healthcare (22)

13086077101?profile=RESIZE_400xEvery year, the statistics on cyber-attacks seem to get spookier, according to Chuck Brooks, President of Brooks Consulting International.  “As we finish October’s Cybersecurity Awareness month, it is a suitable time to review some of the key statistics and trends that can haunt us and help us meet the cybersecurity challenges of the evolving digital ecosystem.  There are so many frightening cyber stats that I had room for only a few categories, but they are important ones to know.”

The healthca

12742978500?profile=RESIZE_400xA Microsoft outage starting during the evening of 18 July which crippled airlines, financial services, health-care and many energy companies across the world, resulting for many in a "blue screen of death" on their work computers.  In response, Microsoft on Saturday released a recovery tool to help repair Windows machines affected by the bug, a day after CrowdStrike provided instructions for how to fix a crashed PC.

CrowdStrike, a cybersecurity firm whose software protects small businesses and l

12702047296?profile=RESIZE_400xThe National Health Laboratory Service (NHLS) in South Africa has confirmed that its laboratories are operational following a recent cyber-attack, although the automated distribution of test results to clinicians remains disrupted.  In a statement released on Wednesday, the NHLS explained that its systems and infrastructure were compromised by the cyber-attack, affecting the automatic generation and delivery of laboratory reports to clinicians via WebView.  Despite these challenges, urgent test

12663682670?profile=RESIZE_400xA cyber-attack that sent US based Ascension hospitals and health care systems offline in May happened because a worker accidentally downloaded malware, officials said this week.   “Clinical operations” were affected at Ascension hospitals and medical centers, which operate in Michigan and 18 other states, when a cyber-attack forced the organization to transition to offline systems in early May.  It was later said that the attack was actually a ransomware attack, meaning someone (or a group) brok

12643909297?profile=RESIZE_400xNearly 400,000 people had sensitive healthcare information stolen by hackers during a 2023 cyberattack on a company that supports eye clinics.  Colorado-based Panorama Eyecare told regulators in Maine and Massachusetts that 377,911 current and former patients and employees had data stolen; including names, Social Security numbers, dates of birth, license numbers, financial account information, dates of service and medical provider names.

Panorama Eyecare owns or provides services to dozens of op

12428366687?profile=RESIZE_400x

Have you noticed that the latest cyberattacks are threatening the very existence of many smaller medical clinics and their doctor's ability to deliver care? The recent cyberattack that took offline the largest US billing and electronic payment system operated by Change Healthcare (https://www.changehealthcare.com), a significant division of UnitedHealth Group, is only the latest, but maybe the current great example.

See:  https://redskyalliance.org/redshorts2023/15-healthcare-cyber-security

The

12400551497?profile=RESIZE_400xThere seems to be a very disturbing cyber-attack trend that is targeting our Healthcare sector.  This should be of a huge concern for everyone.  There used to be certain sectors that state sponsoredaccount access and criminal hackers would shy away.  Those days are gone.  The healthcare industry is an increasingly appealing target for cybercriminals from around the world.  The reason is simple: The healthcare value chain encompasses a large, complex network of connected entities that warehouse e

12282135297?profile=RESIZE_400xThis Fortiguard article in the Ransomware Roundup covers the Knight ransomware.

Knight Ransomware Overview: 
Knight is a relatively new ransomware group that arrived in August 2023. Like many attackers, the gang behind this variant employs double extortion tactics, where the Knight ransomware encrypts files on victims’ machines and exfiltrates data for extortion purposes.

12282123901?profile=RESIZE_400x

The predecessor of Knight, Cyclops, had multi-OS tools for Windows, Linux, and Mac OS. So, while FortiGuard Labs had only loc

11750899660?profile=RESIZE_400xNote: this Recorded Future Ransomware Tracker is updated on the second Sunday of each month to stay current.  The number of victims posted on ransomware extortion sites increased in May, with ransomware gangs publicly claiming more than 400 attacks in a month for the second time this year. 

The uptick was fueled in large part by the Russia-linked LockBit ransomware group, which posted 74 victims to its extortion site in May.  The group has become far and away the most active ransomware gang, wit

10997991696?profile=RESIZE_192XA new hacking group is targeting European countries and organizations in an espionage campaign that began in June 2022, according to new research.  Cisco’s Talos cybersecurity team calls the new group “YoroTrooper” and said it has already successfully compromised accounts connected to a “critical” European Union healthcare agency and the World Intellectual Property Organization (WIPO).  The researchers also found that it attacked several embassies.  “Our assessment is that the operators of this

10971637687?profile=RESIZE_400xRussia-linked ransomware group Clop reportedly took responsibility for a mass attack on more than 130 organizations, including those in the healthcare industry, using a zero-day vulnerability in secure file transfer software GoAnywhere MFT.[1]  Cybersecurity & Infrastructure Security Agency (CISA) added the GoAnywhere flaw (CVE-2023-0669) to its public catalog of Known Exploited Vulnerabilities.  This Sector

Alert follows previous HC3 Analyst Notes on Clop (CLOP Poses Ongoing Risk to HPH Organiz

10859349472?profile=RESIZE_400xThe US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have issued a joint alert on a new cybercrime group targeting organizations in the healthcare sector.

Called Daixin Team, the threat actor has been active since at least June 2022, targeting organizations in the US with ransomware based on leaked Babuk source code in September 2021, and also engaging in data theft and extortion.  It has

10853628288?profile=RESIZE_400xVice Society is an intrusion, exfiltration, and extortion hacking group that first appeared in summer 2021 that has alleged ties to Russia who attacks “With Love.”  Vice have crossed the line of what many hackers said was off limits – education and health care systems and facilities.  This past September, a ransomware attack on the Los Angeles Unified School District crippled its digital operations across their system, which includes more than 1,000 schools and serves roughly 600,000 students.  

10841022296?profile=RESIZE_400xThere has been a very disturbing trend of criminal hackers targeting healthcare providers and directly at hospitals.  The NHS system in the UK was recently attacked, numerous healthcare and hospitals in the US and now in Australia.  What was once a “white collar crime” of only attacking financial institutions, these cyber-attacks are compromising the health and safety of people around the globe.  Health insurer Medibank Private says it has been hit by a cyber-attack. 

 

Key points:

It is A

9969000653?profile=RESIZE_400xActivity Summary - Week Ending on 30 December 2021:

  • Red Sky Alliance identified 18,056 connections from new IP’s checking in with our Sinkholes
  • 77-88-9-11.spider.yandex.com
  • Analysts identified 4,095 new IP addresses participating in various Botnets
  • Chaos in Japan
  • SonicWall
  • An Albania Hit, Aagain
  • Five Eyes on Log4j
  • Chinese Propaganda in Full Force
  • Ireland is getting Serious
  • Healthcare at Risk, Still
  • Free Peltier

Link to full report: IR-21-364-001_weekly364.pdf

9657763476?profile=RESIZE_400xActivity Summary - Week Ending 8 October 2021:

  • Red Sky Alliance identified 45,583 connections from new IP’s checking in with our Sinkholes
  • Analysts identified 1,245 new IP addresses participating in various botnets
  • Researchers observed 10 unique email accounts compromised with keyloggers
  • Ranion is a Ransom-as-a-Service
  • Ransomware Operations are Short-Lived
  • Cyber-Attack turns Fatal
  • Indiana hospital and Ransomware
  • Protecting the Healthcare Sector
  • What’s a Slacktivist?
  • The Anthropocene Period

Lin

8952553461?profile=RESIZE_400xActivity Summary - Week Ending 21 May 2021:

  • Analysts identified 1,828 new IP addresses participating in various Botnets
  • Red Sky Alliance identified 28,925 connections from new unique IP Addresses
  • Our collection show 21 unique email accounts compromised with Keyloggers
  • FiveHands Ransomware
  • Panda Stealer
  • Waikato (NZ) District Health Boar – Hit
  • AXA Partners in Asia – attacked by the Avaddon Group
  • Ireland Hospital Hacking
  • Glasgow (Scotland) Caledonian University – IT shut Down
  • Additional DarkSide T

8601841870?profile=RESIZE_400xActivity Summary - Week Ending 26 February 2021:

  • 600+ US healthcare data breaches in 2020
  • Red Sky Alliance identified 35,139 connections from new unique IP addresses
  • Analysts identified 2,378 new IP addresses participating in various Botnets
  • Bazar Trojan Variant
  • Malware Lingerie for 2021Valentine’s Day !!
  • Silver Sparrow; aren’t Sparrows Brown?
  • Pfizer, COVID Vaccine and Hacking
  • LEON and Nocona Hospitals hit
  • eHealth in Canada – Ryuk Ransomware
  • France to invest 1 billion euros in Cyber Security –

8273065859?profile=RESIZE_400xActivity Summary - Week Ending 11 December 2020:

  • Red Sky Alliance identified 49,028 connections from new unique IP addresses
  • Analysts observed 66 unique email accounts compromised with Keyloggers
  • Sality and Corkow has consistently remain the top Malware Variants
  • Analysts identified 1,715 new IP addresses participating in various Botnets
  • Ragnar Locker
  • WatchBogMiner
  • Leaking Browser URL and Protocol Handlers
  • Malware targeting Synthetic DNA Orders to modify DNA strings sequence
  • Covid-19 Rx. Researc

8172301898?profile=RESIZE_400xEncryption is a valuable partner in maintaining privacy.  Encryption keeps our data safe from unwanted guests.  It stops people from robbing our valuable credit card details, our app usage habits, and our passwords.  While this is the answer for those with privacy concerns, IT teams will face a massive influx of traffic that they cannot look inside without decryption technology.  This means encryption brings a bit of a double-edged sword because cyber threat actors can use it too.  Encryption ca