Health Care | SC Media

Health Care

The fairly convincing phishing scam is being hosted on a compromised EA Games server.

Threat actor impersonates German, Italian and American gov’t agencies to spread malware

Since October, a threat actor has been impersonating governmental agencies in phishing emails designed to infect American, German and Italian organizations with various forms of malware, including the Cobalt Strike backdoor, Maze ransomware and the IcedID banking trojan. Business and IT services, manufacturing companies, and healthcare organizations make up a large share of the targets…

Open database exposes 93M files on patients of substance abuse facilities

A misconfigured AWS s3 storage bucket reportedly exposed roughly 93 million billing files that contain information on patients of three drug and alcohol addiction facilities operated by San Juan Capistrano, California-based Sunshine Behavioral Health, LLC. Patients at SBH’s Monarch Shores location in San Juan Capistrano; Chapters Capistrano facility in San Clemente, Calif.; and Willow Springs…

Arkansas AG reiterates need to report medical data breaches

Arkansas Attorney General (AG) Leslie Rutledge has advised the state’s medical practitioners of their responsibilities regarding when to report a data breach under the federal state’s Personal Information Protection Act (PIPA). Meanwhile, in neighboring Tennessee the state-run medical service TennCare reported that 43,847 members had their information exposed in a data breach that took place…

It’s privacy vs. innovation as Google collects data on 50 million medical patients

Google and health care provider organization Ascension have publicly confirmed a recent report that the two companies have embarked on a massive initiative to aggregate the data of roughly 50 million patients and store it on the cloud. The companies say it will improve patient care and administration, but the strategy has also sparked concern…

Maine’s InterMed suffers data breach, 30,000 affected

The Portland, Maine healthcare provider InterMed is informing about 30,000 patients that some of their PHI has been involved in a data breach. The facility learned on September 6, 2019 that an employee’s email account had been hacked a few days prior, which led to several other accounts also being breached between September 7-10. An…

St. Louis health center stymied by September ransomware attack

Betty Jean Kerr People’s Health Centers, a St. Louis-area medical and social services provider, was victimized last September by a ransomware attack that continues to prevent access to data collected from patients, health care providers and employees. The Associated Press reported on Friday that the breach affects roughly 152,000 people. The provider serves thousands of…

DCH Health System pays ransomware attackers in bid to restore operations

OCT. 12 UPDATE: On Oct. 10, DCH lifted its diversion protocol and began accepting all patients again in its Emergency Departments. Outpatient imaging for DCH Regional Medical Center and Northport Medical Center resumed normal operations on Oct. 11. DCH continues to work on restoring its systems. Forced to turn away certain patients following a ransomware…

Multiple zero-day vulnerabilities found medical IoT devices: CISA

The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory warning of vulnerabilities in several medical IoT devices that could lead to remote code execution. Advisory ICSA-19-274-01, which has a CVSS rating or 9.8, covers the following pieces of equipment: OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, Zebos by IP Infusion, and…

Next post in Vulnerabilities