Scammers Target Healthcare Buyers Trying to Purchase PPE and Medical Equipment
The Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are attempting to steal money from state agencies and healthcare industry buyers that are trying to purchase personal protective equipment (PPE) and medical supplies. Healthcare industry buyers have been told to be on high alert following a rise in the number of scams related to the procurement of PPE and essential medical equipment such as ventilators, which are in short supply due to increased demand. The FBI has received reports of several cases of advance fee scams, where government agencies and healthcare industry buyers have wired funds to brokers and sellers of PPE and medical equipment, only to discover the suppliers were fake. There have also been several reported cases of business email compromise (BEC) scams related to PPE and medical equipment procurement. In these scams, brokers and vendors of goods and services are impersonated. The scammers use email addresses that are nearly identical to the legitimate broker or seller and request wire transfer payments for the goods and services. The...
Small-Sized and Medium-Sized Healthcare Providers Most Likely to Be Attacked with Ransomware
Ransomware gangs are concentrating their attacks on smaller healthcare providers and clinics, according to a new report from RiskIQ. Healthcare providers with fewer than 500 employees are key targets for the gangs, with these organizations accounting for 70% of all successful healthcare ransomware attacks since 2016. RiskIQ’s analysis of 127 healthcare ransomware attacks revealed there has been a 35% increase in attacks between 2016 and 2019. Hospitals and healthcare centers accounted for 51% of ransomware attacks, 24% of attacks were on medical practices, with 17% on health and wellness centers. The cybersecurity defenses at smaller healthcare organizations are likely to be far less effective than those at larger healthcare systems. RiskIQ reports that 85% of small- and medium-sized hospitals do not have a qualified IT security person on staff, so there is a higher chance of gaps in security being left unaddressed. Ransom payments are more likely to be paid to avoid the costly downtime that is often caused by an attack. It can often take several weeks for an organization to fully...
Microsoft Patches Three Actively Exploited Flaws and Delays End of Support for Software and Services
On April 2020 Patch Tuesday, Microsoft released updates to correct 113 vulnerabilities in its operating systems and software solutions, 19 of which have been rated critical. This month’s round of updates includes fixes for at least 3 zero-day vulnerabilities that are being actively exploited in real world attacks. Two of the actively exploited vulnerabilities were announced by Microsoft in March and Microsoft suggested workarounds to limit the potential for exploitation. The flaws – CVE-2020-0938 and CVE-2020-1020 – both affect the Adobe Font Manager Library and can lead to remote code execution on all supported Windows versions. The flaws are partially mitigated in Windows 10 and could only result in code execution in an AppContainer sandbox with limited privileges and capabilities. The flaws could be exploited if a user is convinced to open a specially crafted document or if it is viewed in the Windows Preview pane. The third actively exploited zero-day is a Windows Kernel vulnerability that was discovered by Google’s Project Zero team. The flaw, tracked as...
Washington University School of Medicine Breach Impacts 14,795 Oncology Patients
Washington University School of Medicine is notifying 14,795 oncology patients that some of their protected health information was stored in an email account that was breached in January 2020. An unauthorized individual gained access to the email account of a research supervisor in the Division of Oncology between January 12, 2020 and January 13, 2020 as a result of a response to a phishing email. Upon discovery of the breach, immediate action was taken to secure the account and prevent further unauthorized access and a third-party computer forensics firm was engaged to assist with the investigation. A painstaking review of emails and email attachments in the account revealed they contained the following patient information: Names, dates of birth, medical record numbers, patient account numbers, limited treatment and/or clinical information, including diagnoses, provider names, and lab test results. Certain patients also had their health insurance information and/or Social Security numbers exposed. Affected individuals are now being notified about the breach and individuals whose...
PHI of 16,600 Patients Potentially Compromised in Ransomware Attack on Andrews Braces
The Sparks, NV orthodontics practice, Andrews Braces, has experienced a ransomware attack that resulted in the encryption of patient data. The attack was discovered on February 14, 2020, with the subsequent investigation determining the ransomware was downloaded the previous day. The practice hired a third-party forensic investigator to assess the scope and extent of the attack and determine whether patient information had been accessed or exfiltrated prior to encryption. While it is not uncommon for ransomware attacks to involve data theft, the investigation did not uncover any evidence to suggest data had been obtained by the attackers. This appeared to be an automated attack with the sole aim of encrypting data to extort money from the practice. The practice regularly backed up patient data and stored its backups securely, so it was possible to restore the encrypted files without paying the ransom. Data theft is not suspected but the possibility could not be ruled out, so notification letters have been sent to all affected patients. The types of data which could potentially have...



