FBI: Ransomware Gangs Exploiting Corporate Financial Events to Facilitate Extortion
Ransomware gangs often use double extortion tactics to encourage victims to pay the ransom. In addition to file encryption, sensitive data are stolen and a threat is issued to sell or publish the data if the ransom is not paid. The Federal Bureau of Investigation (FBI) has recently issued a private industry notification warning of a new extortion tactic, where ransomware gangs target companies and organizations that are involved in significant time-sensitive financial events, steal sensitive financial data, then threaten to publish that information if payment is not made. Ransomware gangs conduct extensive research on their victims before launching an attack, which includes gathering publicly available data and nonpublic material. The attacks are then timed to coincide with the release of quarterly earnings reports, SEC filings, initial public offerings, and merger and acquisition activity, with the release of information having the potential to significantly affect the victim’s stock value. “During the initial reconnaissance phase, cyber criminals identify non-publicly...
42% of Healthcare Organizations Have Not Developed an Incident Response Plan
Hacks, ransomware attacks, and other IT security incidents account for the majority of data breaches reported to the Department of Health and Human Services’ Office for Civil Rights, but data breaches involving physical records are also commonplace. According to the Verizon Data Breach Investigations Report, disclosed physical records accounted for 43% of all breaches in 2021, which highlights the need for data security measures to be implemented covering all forms of data. The healthcare industry is extensively targeted by cybercriminals and cyberattacks increased during the pandemic. There was a 73% increase in healthcare cyberattacks in 2020, with those breaches resulting in the exposure of 12 billion pieces of protected health information, according to the 2021 Data Protection Report recently published by Shred-It. The report is based on an in-depth survey of C-level executives, small- and medium-sized business owners, and consumers across North America and identifies several areas where organizations could improve their defenses against external and internal threats....
OCR: Ensure Legacy Systems and Devices are Secured for HIPAA Compliance
The Department of Health and Human Services’ Office for Civil Rights has advised HIPAA-covered entities to assess the protections they have implemented to secure their legacy IT systems and devices support HIPAA compliance. A legacy system is any system that has one or more components that have been supplanted by newer technology and reached end-of-life. When software and devices reach end-of-life, support comes to an end, and patches are no longer issued to correct known vulnerabilities. That makes legacy systems and devices vulnerable to cyberattacks. Healthcare organizations should be aware of the date when support will no longer be provided, and a plan should be developed to replace outdated software and devices; however, there are often valid reasons for continuing to use outdated systems and devices. Legacy systems may work well and be well-tailored to an organization’s business model, so there may be a reluctance to upgrade to new systems that are supported. Upgrading to a newer system may require time, funds, and human resources that are not available, or it may not be...
Microsoft Warns of Ongoing Attacks by SolarWinds Hackers on Service Providers and Downstream Businesses
The advanced persistent threat (APT) actor Nobelium (aka APT29; Cozy Bear) that was behind the 2020 SolarWinds supply chain attack is targeting cloud service providers (CSPs), managed service providers (MSPs), and other IT service providers, according to a recent alert from Microsoft. Rather than conducting attacks on many companies and organizations, Nobelium is favoring a compromise-one-to-compromise-many approach. This is possible because service providers are often given administrative access to customers’ networks to allow them to provide IT services. Nobelium is attempting to leverage that privileged access to conduct attacks on downstream businesses and has been conducting attacks since at least May 2021. Nobelium uses several techniques to compromise the networks of service providers, including phishing and spear phishing attacks, token theft, malware, supply chain attacks, API abuse, and password spraying attacks on accounts using commonly used passwords and passwords that have previously been stolen in data breaches. Once access to service providers’ networks has been...
More than 650K Patients of Community Medical Centers Notified About Hacking Incident
The protected health information of more than 650,000 patients of Community Medical Centers (CMC) in California has potentially been obtained by hackers. CMC is a not-for-profit network of community health centers that serve patients in the San Joaquin, Solano, and Yolo counties in Northern California. CMC identified suspicious activity in its computer systems on October 10, 2021, and shut down its systems to prevent further unauthorized access. An investigation was launched to determine the nature and scope of the breach, with assistance provided by third-party cybersecurity experts. The forensic investigation confirmed that unauthorized individuals had gained access to parts of its network where protected health information was stored, including first and last names, mailing addresses, dates of birth, Social Security numbers, demographic information, and medical information. Due to the sensitive nature of the exposed data, CMC is offering complimentary identity theft protection, identity theft resolution, and credit monitoring services to affected individuals. CMC said it has...



