Kalispell Regional Healthcare Proposes 4.2 Million Settlement to Resolve Data Breach Lawsuit
The Montana-based healthcare provider Kalispell Regional Healthcare has proposed a $4.2 million settlement to resolve a lawsuit filed on behalf of victims of a data breach that was announced in October 2019. The lawsuit was filed shortly after the announcement that the protected health information of approximately 130,000 patients had been impermissibly disclosed as a result of a sophisticated phishing attack. Unauthorized individuals had gained access to several email accounts after employees responded to phishing emails and disclosed their login credentials. The attackers first gained access to the email accounts on May 24, 2019 and were able to continue to access the accounts for several months. The compromised email accounts contained PHI such as names, addresses, telephone numbers, dates of birth, medical record numbers, medical histories, Social Security numbers, and health insurance information. Around 250 Social Security numbers are known to have been stolen by the attackers. The lawsuit alleged Kalispell Regional Healthcare had failed to implement appropriate measures to...
Xavier Becerra Named Secretary of the Department of Health and Human Services
President-elect Joe Biden has named California Attorney General Xavier Becerra as Secretary of the Department of Health and Human Services. While the decision has been made according to The New York Times, the appointment has yet to be announced by his transition team. Biden is committed to building the most diverse administration in history and while progress has been made so far, Biden has faced criticism over the number of Latinos appointed to date. If the appointment of Becerra is confirmed by the senate, he will become the first ever Latino Secretary of the Department of Health and Human Services. The news of his selection has drawn praise from the Congressional Hispanic Caucus. Becerra has a long record of supporting the Affordable Care Act and helped steer the legislation through Congress in 2009 and 2010. The former Los Angeles area congressman also led the coalition of Democratic states that defended the Affordable Care Act and resisted attempts by the Trump Administration to overturn it. Becerra will be responsible for expanding the Affordable Care Act and is likely to...
AMA Issues Guidance to Help Healthcare Organizations Mitigate COVID-19 Cyber Risks
The American Medical Association has warned hospitals, health systems, and medical practices about the increase in cyber risks targeting the healthcare sector and has provided recommendations on the steps that can be taken to ensure threats are mitigated and network security is improved. Laura Hoffman, AMA assistant director of federal affairs, explained the current threats in a recent AMA COVID-19 Update and announced a new resource has been developed by the AMA and American Hospital Association (AHA) on technology considerations for healthcare organizations for the remainder of 2020 to improve network security and bolster patient privacy efforts. The COVID-19 pandemic has created many new challenges for healthcare organizations which are having to treat increased numbers of patients while working in ways that may be unfamiliar. The pandemic has seen a major expansion of telehealth services, with many patients now receiving care virtually using new technology platforms. These new technologies and platforms have introduced vulnerabilities and broadened the attack surface and...
COVID-19 Vaccine Cold Chain Organizations Targeted in Global Phishing Campaign
The Cybersecurity Infrastructure and Security Agency has issued a warning about a global spear phishing campaign targeting organizations in the cold storage and supply chain that are involved with the distribution of COVID-19 vaccines. Two of the first vaccines to be produced must be kept and low temperatures during storage and transit prior to being administered. The Pfizer/BioNTech vaccine must be kept at -94°F (-70°C) and the Moderna vaccine at -4°F (-20°C), so cold chain organizations are a key element of the supply chain. At the start of the pandemic, IBM X-Force established a cyber threat task force to track threats targeting organizations involved in the fight against COVID-19. The task force recently published a report about an ongoing spear phishing campaign that started in September 2020 which is targeting organizations supporting the Cold Chain Equipment Optimization Platform program. The program was launched in 2015 by the United Nations Children’s Fund and partner organizations to distribute vaccines worldwide. Phishing emails have been sent to executives in sales,...
Vulnerabilities in OpenClinic Application Could Allow Unauthorized PHI Access
Four vulnerabilities have been identified in the OpenClinic application, the most severe of which could allow authentication to be bypassed and protected health information (PHI) to be viewed from the application by unauthorized users. OpenClinic is an open source, PHP-based health record management software that is used in many private clinics, hospitals, and physician practices for administration, clinical and financial tasks. A BishopFox Labs researcher has identified four vulnerabilities in the software which have yet to be corrected. The most serious vulnerability involves missing authentication, which could be exploited to gain access to any patient’s medical test results. Authenticated users of the platform can upload patient’s test results to the application, which are loaded into the /tests/ directory. Requests for files in that directory do not require users to be authenticated to the application to return and display the test results. In order for the test results to be obtained, an unauthenticated user would need to guess the names of the files; however, the BishopFox...



