Healthcare


  • A set of vulnerabilities in TCP/IP stacks could leave millions of connected medical devices open to attack

    November 9, 2021

    Critical vulnerabilities in millions of connected devices used in hospital networks could allow attackers to disrupt medical equipment and patient monitors, as well as Internet of Things devices that control systems and equipment throughout facilities, such as lighting and ventilation systems. The vulnerable TCP/IP stacks – communications protocols commonly used in connected devices – are also ...

  • Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer

    November 7, 2021

    On Sept. 16, 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) released an alert warning that advanced persistent threat (APT) actors were actively exploiting newly identified vulnerabilities in a self-service password management and single sign-on solution known as ManageEngine ADSelfService Plus. The alert explained that malicious actors were observed deploying a specific webshell and ...

  • Medical school exposes personal data of thousands of students

    November 3, 2021

    A US medical training school exposed the personally identifiable information (PII) of thousands of students. On Wednesday, vpnMentor published a report on the security incident, in which an unsecured bucket was left exposed online. The server, which did not have authentication controls in place and was, therefore, accessible by anyone to view, contained 157GB of data, or ...

  • Canadian province health care system disrupted by cyberattack

    November 1, 2021

    The Canadian province of Newfoundland and Labrador has suffered a cyberattack that has led to severe disruption to healthcare providers and hospitals. The attack took place on October 30th, causing regional health systems to shut down their networks and cancel thousands of medical appointments. This outage affected health systems in Central Health, Eastern Health, Western Health, ...

  • EU Green Pass-generation keys stolen – sources

    October 27, 2021

    Some of the keys used to generate the European Green Pass have been stolen and distributed on programming networks to create false COVID-19 health certificates, qualified Italian sources said on Wednesday. A series of meetings at the EU level were being held on Wednesday to examine the situation, according to the sources. Read more… Source: ANSA News  

  • Third-party data breach in Singapore hits healthcare provider

    October 26, 2021

    Another third-party security breach has been reported in Singapore, this time, affecting patients of Fullerton Health and compromising personal data that included bank account details in “a few cases”. The affected vendor Agape Connecting People, which platform facilitates appointment booking, first detected the breach on October 19 and appeared to affect only Fullerton Health. The healthcare ...

  • NHS Digital exposes hundreds of email addresses after BCC blunder copies in entire invite list to ‘Let’s talk cyber’ event

    October 20, 2021

    NHS Digital has scored a classic Mail All own-goal by dispatching not one, not two, not three, but four emails concerning an infosec breakfast briefing, each time copying the entirety of the invite list in on the messages. The first email sent yesterday morning thanked participants for “registering for NHS Digital’s Full Digital Breakfast: Let’s talk ...

  • Israeli hospital targeted by ransomware attack

    October 13, 2021

    The Hillel Yaffe Medical Center in Hadera has been targeted by a ransomware attack that affected the computer systems of the hospital, the medical center announced on Wednesday. The attack occurred without any prior warning. Since the attack, the hospital has using alternate systems in the meantime while treating patients. The hospital is operating as normal, ...

  • Alabama: Baby died because of ransomware attack on hospital

    September 30, 2021

    An Alabama baby was born with severe brain injury and eventually died due to botched care because her hospital was struggling with a ransomware attack, a lawsuit alleges. The filing is the first credible public claim that someone’s death was caused at least in part by hackers who remotely shut down hospital computers in an extortion ...

  • United Health Centers ransomware attack claimed by Vice Society

    September 24, 2021

    California-based United Health Centers suffered a ransomware attack that reportedly disrupted all of their locations and resulted in patient data theft. United Health Centers is a health care provider in California with twenty-one community health centers servicing Fresno, Kings, and Tulare counties. On August 31st, BleepingComputer was told by a source in the cybersecurity industry that United ...

  • The state of ransomware: national emergencies and million-dollar blackmail

    September 14, 2021

    Banks have been “disproportionately affected” by a surge in ransomware attacks, clocking a 1,318% increase year-on-year in 2021. Ransomware has become one of the most well-known and prevalent threats against the enterprise today. This year alone, we have seen high-profile cases of ransomware infection — including against Colonial Pipeline, Kaseya, and Ireland’s health service — cause ...

  • BlackMatter ransomware hits medical technology giant Olympus

    September 13, 2021

    Olympus, a leading medical technology company, is investigating a “potential cybersecurity incident” that impacted some of its EMEA (Europe, Middle East, Africa) IT systems last week. Olympus has more than 31,000 employees worldwide and over 100 years of history developing for the medical, life sciences, and industrial equipment industries. The company’s camera, audio recorder, and binocular divisions ...

  • Ransomware groups continue assault on healthcare orgs as COVID-19 infections increase

    September 11, 2021

    Ransomware groups have shown no signs of slowing down their assault on hospitals, seemingly ramping up attacks on healthcare institutions as dozens of countries deal with a new wave of COVID-19 infections thanks to the potent Delta variant. Vice Society, one of the newer ransomware groups, debuted in June and made a name for themselves by ...

  • Indonesia: 1.3 million people had their sensitive personal data, COVID-19 test results and more exposed on an open server.

    August 30, 2021

    Researchers with vpnMentor have uncovered a data breach involving the COVID-19 test and trace app created by the Indonesian government for those traveling into the country. The ‘test and trace app’ — named electronic Health Alert Card or eHAC — was created in 2021 by the Indonesian Ministry of Health but the vpnMentor team, lead by ...

  • Indiana: COVID-19 Contact-Tracing Data Exposed, Fake Vax Cards Circulate

    August 19, 2021

    This week, the Indiana Department of Health issued a notice that the state’s COVID-19 contact-tracing system had been exposed via a cloud misconfiguration, revealing names, emails, gender, ethnicity, race and dates of birth of more than 750,000 people. The incident shows that COVID-19 data could be poised for abuse and misuse, according to experts, which is ...

  • Hive ransomware attacks Memorial Health System, steals patient data

    August 16, 2021

    In what appears to be an attack from the Hive ransomware gang, computers of the non-profit Memorial Health System have been encrypted, forcing staff to work with paper charts. The attack occurred early Sunday morning and the IT department detected it once they noticed that parts of the infrastructure no longer responded as expected. Read more… Source: Bleeping ...

  • Ransomware attack hits Italy’s Lazio region, affects COVID-19 site

    August 4, 2021

    The Lazio region in Italy has suffered a reported ransomware attack that has disabled the region’s IT systems, including the COVID-19 vaccination registration portal. Early Sunday morning, the Lazio region suffered a ransomware attack that encrypted every file in its data center and disrupted its IT network. “The attack blocked almost every file in the data center. ...

  • PwnedPiper critical bug set impacts major hospitals in North America

    August 2, 2021

    Pneumatic tube system (PTS) stations used in thousands of hospitals worldwide are vulnerable to a set of nine critical security issues collectively referred to as PwnedPiper. PTS solutions are part of a hospital’s critical infrastructure as they are used to quickly deliver items like blood, tissue, lab samples, or medication to where they’re needed. Read more… Source: Bleeping ...

  • Northern Ireland’s COVID certification service suspended after data leak

    July 28, 2021

    Northern Ireland’s Department of Health (DoH) has temporarily halted its COVID-19 vaccine certification online service following a data exposure incident. Some users of COVIDCert NI app were presented with data of other users, under certain circumstances, says the Department. As seen by BleepingComputer, neither the web service nor the mobile app functionality is accessible at the time ...

  • UC San Diego Health discloses data breach after phishing attack

    July 27, 2021

    UC San Diego Health, the academic health system of the University of California, San Diego, has disclosed a data breach after the compromise of some employees’ email accounts. UC San Diego Health is one of the nation’s best hospitals, being repeatedly ranked as the best health care system in San Diego, according to the 2021-2022 U.S. ...