Healthcare


  • Medibank hackers reportedly release all data on dark web

    December 1, 2022

    Hackers who breached Medibank’s systems have dumped another batch of data on the dark web, along with claims the files contain all of the data they took in a heist that impacted 9.7 million customers. The Australian insurance group confirms six zipped files of data have been released, while government officials reiterate the overdue need ...

  • All India Institute of Medical Sciences restores e-Hospital data after cyber attack

    November 30, 2022

    The server at the All India Institute of Medical Sciences (AIIMS) in Delhi has been down for the eighth day in a row, and according to reports, more analysts from Delhi are under consideration for suspension for cybersecurity violations after two of them were already suspended. According to the sources quoted by the report, “The sanitising ...

  • NHS tech chief dismisses concerns over loss of statutory power to protect patient data

    November 16, 2022

    An outgoing NHS tech chief has defended the decision to merge his organization with a UK government-run unit, arguably diluting the statuary protection of patient data. Simon Bolton, interim chief executive of the soon-to-be-defunct NHS Digital, said the merger of the organization with NHS England, a non-departmental government body, was necessary to “provide real clarity of ...

  • Russia-based Pushwoosh tricks US Army and others into running its code – for a while

    November 15, 2022

    US government agencies including the Army and Centers for Disease Control and Prevention pulled apps running Pushwoosh code after learning the software company – which presents itself as American – is actually Russian, according to Reuters. Pushwoosh is a software company that provides code and data analysis for developers so they can automate custom push notifications ...

  • US Health Dept warns of Venus ransomware targeting healthcare orgs

    November 10, 2022

    The U.S. Department of Health and Human Services (HHS) warned today that Venus ransomware attacks are also targeting the country’s healthcare organizations. In an analyst note issued by the Health Sector Cybersecurity Coordination Center (HC3), HHS’ security team also mentions that it knows about at least one incident where Venus ransomware was deployed on the networks ...

  • Hack the Real Box: APT41’s New Subgroup Earth Longzhi

    November 9, 2022

    In early 2022, Trend Micro investigated an incident that compromised a company in Taiwan. The malware used in the incident was a simple but custom Cobalt Strike loader. After further investigation, however, we found incidents targeting multiple regions using a similar Cobalt Strike loader. While analyzing code similarities and tactics, techniques, and procedures (TTPs), we ...

  • Medibank now says hackers accessed all its customers’ personal data

    October 27, 2022

    Australian insurance firm Medibank has confirmed that hackers accessed all of its customers’ personal data and a large amount of health claims data during a recent ransomware attack. In an announcement published today, the companies warned that an internal investigation into the attack has shown that the threat actors had far greater access to customer data ...

  • #StopRansomware: Daixin Team

    October 21, 2022

    This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see ...

  • Oops, web trackers may have leaked 3 million patients’ info

    October 20, 2022

    A hospital network in Wisconsin and Illinois fears visitor tracking code on its websites may have transmitted personal information on as many as 3 million patients to Meta, Google, and other third parties. Advocate Aurora Health (AAH) reported the potential breach to the US government’s Health and Human Services. As well as millions of patients, AAH ...

  • Hospital giant’s IT still poorly a week after suspected ransomware infection

    October 12, 2022

    Computer systems are still down at CommonSpirit Health – America’s second-largest nonprofit hospital network – more than a week after it was hit by a somewhat mystery cyberattack. The US’s largest Catholic healthcare provider remains very tight-lipped about the root cause of this digital breakdown, and when it expects its systems to come back online. At ...

  • Nonprofit hospital network suffers IT meltdown after ‘security incident’

    October 6, 2022

    America’s second-largest nonprofit healthcare org is suffering a security “issue” that has diverted ambulances and shut down electronic records systems at hospitals around the country. CommonSpirit Health, a Chicago-based organization that has more than 1,000 facilities and 140 hospitals across 21 states, this week copped to an “IT security issue” affecting “some” of its locations. The ...

  • Moody’s turns up the heat on ‘riskiest’ sectors for cyberattacks

    October 3, 2022

    About $22 trillion of global debt rated by Moody’s Investors Service has “high,” or “very high” cyber-risk exposure, with electric, gas and water utilities, as well as hospitals, among the sectors facing the highest risk of cyberattacks. That’s more than one-quarter (28 percent) of the $80 trillion in Moody’s rated debt across 71 global sectors, and ...

  • New York ambulance service discloses data breach after ransomware attack

    September 17, 2022

    Empress EMS (Emergency Medical Services), a New York-based emergency response and ambulance service provider, has disclosed a data breach that exposed customer information. According to the notification, the company suffered a ransomware attack on July 14, 2022. An investigation into the incident revealed that the intruder had gained access to Empress EMS’ systems on May 26, 2022. ...

  • Ransomware gang threatens 1m-plus medical record leak

    September 14, 2022

    Two recent ransomware attacks against healthcare systems indicate cybercriminals continue to put medical clinics and hospitals firmly in their crosshairs. Daixin Team has taken credit for a September 1 assault on Texas-based OakBend Medical Center, causing a shutdown of the organization’s communication and IT systems as well as exfiltrating internal data. The criminals claim to have stolen ...

  • FBI: Cyber Criminals Targeting Healthcare Payment Processors, Costing Victims Millions in Losses

    September 14, 2022

    The FBI has received multiple reports of cyber criminals increasingly targeting healthcare payment processors to redirect victim payments. In each of these reports, unknown cyber criminals used employees’ publicly-available Personally Identifiable Information (PII) and social engineering techniques to impersonate victims and obtain access to files, healthcare portals, payment information, and websites. In one case, the attacker ...

  • French hospital hit by $10M ransomware attack, sends patients elsewhere

    August 23, 2022

    The Center Hospitalier Sud Francilien (CHSF), a 1000-bed hospital located 28km from the center of Paris, suffered a cyberattack on Sunday, which has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries. CHSF serves an area of 600,000 inhabitants, so any disruption in its operations can endanger the health, and ...

  • RTLS systems vulnerable to MiTM attacks, location manipulation

    August 16, 2022

    Security researchers have uncovered multiple vulnerabilities impacting UWB (ultra-wideband) RTLS (real-time locating systems), enabling threat actors to conduct man-in-the-middle attacks and manipulate tag geo-location data. RTLS technology is widely used in industrial environments, mass transit, healthcare, and smart city applications. Its primary role is to assist in safety by defining geofencing zones using tracking tags, signal ...

  • UK: Ransomware attack on NHS systems could take weeks to fix, major IT provider warns

    August 11, 2022

    A cyberattack that hit a major IT provider for the NHS and severely affected the 111 service involved ransomware and could take up to four weeks to fix, it has emerged. Advanced, which supplies vital systems for the NHS, said it suffered a cyber breach around 7am on 4 August which has now been contained. The attack ...

  • New GwisinLocker ransomware encrypts Windows and Linux ESXi servers

    August 6, 2022

    A new ransomware family called ‘GwisinLocker’ targets South Korean healthcare, industrial, and pharmaceutical companies with Windows and Linux encryptors, including support for encrypting VMware ESXi servers and virtual machines. The new malware is the product of a lesser-known threat actor dubbed Gwisin, which means “ghost” in Korean. The actor is of unknown origin but appears to ...

  • Ministers coordinating ‘resilience response’ after ‘major’ cyber attack hits NHS systems across UK

    August 6, 2022

    The Welsh Ambulance Service says the outage is significant, far-reaching and affects all four nations in the UK, but NHS England says there’s “currently minimal disruption”. People seeking medical help via the NHS 111 service have been warned there could be delays after the attack led to a “major” computer system outage. The security issue was identified ...