which were images of registered users. The avatars could be used in conduction with the EXIF data to identify users. The bucket contained nude images of patients, and some of the files included detailed information about users’ medical test results. While contact information for individuals was not exposed, there is potential for abuse of the information. The exposed S3 bucket was identified by the researchers on November 11, 2021, and could be accessed by anyone over the Internet without the need for authentication. After determining that the data belonged...
HC3 Highlights Trends in Ransomware Attacks on the HPH Sector
The tactics, techniques, and procedures (TTPs) used by ransomware and other cyber threat actors are constantly evolving to evade detection and allow the groups to conduct more successful attacks. The TTPs employed in the first quarter of 2022 by ransomware gangs have been analyzed and shared by the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3). In Q1, 2022, the majority of ransomware attacks on the Healthcare and Public Health Sector (HPH) were conducted by five ransomware-as-a-service groups. LockBit 2.0 and Conti each accounted for 31% of attacks, followed by SunCrypt (16%), ALPHV/BlackCat (11%), and Hive (11%). The financially motivated threat groups FIN7 and FIN12 have also shifted their activities and have moved to ransomware operations, with FIN7 working with ALPHV and FIN12 extensively involved in attacks on the HPH sector. FIN12’s involvement has decreased the timescale for conducting attacks from 5 days to 2 days. Ransomware gangs often work with initial access brokers (IABs) that specialize in gaining access to...
Class Action Lawsuits Filed Against Partnership Health Plan & Oregon Anesthesiology Group over Ransomware Attacks
Class action lawsuits have recently been filed against Partnership Health Plan in Northern California and Oregon Anesthesiology Group in response to ransomware attacks and the theft of sensitive patient/plan member data. Partnership Health Plan of California Partnership HealthPlan of California (PHC) is a non-profit community-based healthcare organization that serves over 550,000 Medi-Cal beneficiaries in Northern California. In March 2022, PHC announced that it was working with third-party forensic specialists to restore the functionality of its systems following a cyberattack. The Hive ransomware group claimed responsibility for the attack and allegedly exfiltrated 400GB of data prior to encrypting files. Those files are alleged to contain the sensitive data of 850,000 individuals including names, dates of birth, addresses, and Social Security numbers. The ransomware gang claimed to have encrypted files on March 19, 2022, although removed the listing from its data leak site after a few days. Last week, the law firms Whatley Kallas of San Diego and Janssen Malloy of Eureka filed a...



