Health Care

Health Care

Med group’s breach disclosure claims SSNs unaffected; leaked docs suggest otherwise

The Affordacare Urgent Care Clinic, a network of medical providers based in Texas, has officially confirmed a combination data breach-ransomware attack that exposed sensitive information. The company is claiming that social security numbers were not impacted in the incident, despite security experts having demonstrated that the attackers have published stolen documents containing patients’ and employees’…

Maze ransomware attackers extort vaccine testing facility

The cybercriminal gang behind Maze ransomware has been extorting a UK-based clinical research organization that’s been preparing to play a potential role in testing vaccine candidates for the novel coronavirus, despite assurances that they would not harm any health care organizations during the COVID-19 crisis. SC Media first reported an attack on the medical center,…

Cyberattack halts Tissue Regenix’s U.S.-based manufacturing operations

U.K.-based medical technology company Tissue Regenix acknowledged on Tuesday that it took its systems offline after an unauthorized party accessed them and those of its U.S.-based third-party IT service provider. According to a report from Reuters, the Leeds-based company said the shutdown will negatively impact its ability to manufacture products at its U.S. facility in…

Critical vulnerabilities found in GE medical gear

The DHS Cybersecurity and Infrastructure Security Agency has issued a warning of six critical-rated vulnerabilities in several GE medical monitoring devices. Advisory ICSMA-20-023-01 covers the GE CARESCAPE Telemetry Server, ApexPro Telemetry Server, CARESCAPE Central Station (CSCS) and Clinical Information Center (CIC) systems, CARESCAPE B450, B650, B850 monitors. The vulnerabilities include unprotected storage of credentials, improper…

Privacy takes a hit, as storage bucket leaks cannabis dispensary POS data

A misconfigured Amazon Web Services S3 storage bucket was discovered leaking data that had been collected by a point-of-sale system used by multiple cannabis dispensaries, researchers from vpnMentor reported on Wednesday. The exposed bucket, which was found on Christmas eve and closed by Jan. 14, was found to contain more than 85,000 files. These included…

Hospital

Breach of email accounts impacts 50,000 patients of Minnesota hospital

Minnesota-based hospital operator Alomere Health this month began notifying patients of a data breach affecting 49,351 individuals, after a malicious actor gained access to two employee email accounts in late October and early November. The first incident took place between Oct. 31 and Nov. 1, 2019, while the second account hijacking happened days later on…

Dread Zeppelin: Ransomware targets health care and IT sectors in U.S., Europe

Cybercriminals have spun off a ransomware that was originally known to target Russian organizations into a new malicious encryptor used in targeted campaigns against strategically selected health care and IT companies in America and Europe. Dubbed Zeppelin, the new ransomware is a descendant of VegaLocker, a Delphi-based Ransomware-as-a-Service (RaaS) offering that was discovered in early…

Report: Dental practices feel the pain of ransomware attack on IT provider

More than 100 dentist offices have reportedly been affected by a recent Sodinokibi ransomware attack on a Colorado-based company that provides IT services to the oral-care practices. Security expert Brian Krebs reported this past weekend via his blog post that Englewood, Colo.-based Complete Technology Solutions (CTS), was attacked back on Nov. 25, apparently via a compromised remote…

Ransomware attack on nursing homes’ services provider threatens lives

Cybercriminals are reportedly demanding a $14 million extortion payment after using Ryuk ransomware to infect Virtual Care Provider Inc. (VCPI), a company that provides IT consulting and cloud-based data hosting and security services to roughly 110 nursing home operations around the U.S. The Nov. 17 attack took place at 1:30 a.m. local time, encrypting the…

Next post in Cybercrime