Cyber Security Word of the Month: Clickjacking is the malicious practice of manipulating a website user's activity by concealing hyperlinks beneath legitimate clickable content, thereby causing the user to perform actions of which they are unaware.
Nursing Home Ransomware
2019/11/23 - "110 Nursing Homes Cut Off from Health Records in Ransomware Attack. Virtual Care Provider Inc. (VCPI) provides IT consulting, Internet access, data storage and security services to some 110 nursing homes and acute-care facilities in 45 states. VCPI is responsible for maintaining approximately 80,000 computers and servers that assist those facilities. "Read More...
Lack of Control
2019/11/20 - "Amongst the 786 million medical images identified in the US, which had the largest increase in new data sets discovered, Social Security Numbers were included on some of the images, as well as some sets which listed details pertaining to military personnel IDs from the Department of Defense."Read More...
What Happens
2019/11/12 - "What happens when your healthcare data is stolen or held for ransom? It depends. Healthcare records are worth much more than a credit card number or Social Security number-- $250 per record vs. $5.40 for a number...Because hospitals and other providers don't want to admit to losing control of their data, organizations don't disclose the attack."Read More...
Medtronic Vulnerabilities
2019/11/08 - "6 vulnerabilities have been identified in the Medtronic Valleylab energy platform and electrosurgery products, including one critical flaw that could allow an attacker to gain access to the Valleylab Energy platform and view/overwrite files and remotely execute arbitrary code."Read More...
Texas Health Resource
2019/11/07 - "Texas Health Resources recently filed 15 breach notifications, stemming from a misconfiguration error in its billing system that compromised the data of 82,577 patients."Read More...
Utah Notifications
2019/11/05 - "A Utah eye clinic is in the process of informing 20,000 patients that they were the victims of a data breach that happened a year and a half ago and linked patients to a scam involving PayPal."Read More...
Texas Breach Notifications
2019/11/01 - "House Bill 4390 amends the Texas Identity Theft Enforcement and Protection Act by requiring that Texas residents be notified of a data security breach within sixty (60) days of the determination that a breach has occurred."Read More...
Kalispell Healthcare Breach
2019/10/23 - "...data breach resulting in 129K health records getting leaked...Multiple employees had unknowingly provided their email login credentials to the phishers. The scammers were then able to access patients’ personal information, including name, address, medical record number, date of birth, telephone number, email address, medical history and treatment information, date of service, treating and referring physician, medical bill account number and/or health insurance information."Read More...
Healthcare Phishing
2019/10/22 - "Healthcare firms hold a trove of patients’ sensitive data which if compromised can result in identity theft, taking undue advantage of services and more. There has been a 300% jump in imposter emails sent to healthcare organizations during the first quarter of 2019."Read More...
Unsecure databases
2019/10/22 - "Researchers have uncovered unsecure databases from nine different medical companies across the world...The exposed data includes patients’ personal information, contact information, prescriptions, treatment information, medical observations, and other sensitive medical information."Read More...
Florida OBGYN Data Breach
2019/10/15 - "All 528,188 patients of North Florida OB-GYN have been contacted by letter and warned that their personal data may have been exposed."Read More...
UAB Phishing
2019/10/04 - "Hackers sent an email created to look like an authentic request from an executive asking employees to complete a business survey. Despite education and training to recognize this type of phishing attack, a number of employees accessed the survey and provided their username and password to the hackers, allowing the hackers to access the employees’ email accounts as well as the payroll system."Read More...
NZ Medical Records
2019/10/05 - "The hack that placed in jeopardy the medical details of a million people went unnoticed for three years."Read More...
Ontario Ransomware
2019/10/04 - "Hackers have crippled the computer systems of three Ontario hospitals in recent weeks...The malware, known as 'Ryuk,' attacks computer networks but remains invisible to average users for weeks or months. During that time, it collects information about the organization and its perceived ability to pay a ransom. Ryuk then locks files, demanding the network owner pay a sum of money to make them accessible again."Read More...
Alabama Ransomware
2019/10/04 - "The DCH Health System is still crippled by a ransomware attack that limited the hospital systems ability to use its computers...While IT systems are down, medical staff have shifted operations into manual mode and are using paper copies in place of digital records..."Read More...
Medical Image Exposé
2019/09/18 - "Over 2,300 Picture Archiving and Communication System (PACS) systems are connected to the public internet. PACS are used in the healthcare sector to store and serve medical information retrieved from imaging devices such as X-Ray, CT, or MRI machines. The exposed patient records included names, dates of birth, dates of examination, type of imaging procedure, attending physicians, clinic names, and the number of generated images."Read More...
Open door Medical Records
2019/09/17 - "A new joint investigation published by ProPublica and German broadcaster Bayerischer Rundfunk found that the medical data of some 5 million patients in the US is easily obtainable with free software or just a simple web browser."Read More...
BOGO PHI
2019/08/22 - "For as little as a few thousand dollars, and sometimes even less, anyone on the dark web can have a database of compromised personal health information (PHI) from a hospital or health system. FireEye has documented numerous database sales for as low as $300..."Read More...
Cyber Threats
2019/08/21 - "Chinese advanced persistent threat (APT) groups are honing in on cancer research institutes in recent cyberattacks in order to steal their work..."Read More...
Unauthorized User
2019/08/03 - "Presbyterian Healthcare Services reported a data breach that allowed unauthorized access to personal information belonging to around 183,000 patients and health plan members."Read More...
Anesthesia Hack
2019/07/11 - "{A} vulnerability could allow an attacker to remotely modify GE Healthcare anesthesia machines. GE Healthcare is aware of the vulnerability, issuing a statement that says there is 'potential ability to modify gas composition parameters...modify device time and silence alarms after the initial audible alarm,'"Read More...
2019/06/04 - "American Medical Collection Agency (AMCA), a billing collections service provider, has informed Quest Diagnostics that an unauthorized user had access to AMCA’s system containing personal information...attackers had access {for 7 months} "Read More...
Miss Configured
2019/06/04 - "The personal information of some University of Chicago donors and patients was mistakenly exposed. The exposed information was part of a database that contained nearly 1.7 million records, {and} was the result of a vendor misconfiguring a server..."Read More...
Weak p@5Sw0rd
2019/05/02 - "International cyber criminals had intermittent access for roughly five months...to personal information on current and former Citrix employees, as well as some of their relatives and beneficiaries."Read More...
Serving it Up
2019/04/17 - "An email server breach has exposed the personal information of 270,000 patients."Read More...
Insulin Dependent Hack
2019/04/13 - "MedTronic is recalling some of its insulin pumps (MiniMed 508 and Paradigm insulin pumps, along with the CareLink USB control hub) following the discovery of security vulnerabilities in the equipment that can be exploited over the air to hijack them."Read More...
Heart Hack
2019/04/13 - "U.S. Department of Homeland Security (DHS) warned that computer hackers can easily gain access to implanted cardiac defibrillators made by Medtronic. An attacker could exploit communication protocol(s) to change memory in a implanted cardiac device."Read More...
S.P.O.F.
2019/03/20 - "A small US healthcare company ended up locked out of the equipment,...{due} to an untimely death in 2018."Read More...
2019/03/17 - "A health tech company was leaking thousands of doctor’s notes, medical records, and prescriptions daily after a security lapse left a server without a password."Read More...
Faxsploit
2018/08/14 - "...Your fax number is literally enough for a hacker to gain complete control over the printer and possibly infiltrate the rest of the network connected to it."Read More...