FBI Warns of Ongoing Conti Ransomware Attacks on Healthcare Organizations and First Responders
The Federal Bureau of Investigation (FBI) has issued a TLP:WHITE Flash notice about ongoing Conti ransomware attacks targeting healthcare and first responder networks. According to the FBI, the Conti ransomware gang has attacked 16 healthcare and first responder organizations in the United States. In addition to healthcare providers, the gang has attempted ransomware attacks on 911 dispatch centers, emergency medical services, law enforcement agencies and municipalities. The gang is known to have conducted attacks on 400 organizations worldwide, including a recent attack on the Health Service Executive (HSE) and Department of Health (DoH) in Ireland. To date, the gang has claimed 290 victims in the United States. Conti ransomware is believed to be operated by the Russian cybercrime group Wizard Spider and is a ransomware-as-a-service (RaaS) operation. The threat group is known for attacking large organizations and issuing huge ransom demands, which have been as high as $25 million. The ransom demand set for each victim based on the extent of the encryption and the perceived ability...
Rehoboth McKinley Christian Health Care Services Notifies Patients about February 2021 Ransomware Attack
Gallup, NM-based Rehoboth McKinley Christian Health Care Services (RMCHCS) has announced it was the victim of a ransomware attack in February 2021 in which patient data was exfiltrated. The Conti ransomware gang struck in February and stole a range of sensitive data, including job application data, background check information, staff reports, and the protected health information of patients. A sample of the stolen files was uploaded to the Conti data leak site to pressure the healthcare provider into paying the ransom. The data is no longer listed on the leak site, but it is unclear whether the ransom was paid. RMCHCS discovered on February 16, 2021 that patient data had been stolen by the ransomware group. RMCHSC engaged a third-party computer forensics firm to investigate the attack and determined the attackers exfiltrated data between January 21 and February 5, 2021. A review of the files potentially accessed by the hackers was completed on April 30, 2021 and notification letters were sent to those individuals. RMCHCS said the data potentially accessed included names, addresses,...
Health Plan of San Joaquin Email Security Breach Affects 420,433 Individuals
Health Plan of San Joaquin (HPSJ), a non-profit Medi-Cal managed care provider based in French Camp, CA, has discovered an unauthorized individual has gained access to its email system and potentially accessed or obtained sensitive data. A potential email breach was suspected on or around October 12, 2020 when anomalous activity was identified in the email system. HPSJ determined on October 23, 2020 that multiple employee email accounts had been remotely accessed by an unauthorized individual. A password reset was performed on all affected email accounts to prevent further access, and the investigation confirmed that unauthorized access to email accounts occurred between September 26, 2020 and October 12, 2020. Following any email system breach, all emails in the compromised accounts must be checked to determine whether they contain any sensitive data. That can be a labor-intensive and time-consuming process. In this case, the process involved a programmatic and painstaking manual review, which revealed that the compromised email accounts contained the protected health information...
New England Dermatology Discovers Specimen Bottles Disposed of Incorrectly for 10 Years
New England Dermatology has started notifying 58,106 patients about the exposure of some of their protected health information. In an April 30, 2021 breach notice, New England Dermatology explained the privacy breach was due to the improper disposal of specimen bottles by its in-house pathology laboratory. The lab should have been sending the specimen bottles for shredding or incineration since the specimen bottles had printed labels that included patient data covered by the HIPAA Rules; however, they were discarded as regular trash. The information on the bottles included patients’ first and last names, birth dates, dates of specimen collection, name of provider who took the specimen, and body part from which the specimen was taken. No other information was included on the labels. The regular trash, including the specimen bottles, was collected by a waste contractor that serviced the building and was sent to landfill. The improper disposal dated back to February 4, 2011 and continued until the HIPAA violation was discovered on March 31, 2021. Any individual whose specimen(s) was...
U.S Advances 5 Bills to Improve Cyber Defenses of SLTT Governments and Critical Infrastructure Entities
In the wake of the SolarWinds Supply chain attack, ransomware attack on Colonial Pipeline, and President Biden’s cybersecurity executive order, the U.S. House Committee on Homeland Security has cleared five bipartisan bills that seek to address cybersecurity and improve the defenses of state, local, tribal, and territorial (SLTT) governments and critical infrastructure entities. The cyberattack on Colonial Pipeline forced the company to shut down its 5,500-mile fuel pipeline that delivers 45% of the fuel required by the East Coast. In order to speed up recovery and minimize disruption, Colonial Pipeline’s CEO Joseph Blount authorized the payment of a $4.4 million ransom to the DarkSide ransomware gang; however, even though the ransom was paid, the fuel pipeline remained shut down for 5 days, causing major disruption to fuel supplies. These attacks have highlighted major vulnerabilities in cybersecurity defenses which need to be addressed to improve national security. The five bipartisan cybersecurity bills advanced this week are: The Pipeline Security Act (H.R. 3243)...



