Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Healthcare Data. Show all posts
U.S. healthcare
ALPHV Blackcat Ransomware Cyber Attacks Healthcare Data Ransomeware U.S. healthcare

Healthcare in Crosshairs: ALPHV/Blackcat Ransomware Threat Escalates, FBI Issues Warning

 

In a joint advisory, the FBI, CISA, and HHS have issued a stark warning to healthcare organizations in the United States about the heightened risk of targeted ALPHV/Blackcat ransomware attacks. This cautionary announcement follows a series of alerts dating back to April 2022 and underscores the severity of the threat posed by the BlackCat cybercrime gang, suspected to be a rebrand of infamous ransomware groups DarkSide and BlackMatter. 

The advisory highlights that ALPHV Blackcat affiliates have shown a notable focus on the healthcare sector. The FBI, in particular, has linked BlackCat to over 60 breaches within its first four months of activity, accumulating a staggering $300 million in ransoms from over 1,000 victims up until September 2023. Recent developments indicate a shift in BlackCat's targeting strategy, with the healthcare sector becoming a prime victim since mid-December 2023. This shift aligns with an administrator's call for affiliates to target hospitals following operational actions against the group and its infrastructure earlier that month. 

Notably, the warning coincides with a cyberattack on UnitedHealth Group subsidiary Optum, affecting Change Healthcare, a crucial payment exchange platform in the U.S. healthcare system. Although not confirmed, the attack has been linked to the BlackCat ransomware group, and sources suggest the threat actors exploited the ScreenConnect auth bypass vulnerability (CVE-2024-1709) for initial access. 

The joint advisory emphasizes the critical need for healthcare organizations, considered part of the nation's critical infrastructure, to implement robust mitigation measures against Blackcat ransomware and data extortion incidents. Authorities urge these entities to bolster cybersecurity safeguards, specifically tailored to counteract prevalent tactics, techniques, and procedures commonly employed in the Healthcare and Public Health (HPH) sector. This development underscores the evolving nature of cyber threats, especially within the healthcare landscape, and the necessity for proactive measures to safeguard sensitive patient data and critical infrastructure. 

The FBI, CISA, and HHS have shared indicators of compromise to assist organizations in identifying potential threats, emphasizing the importance of collaboration to combat the persistent and evolving threat posed by ransomware groups like BlackCat. As the healthcare sector grapples with escalating cyber risks, the advisory serves as a stark reminder of the urgent need for comprehensive cybersecurity measures, including timely patching of vulnerabilities and robust incident response plans. Organizations are encouraged to stay vigilant, collaborate with cybersecurity agencies, and prioritize the security of their networks and systems to mitigate the impact of ransomware attacks. 

The U.S. State Department's substantial rewards for information leading to the identification or location of BlackCat gang leaders underscore the severity of the threat and the government's commitment to dismantling these cybercriminal operations. In this high-stakes environment, the healthcare industry must remain resilient, continually adapting to emerging threats, and fortifying its defenses against ransomware attacks.
Read more »
U.S. Census Bureau
Artificial Intelligence Data Privacy Healthcare Healthcare Data Synthetic Data Technology U.S. Census Bureau

Synthetic Data: How Does the ‘Fake’ Data Help Healthcare Sector?


As the health care industry globally continues to collapse from staff-shortage, AI is being hailed as the public and private sector’s salvation. With its capacity to learn and perform jobs like tumor detection from scans, the technology has the potential to prevent overstress among healthcare professionals and free up their time so they can concentrate on providing the best possible treatment.

However, AI requires its data to be working perfectly in order operate efficiently. If the models are not trained properly on comprehensive, objective, and high-quality data, it could lead to insufficient outcomes. This way, AI has turned out to be lucrative aspect for healthcare institutions. However, it is quite challenging for them to gather and use information while also adhering to privacy and confidentiality regulations because of the sensitivity of the patient data involved.

This is where the idea of ‘synthetic data’ come into play. 

Synthetic Data

The U.S. Census Bureau defines synthetic data as artificial microdata that is created with computer algorithms or statistical models to replicate the statistical characteristics of real-world data. It can supplement or replace actual data in public health, health information technology, and healthcare research, sparing companies the headache of obtaining and utilizing real patient data.

One of the reasons why synthetic data is preferred over the real-world information is the privacy it provides. 

Synthetic data is created in a way that maintains the dataset's analytical usefulness while replacing any personally identifying information (PII) with non-identified numbers. This ensures that identities cannot be traced back to particular records or used for re-identification while facilitating the easy usage and exchange of data for internal use.

Using fake data as an alternative for PII ensures that the organizations remain true to their guidelines such as GDPR and HIPAA throughout the process. 

In addition to protecting privacy, synthetic datasets can assist save the time and money that businesses often need to spend obtaining and managing real-world data using conventional techniques. Without needing businesses to enter into complicated data-sharing agreements, privacy legislation, or data access restrictions, they faithfully reproduce the original data.

Caution is a Must At All Stages

Even though synthetic data has a lot of advantages over real data, it should never be treated carelessly.

For example, the output may be less dependable and accurate than anticipated and could have an impact on downstream applications if the statistical models and algorithms being used to generate the data are faulty or biased in any manner. In a similar vein, a malicious actor could be able to re-identify the data if it is only partially safeguarded.

Such case can happen if the synthetic data include outliners and unique data points, such as a rare disease found in a small number of records. It may be connected to the original dataset with ease. Re-identifying records in the synthetic data can also be accomplished by adversarial machine learning techniques, particularly in cases where the attacker has access to both the generative model and the synthetic data.

These situations can be avoided by using techniques like differential privacy – to add noise to the data – and disclosure control in the generation process in order to add alteration and perturbation of the information. 

Generating synthetic data could be tricky and may as well result in compromise of transparency and reproducibility. Researchers and teams are thus advised to take the aforementioned approach without running the same risks, and constantly seek to document and share the procedures used to produce synthetic data.  

Read more »
Ransomware attack
ALPHV Blackcat Ransomware BlackCat Data Breach Healthcare Data Henry Schein Ransomware attack

Henry Schein Data Breach: Healthcare Giant Reports Second Attack in Two Months


U.S. based healthcare company Henry Schein has confirmed another cyberattack this month conducted by threat actor ‘BlackCat/ALPHV’ ransomware gang. The company was previously attacked by the same group in October. 

Henry Schein

Henry Schein is a Fortune 500 healthcare products and services provider with operations and affiliates in 32 countries, with approximately $12 billion in revenue reported in 2022. 

It first made public on October 15 that, following a cyberattack the day before, it had to take some systems offline in order to contain the threat.

On November 22, more than a month later, the company announced that parts of its apps and the e-commerce platform had once more been taken down due to another attack that was attributed to the BlackCat ransomware.

"Certain Henry Schein applications, including its ecommerce platform, are currently unavailable. The Company continues to take orders using alternate means and continues to ship to its customers," the announcement said.

"Henry Schein has identified the cause of the occurrence. The threat actor from the previously disclosed cyber incident has claimed responsibility."

Today, the company released a statement, noting that it has restored its U.S. e-commerce platform and that it is expecting its platforms in Canada and Europe to be back online shortly. 

The healthcare services company is apparently still taking orders through alternate methods and distributing them to customers in the affected areas.

Henry Schein’s BlackCat Breach

Following the breach, the ransomware gang BlackCat added Henry Schein to its dark web leak forum, taking responsibility for breaching the company’s network. BlackCat notes that it has stolen 35 terabytes of the company’s crucial data. 

The cybercrime organization claims that they re-encrypted the company's devices while Henry Schein was about to restore its systems, following a breakdown in negotiations toward the end of October.

This would make the event this month the third time that BlackCat has compromised Henry Schein's network and encrypted its computers after doing so on October 15.

"Despite ongoing discussions with Henry's team, we have not received any indication of their willingness to prioritize the security of their clients, partners, and employees, let alone protect their own network," the threat actors said.

The ransomware group further warned of releasing their internal payroll data and shareholder folders to their collective blog by midnight. 

Initially discovered in November 2021, BlackCat is believed to have rebranded itself from the popular DarkSide/BlackMatter gang. DarkSide has earlier gained global recognition by initiating attacks on Colonial Pipelines, prompting extensive law enforcement probes.

Moreover, the FBI has linked the ransomware group to over 60 breaches, between November 2021 and March 2022, affecting companies globally.  

Read more »
User Privacy
Confidential Data Data Breach Data protection Healthcare Data Protocols unauthorised access United States User Data User Privacy

Welltok Data Breach: 8.5 Million U.S. Patients' Information Compromised

The personal data of 8.5 million American patients was at risk due to a data breach that occurred recently at Welltok, a well-known supplier of healthcare solutions. Since cybersecurity specialists found the intrusion, the organization has been attempting to resolve the issue and minimize any possible harm.

According to reports from Bleeping Computer, the breach has exposed a vast amount of sensitive data, including patients' names, addresses, medical histories, and other confidential information. This breach not only raises concerns about the privacy and security of patient data but also highlights the increasing sophistication of cyber threats in the healthcare sector.

Welltok has promptly responded to the incident, acknowledging the breach through a notice posted on their official website. The company has assured affected individuals that it is taking necessary steps to investigate the breach, enhance its security measures, and collaborate with law enforcement agencies to identify the perpetrators.

The impact of this breach extends beyond the United States, as reports from sources suggest that the compromised data includes patients from various regions. This global reach amplifies the urgency for international cooperation in addressing cyber threats and fortifying data protection measures in the healthcare industry.

Cybersecurity analysts estimate that the breach may have affected up to 11 million patients, emphasizing the scale and severity of the incident. The potential consequences of such a breach are far-reaching, ranging from identity theft to unauthorized access to medical records, posing serious risks to individuals' well-being.

This incident underscores the critical need for organizations, especially those handling sensitive healthcare data, to continuously assess and strengthen their cybersecurity protocols. As technology advances, so do the methods employed by malicious actors, making it imperative for companies to stay vigilant and proactive in safeguarding the privacy and security of their users.

The ongoing risks to the healthcare sector are brought home sharply by the Welltok data hack. The company's efforts to stop the breach and safeguard the impacted parties serve as a reminder of the larger difficulties businesses encounter in preserving the confidentiality of sensitive data in the increasingly linked digital world.

Read more »
TechCrunch
Data Breach Digital healthcare system Healthcare cybersecurity Healthcare Data Sensitive Information TechCrunch

Truepill Data Breach: Navigating Healthcare's Digital Security Crisis

The recent Truepill data breach has generated significant questions regarding the security of sensitive patient data and the vulnerability of digital platforms in the rapidly changing field of digital healthcare.

The breach, reported by TechCrunch on November 18, 2023, highlights the exposure of millions of patients' data through PostMeds, a pharmacy platform relying on Truepill's services. The scope of the breach underscores the urgency for healthcare organizations to reevaluate their cybersecurity protocols in an era where digital health is becoming increasingly integrated into patient care.

Truepill, a prominent player in the digital health space, has been a key facilitator for various healthcare startups looking to build or buy telehealth infrastructure. The incident prompts a reassessment of the risks associated with outsourcing healthcare services and infrastructure. As explored in a TechCrunch article from May 17, 2021, the decision for startups to build or buy telehealth infrastructure requires careful consideration of the potential security implications, especially in light of the Truepill breach.

One striking revelation from the recent breach is the misconception surrounding the Health Insurance Portability and Accountability Act (HIPAA). Contrary to popular belief, as noted by Consumer Reports, HIPAA alone does not provide comprehensive protection for medical privacy. The article highlights the gaps in the current legal framework, emphasizing the need for a more robust and nuanced approach to safeguarding sensitive healthcare data.

The Truepill data breach serves as a wake-up call for the entire healthcare ecosystem. It underscores the importance of continuous vigilance, stringent cybersecurity measures, and a comprehensive understanding of the evolving threat landscape. Healthcare providers, startups, and tech companies alike must prioritize the implementation of cutting-edge security protocols to protect patient confidentiality and maintain the trust that is integral to the doctor-patient relationship.

As the digital transformation of healthcare accelerates, the industry must learn from incidents like the Truepill data breach. This unfortunate event should catalyze a collective effort to fortify the defenses of digital health platforms, ensuring that patients can confidently embrace the benefits of telehealth without compromising the security of their sensitive medical information.

Read more »
US Healthcare
Cyber Attacks cybersecurity research Healthcare Data Healthcare organizations Proofpoint US Healthcare

88% of Healthcare Organizations Have Suffered a Cybersecurity Incident in Past Year


Organizations included in the healthcare sector, like hospitals and clinics, have struggled with a series of cyberattacks in recent years, resulting in their inability to provide even the minimum services because of computer outages and loss of important files in the data breaches.

In a recent report published on Wednesday by research conducted by Proofpoint, an email security company, around 90% of healthcare organizations have experienced at least one cybersecurity incident in the past year. 

In the past two years, more than half of the healthcare organizations have reported to have experienced an average of four ransomware attacks. 68% of the organizations surveyed noted that the attacks “negatively impacted patient safety and care.”

The aforementioned report conducted by Proofpoint includes a survey of more than 650 IT and cybersecurity professionals in the US healthcare sector, highlighting the healthcare sector's ongoing susceptibility to common attack methods. It occurs as the Cybersecurity and Infrastructure Security Agency works to provide greater assistance to small, rural hospitals that are underfunded and wilting under constant cyberattacks.

As healthcare organizations struggle to find alternatives to their outdated technology so they can keep providing services, these efforts are using up more and more of their resources. Between 2022 and 2023, the cost of the time spent minimizing the attacks' consequences on patient care rose by 50%, from around $660,000 to $1 million.

In the case of ransomware assault in hospital systems, where computer networks shut down, the impact is rapid and extensive. 

Stephen Leffler, president and chief operating officer of the University of Vermont Medical Center, spoke about how a ransomware assault in October 2020 brought about a catastrophe at his facility during a congressional hearing in September. For 28 days, senior physicians had to train junior physicians on how to use paper records as the National Guard assisted the IT department in a round-the-clock operation to wipe and reconfigure every computer in the network.

Leffler remarked, "We literally went to Best Buy and bought every walkie-talkie they had." This was due to their internet-based phone system being offline. Between 2022 and 2023, the cost of patient care grew by 50%, from about $660,000 to $1 million.

Leffler, who has been an emergency medicine doctor for 30 years, further commented “I've been a hospital president for four years. The cyberattack was much harder than the pandemic by far.” 

Read more »
Unauthorized access
Data Breach Encryption Financial Data Firewalls Healthcare Healthcare Data Identity Theft Sensitive Information Unauthorized access

McLaren Health Data Breach

McLaren Health Care, a major healthcare provider, was hit by a ransomware attack. This type of cyberattack encrypts a victim's data and demands a ransom to decrypt it. The hackers stole sensitive patient data and threatened to release it if McLaren didn't pay them. This incident highlights the need for strong cybersecurity measures in the healthcare industry.

Residents received messages from McLaren Health Care on October 6, 2023, alerting them to the cyber threat that had put patient data confidentiality at risk. This incident serves as a sobering reminder of the growing cyber threats facing healthcare organizations around the world.

Ransomware attacks involve cybercriminals encrypting an organization's data and demanding a ransom for its release. In this case, McLaren Health Care's patient data is at stake. The attackers aim to exploit the highly sensitive nature of healthcare information, which includes medical histories, personal identification details, and potentially even financial data.

The implications of this breach are far-reaching. Patient trust, a cornerstone of healthcare, is at risk. Individuals rely on healthcare providers to safeguard their private information, and breaches like this erode that trust. Furthermore, the exposure of personal medical records can have severe consequences for individuals, leading to identity theft, insurance fraud, and emotional distress.

This incident emphasizes the urgency for healthcare organizations to invest in state-of-the-art cybersecurity measures. Robust firewalls, up-to-date antivirus software, regular security audits, and employee training are just a few of the essential components of a comprehensive cybersecurity strategy.

Additionally, there should be a renewed emphasis on data encryption and secure communication channels within the healthcare industry. This not only protects patient information but also ensures that in the event of a breach, the data remains unintelligible to unauthorized parties.

Regulatory bodies and governments must also play a role in strengthening cybersecurity in the healthcare sector. Strict compliance standards and hefty penalties for negligence can serve as powerful deterrents against lax security practices.

As McLaren Health Care grapples with the aftermath of this attack, it serves as a powerful warning to all healthcare providers. The threat of cyberattacks is real and pervasive, and the consequences of a breach can be devastating. It is imperative that the industry acts collectively to fortify its defenses and safeguard the trust of patients worldwide. The time to prioritize cybersecurity in healthcare is now.


Read more »
User Privacy
AI Chatbot AI-Healthcare system Artificial Intelligence Cyber Security Encryption Healthcare Healthcare Data Malicious actor User Privacy

AI in Healthcare: Ethical Concerns for a Sustainable Era

Artificial intelligence (AI) is rapidly transforming healthcare, with the potential to revolutionize the way we diagnose, treat, and manage diseases. However, as with any emerging technology, there are also ethical concerns that need to be addressed.

AI systems are often complex and opaque, making it difficult to understand how they work and make decisions. This lack of transparency can make it difficult to hold AI systems accountable for their actions. For example, if an AI system makes a mistake that harms a patient, it may be difficult to determine who is responsible and what steps can be taken to prevent similar mistakes from happening in the future.

AI systems are trained on data, and if that data is biased, the AI system will learn to be biased as well. This could lead to AI systems making discriminatory decisions about patients, such as denying them treatment or recommending different treatments based on their race, ethnicity, or socioeconomic status.

AI systems collect and store large amounts of personal data about patients. This data needs to be protected from unauthorized access and use. If patient data is compromised, it could be used for identity theft, fraud, or other malicious purposes.

AI systems could potentially make decisions about patients' care without their consent. This raises concerns about patient autonomy and informed consent. Patients should have a right to understand how AI is being used to make decisions about their care and to opt out of AI-based care if they choose.

Guidelines for Addressing Ethical Issues:

  • Transparency: Healthcare organizations should be transparent about how they are using AI and what data is being collected. They should also provide patients with clear information about how AI is being used to make decisions about their care. This information should include the potential benefits and risks of AI-based care, as well as the steps that the organization is taking to mitigate risks.
  • Accountability: There needs to be clear accountability mechanisms in place for AI systems. This may involve developing ethical guidelines for the development and use of AI in healthcare, as well as mechanisms for reviewing and auditing AI systems.
  • Bias and discrimination: Healthcare organizations should take steps to mitigate bias in their AI systems. This may involve using diverse training data sets, developing techniques to identify and mitigate bias, and conducting regular audits to ensure that AI systems are not making discriminatory decisions.
  • Privacy and security: Healthcare organizations need to implement strong data security measures to protect patient data from unauthorized access and use. This may involve using encryption, access controls, and audit trails.
  • Autonomy and informed consent: Healthcare organizations should obtain patient consent before using AI to make decisions about their care. Patients should also have the right to opt out of AI-based care if they choose.

In addition to the aforementioned factors, it's critical to be mindful of how AI could exacerbate already-existing healthcare disparities. AI systems might be utilized, for instance, to create novel medicines that are only available to wealthy patients. Alternatively, AI systems might be applied to target vulnerable people for the marketing of healthcare goods and services.

Regardless of a patient's socioeconomic level, it is critical to fight to ensure that AI is employed in a way that helps all patients. Creating laws and programs to increase underserved people's access to AI-based care may be necessary for this.
Read more »
Privacy Regulations
Advertising Laws Geofencing Healthcare Data Privacy Privacy Regulations

New York's Geofencing Ban: A Game Changer for Advertisers


The New Law on Geofencing

New York has recently passed a new provision in its state budget that prohibits advertisers from geofencing healthcare facilities. This law, which was passed in May, has made it increasingly difficult for advertisers who want to use location or healthcare data to maintain performance while still abiding by the law.

Under this new law, corporations are prohibited from creating a geofence within 1,850 feet of hospitals in New York state to deliver an advertisement, build consumer profiles, or infer health status. This means that advertisers can no longer target ads based on the location of potential customers near healthcare facilities.

Implications for Advertisers

The implications of this law are far-reaching, particularly because of how densely packed New York City is. Theoretically, an advertiser could geofence around another business that is proximate to a health care facility and still fall within the law’s prohibited radius, even if the advertiser had no interest in healthcare.

The law defines healthcare facilities as any governmental or private entity providing medical care or services, which could encompass many establishments on a New York City block. 

This means that many businesses could potentially fall within the prohibited radius, making it difficult for advertisers to target their ads effectively.

The Future of Advertising and Healthcare Data

This legislation comes at a time when the federal government is also scrutinizing how businesses use healthcare data for advertising. As privacy concerns continue to grow, we can expect more regulations like this in the future. 

Advertisers will need to adapt their strategies and find new ways to reach their target audience without infringing on privacy laws.

New York's ban on geofencing near health care facilities is a significant development in the advertising industry. It highlights the increasing importance of privacy and the need for advertisers to adapt their strategies accordingly. 

As we move forward, it will be interesting to see how this law impacts advertising strategies and whether other states will follow suit.

Read more »
Software
AI-Healthcare system Artificial Intelligence Cyber Security database Google Healthcare Data Software

AI Surpasses Humans in Odor Identification

Artificial intelligence (AI) has reached another milestone in its quest to mimic human sensory perception. Recent breakthroughs in AI technology have demonstrated its ability to identify odors with remarkable precision, surpassing the capabilities of human noses. This development promises to revolutionize various industries, from healthcare to environmental monitoring.

Researchers from a Google startup have unveiled an AI system that can describe smells more accurately than humans. This innovative technology relies on machine learning algorithms and a database of molecular structures to discern and articulate complex scent profiles. The system's proficiency is not limited to simple odors; it can distinguish between subtle nuances, making it a potential game-changer in fragrance and flavor industries.

One of the key advantages of AI in odor identification is its ability to process vast amounts of data quickly. Human olfaction relies on a limited number of odor receptors, while AI systems can analyze a multitude of factors simultaneously, leading to more accurate and consistent results. This makes AI particularly valuable in fields such as healthcare, where it can be used to detect diseases through breath analysis. AI's unmatched sensitivity to odor compounds could potentially aid in the early diagnosis of conditions like diabetes and cancer.

Moreover, AI's odor identification capabilities extend beyond the human sensory range. It can detect odors that are imperceptible to us, such as certain gases or chemical compounds. This attribute has significant implications for environmental monitoring, as AI systems can be employed to detect pollutants and dangerous substances in the air more effectively than traditional methods.

In addition to its practical applications, AI's prowess in odor identification has opened up new avenues for creative exploration. Perfumers and chefs are excited about the possibilities of collaborating with AI to design unique fragrances and flavors that were previously unimaginable. This fusion of human creativity with AI precision could lead to groundbreaking innovations in the world of scents and tastes.

However, there are ethical considerations to be addressed as AI continues to advance in this field. Questions about privacy and consent arise when AI can detect personal health information from an individual's scent. Striking the right balance between the benefits and potential risks of AI-powered odor identification will be crucial.

Read more »
Varian
Data Breach Exposed Patient Records Healthcare Data LockBit LockBit ransomware group Ransomware Gang Siemens Healthineers Varian

LockBit Attack: Ransomware Gang Threatens to Leak Cancer Patients’ Medical Data


LockBit ransomware group recently revealed its intent to leak private medical data of cancer patients, stolen in the breach on Varian Medical Systems.

Varian, a subsidiary of Siemens Healthineeres, provides software for the oncology department's applications and specializes in offering therapeutic and diagnostic oncology services. The California-based corporation has more than 10,000 employees as of 2021 and had an annual profit of £269 million. 

While it is still unclear how LockBit got access to Varian's systems or how much data was stolen, the ransomware gang warned readers of its "victim blog" that if the company did not meet their demands within two weeks, soon, its private databases and patient medical data would be made public. Apparently, Varian has until 17 August to meet the negotiation demands in order to restore their stolen data, if they wish to avoid ‘all databases and patient data’ from being exposed in LockBit’s blog. 

The attack is most likely to be a part of ‘triple extortion,’ a strategy usually used by ransomware actors. The strategy involves a three-part attack on an organization that starts with the theft of data that appears to be sensitive before it is encrypted. The corporate victim of the breach can only get their data back and keep it private if they pay a ransom, following which they will receive – in theory – a decryption key from the hackers. 

In regards to the breach, Siemens Healthineers – Varian’s parent company confirmed that an internal investigation is ongoing. However, they did not provide any further details of the breach. 

“Siemens Healthineers is aware that a segment of our business is allegedly affected by the Lockbit ransomware group[…]Cybersecurity is of utmost importance to Siemens Healthineers, and we are making every effort to continually improve our security and data privacy,” said a spokesperson.

Growing Cases of LockBit

Recent months have witnessed a good many cyberattacks conducted by LockBit against some major companies. According to a report by the US Cybersecurity and Infrastructure Security Agency, in the first quarter of 2023, the ransomware gang has already targeted 1,653 companies. They frequently repurposed freeware and open-source tools for use in network reconnaissance, remote access, tunnelling, credential dumping, and file exfiltration. 

Some examples of the LockBit hit companies would be their recent campaign against the port of Nagoya, which ossified supply chains for Japanese automobile company Toyota, and SpaceX in which the ransomware gang claims to have led to a haul of 3,000 proprietary schematics, and an attempt to extort $70 million from Taiwanese chip maker TSMC.  

Read more »
USA
Abortion Data Leak Data Privacy Laws Healthcare Data Privacy Sensitive Data Leak USA

Growing Surveillance Threat for Abortions and Gender-Affirming Care

Experts have expressed alarm about a worrying trend in the surveillance of people seeking abortions and gender-affirming medical care in a recent paper that has received a lot of attention. The research, released by eminent healthcare groups and publicized by numerous news sites, focuses light on the possible risks and privacy violations faced by vulnerable individuals when they make these critical healthcare decisions.

The report, titled "Surveillance of Abortion and Gender-Affirming Care: A Growing Threat," brings to the forefront the alarming implications of surveillance on patient confidentiality and personal autonomy. It emphasizes the importance of safeguarding patient privacy and confidentiality in all healthcare settings, particularly in the context of sensitive reproductive and gender-affirming services.

According to the report, surveillance can take various forms, including electronic monitoring, data tracking, and unauthorized access to medical records. This surveillance can occur at different levels, ranging from individual hackers to more sophisticated state-sponsored efforts. Patients seeking abortions and gender-affirming care are at heightened risk due to the politically sensitive nature of these medical procedures.

The report highlights that such surveillance not only compromises patient privacy but can also have serious real-world consequences. Unwanted disclosure of sensitive medical information can lead to stigmatization, discrimination, and even physical harm to the affected individuals. This growing threat has significant implications for the accessibility and inclusivity of reproductive and gender-affirming healthcare services.

The authors of the report stress that this surveillance threat is not limited to any specific region but is a global concern. Healthcare providers and policymakers must address this issue urgently to protect patient rights and uphold the principles of patient-centered care.

Dr. Emily Roberts, a leading researcher and co-author of the report, expressed her concern about the findings: "As healthcare professionals, we have a duty to ensure the privacy and safety of our patients. The increasing surveillance of those seeking abortions or gender-affirming care poses a grave threat to patient autonomy and trust in healthcare systems. It is crucial for us to implement robust security measures and advocate for policies that protect patient privacy."

The research makes a number of suggestions for legislators, advocacy groups, and healthcare professionals to address the growing issue of monitoring. To ensure the secure management of patient information, it urges higher funding for secure healthcare information systems, stricter data security regulations, and better training for healthcare staff.

In reaction to the findings, a number of healthcare organizations and patient advocacy groups have banded together to spread the word about the problem and call on lawmakers to take appropriate action. They stress the significance of creating a healthcare system that respects patient autonomy and privacy, irrespective of the medical treatments they require.

As this important research gets more attention, it acts as a catalyst for group effort to defend patient rights and preserve the privacy of those seeking abortions and gender-affirming care. Healthcare stakeholders may cooperate to establish a more egalitarian, secure, and compassionate healthcare environment for all patients by tackling the growing surveillance threat.

Read more »
Sensitive Data Leak
Cyber Security Healthcare Healthcare Data Sensitive Data Leak

Growing Demand for Healthcare Cybersecurity Specialists

The healthcare sector is increasingly depending on technology to better patient care and increase operational efficiency in today's quickly evolving digital environment. Cybersecurity dangers are a major worry that comes with this digital transition. The demand for qualified cybersecurity specialists grows more critical than ever as healthcare organizations use digital systems and medical devices. Leading magazines and industry experts have noted that the demand for these specialists is expected to soar in the upcoming years.

Healthcare cybersecurity experts are predicted to experience an extraordinary rise in demand, according to a recent Forbes article. The paper highlights the urgent need for specialists who can secure linked medical equipment, safeguard essential healthcare infrastructure, and protect sensitive patient data. The potential hazards and vulnerabilities increase as healthcare systems grow more networked and reliant on digital technologies.

The World Economic Forum acknowledges the critical role of data in improving healthcare, but it also emphasizes the importance of robust cybersecurity measures. The integration of data analytics and artificial intelligence in healthcare presents immense potential for optimizing patient outcomes. However, it also introduces new avenues for cyberattacks, underscoring the necessity for skilled professionals who can counteract these threats effectively.

Government entities, such as the U.S. Department of Health and Human Services (HHS), have recognized the rising threat of cyberattacks in the healthcare sector. The HHS Cybersecurity Task Force has recently released new resources to address this challenge. In their official statement, the task force emphasizes the need for proactive cybersecurity measures and acknowledges the critical role of healthcare cybersecurity specialists in protecting patient data and ensuring public health safety.

The growing need for healthcare cybersecurity experts is also discussed in the Journal of the American Medical Association (JAMA). The essay emphasizes the need for professionals who can reduce these dangers while highlighting how susceptible medical devices are to cyberattacks. The potential repercussions of a cybersecurity attack in the healthcare industry are worrisome given how linked and dependent on network connectivity medical devices are becoming.

The U.S. Bureau of Labor Statistics (BLS) forecasts that this profession will increase at a rate that is significantly faster than average given the growing demand for healthcare cybersecurity experts. According to the BLS, cybersecurity will experience a 31% increase in employment between 2019 and 2029, making it one of the industries with the greatest growth. The ever-increasing reliance on technology across industries, including healthcare, is blamed for this development.

The Food and Drug Administration (FDA) also recognizes the importance of medical device cybersecurity. In a consumer update, the FDA highlights the risks associated with medical device vulnerabilities and advises healthcare organizations to prioritize cybersecurity measures. This reinforces the need for healthcare cybersecurity specialists who possess the expertise to protect medical devices and ensure patient safety.

Read more »
User Privacy
Apps Cybersecurity Digital healthcare system Healthcare Data Sensitive Data Leak User Privacy

Fear Grip Users as Popular Diabetes App Faces Technical Breakdown

 A widely used diabetes management software recently experienced a serious technical failure, stunning the users and leaving them feeling angry and scared. The software, which is essential for assisting people with diabetes to monitor and manage their blood sugar levels, abruptly stopped functioning, alarming its devoted users. Concerns regarding the dependability and security of healthcare apps as well as the possible repercussions of such failures have been raised in response to the occurrence.

According to reports from BBC News, the app's malfunctioning was first brought to light by distressed users who took to social media platforms to express their frustration. The app's sudden failure meant that users were unable to access critical features, including blood glucose monitoring, insulin dosage recommendations, and personalized health data tracking. This unexpected disruption left many feeling vulnerable and anxious about managing their condition effectively.

The Daily Mail highlighted the severity of the situation, emphasizing how the app's failure posed a potential threat to the lives of its users. Many individuals with diabetes rely on the app to regulate their insulin levels, ensuring they maintain stable blood sugar readings. With this vital tool out of commission, users were left in a state of panic, forced to find alternative methods to track their glucose levels and administer appropriate medication.

The incident has triggered an outpouring of anger and fear from the affected users, who feel let down by the app's developers. One user expressed their frustration, stating, "I have come to depend on this app for my daily diabetes management. Its sudden breakdown has left me feeling helpless and anxious about my health." Others echoed similar sentiments, emphasizing the app's importance in their daily routines and the detrimental impact of its sudden unavailability.

The situation has also raised broader concerns regarding the reliability and security of healthcare apps. As these digital tools increasingly become a fundamental part of managing chronic conditions, their dependability and robustness are of paramount importance. This incident serves as a reminder of the potential risks associated with relying solely on technology for critical health-related tasks.

Furthermore, the incident sheds light on the need for developers to prioritize thorough testing and regular maintenance of healthcare apps to prevent such disruptions. App developers and healthcare providers must collaborate closely to ensure the seamless functioning of these tools, considering the impact they have on the well-being of individuals with chronic conditions.

Read more »
Web Services
AI tools Artificial Intelligence Chatbots Cyber Security Healthcare Data Oracle Web Services

Oracle and Cohere Collaborate for New Gen AI Service

 

During Oracle's recent earnings call, company founder Larry Ellison made an exciting announcement, confirming the launch of a new generation AI service in collaboration with Cohere. This partnership aims to deliver powerful generative AI services for businesses, opening up new possibilities for innovation and advanced applications.

The collaboration between Oracle and Cohere signifies a strategic move by Oracle to enhance its AI capabilities and offer cutting-edge solutions to its customers. With AI playing a pivotal role in transforming industries and driving digital transformation, this partnership is expected to strengthen Oracle's position in the market.

Cohere, a company specializing in natural language processing (NLP) and generative AI models, brings its expertise to the collaboration. By leveraging Cohere's advanced AI models, Oracle aims to empower businesses with enhanced capabilities in areas such as text summarization, language generation, chatbots, and more.

One of the key highlights of this collaboration is the potential for businesses to leverage the power of generative AI to automate and optimize various processes. Generative AI has the ability to create content, generate new ideas, and perform complex tasks, making it a valuable tool for organizations across industries.

The joint efforts of Oracle and Cohere are expected to result in the development of state-of-the-art AI models that can revolutionize how businesses operate and innovate. By harnessing the power of AI, organizations can gain valuable insights from vast amounts of data, enhance customer experiences, and streamline operations.

This announcement comes in the wake of Oracle's recent acquisition of Cerner, a healthcare technology company, further solidifying Oracle's commitment to revolutionizing the healthcare industry through advanced technologies. The integration of AI into healthcare systems holds immense potential to improve patient care, optimize clinical processes, and enable predictive analytics for better decision-making.

As the demand for AI-powered solutions continues to rise, businesses are seeking comprehensive platforms that can deliver sophisticated AI services. With Oracle and Cohere joining forces, organizations can benefit from an expanded suite of AI tools and services that can address a wide range of industry-specific challenges.

The collaboration between Oracle and Cohere highlights the growing importance of AI in driving innovation and digital transformation across industries. As businesses increasingly recognize the value of AI, partnerships like this one are crucial for pushing the boundaries of what AI can achieve and bringing advanced capabilities to the market.

The partnership between Oracle and Cohere signifies a significant step forward in the realm of AI services. The collaboration is expected to deliver powerful generative AI solutions that can empower businesses to unlock new opportunities and drive innovation. With Oracle's expertise in enterprise technology and Cohere's proficiency in AI models, this collaboration holds great promise for businesses seeking to leverage the full potential of AI in their operations and strategies.
Read more »
Technology
Artificial Intelligence Cyberattacks Healthcare Data Meta Platforms Technology

Changing Methods of Tracking and Sharing Healthcare Data

 


As artificial intelligence (AI) becomes more and more prevalent in healthcare, there is a growing need to manage its development, as rapidly. Private companies and organizations own and control AI technologies. Because of the way artificial intelligence is implemented, corporations, clinics, and government bodies could be required to play a much larger role in determining what health information is gathered, utilized, and protected about patients than is typical under traditional circumstances. There are privacy concerns associated with data security and the implementation of this method that need to be considered. 

Earlier this year, a patient from Baltimore, Maryland-based MedStar Health System, filed a lawsuit against Meta Platforms, seeking damages on behalf of the entire group of patients who were injured due to the company's practices in the U.S. The Northern District of California is the court responsible for hearing the cases. 

A plaintiff in the class action lawsuit alleged that Meta, the parent company of Facebook, was using Pixel tracking technology to sneak into hospitals' and health systems' websites and portals to track patients' information. As of now, Meta has been sued by at least two more class action lawsuits alleging that the company improperly collected information about its customers. 

As well as several major health systems having been named as defendants (Dignity Health, UCSF) or have faced lawsuits against them (Northwestern Memorial Hospital) for alleged misuse or misconfiguration of the Pixel tool, several of the major health systems in the country have also been named as co-defendants. 

Multiple recent studies have revealed that third-party tracking occurs on nearly all hospital websites, which reinforces recent media coverage of the increasing number of consumers who are losing privacy when they browse online to find health information. 

As it turns out, nearly all U.S. hospital website visitors who provide their contact information have the option of sharing potentially sensitive medical information with tech companies, data brokers, and advertising firms, according to a recent analysis of Health Affairs published by the University of Pennsylvania. 

As a first set of concerns, one is the complexity of accessing, using, and having control over patient data under private ownership. In some recent public-private partnerships for the implementation of artificial intelligence, privacy has been poorly protected, leading to poor results. The research using big data for health purposes has been criticized thus far due to a lack of systematic oversight of the research. To protect patient privacy and other rights, appropriate safeguards must be implemented. A structural incentive should be provided to private custodians of data to prevent the unauthorized use of these data. This should deter the use of these data in alternative ways. 

Moreover, another concern about AI-driven methods is the possibility that they could expose people's private information to external threats. New algorithms have been developed that have successfully reidentified such data in the absence of any tools for deidentification or anonymization and therefore this capability may be compromised or even made null and void. 

Under a private custodianship, the risk of data exposure to unauthorized persons could rise significantly. 

As a result of these developments, hospitals and health systems now have to ask themselves some questions regarding the design of their websites and apps, and how third parties may, either inadvertently or not, put patients' protected health information at risk through the use of these tools. 

This missive from January 2014 contains Frances' full name, along with the revelation that she has a genital wart and human papillomavirus. This is a sexually transmitted disease associated with genital warts and cancer. Moreover, the letter also contained her date of birth and ended with a plea to friends asking them to help expose this hoe. 

The following day, Frances, who had lived near her high school pals but had been dating for a short time, was told by a friend that the former friend who lived nearby had shared a secret that only she and a former boyfriend knew about. 

Frances was treated at the local hospital where the Facebook poster worked as a patient care technician, but they were no longer friends after Frances had been treated there. 

The hospital responded to Frances' complaint by sending her a letter of apology in March 2014 after Frances complained to a nurse supervisor at the hospital. In the letter, the company stressed that it takes these sorts of situations very seriously. Despite not specifying what actions were taken, "We took action according to our policies and procedures," they said.

As far as the disclosures to Meta/Facebook are concerned, what is truly concerning is not so much the sharing of their data, but that their data may be shared broadly and for advertising and tracking purposes without their consent or knowledge, which is what concerns the majority of people. 

Under HIPAA, covered entities, including certain providers and insurance plans, as well as certain business associates/vendors, are required to adhere to certain privacy and security regulations, as well as to respect the rights of individuals. It also establishes certain requirements regarding the privacy and security of health information. 

Patients must be notified of the use and disclosure of their personal health information. In addition, the organization obtains valid authorization for certain types of use and disclosures. It requires certain assurances before sharing PHI with vendors. These standards also require organizations to provide patients with information about how their PHI may be used and disclosed. 

The Executive Order, which was issued earlier this summer, also requires the Department of Health and Human Services to consider actions and guidance to strengthen security and privacy protections for reproductive healthcare providers specifically. Organizations should focus on the current legislation, rules, and risks that apply today. However, they should also pay close attention to what is being discussed in the legislature and the enforcement actions being taken.
Read more »
US Department of Health and Human Services
Cerebral Cerebral Data Breach Data Breach Data exposed Healthcare Data HIPAA telehealth US Department of Health and Human Services

Telehealth Startup Reveals Exposing Private Data of Millions of its Patients


Telehealth startup, Cerebral, which specializes in mental health has recently revealed that it has exposed its patients’ private information that includes mental health assessments. 

This data of more than 3.1 million patients in the US has apparently been shared with advertisers and social media giants like Facebook, Google, and TikTok. 

In a notice published on the company’s website, it addressed the case, admitting to having exposed patient data from as far back as October 2019 by the tracking technologies it had been utilizing. 

The telehealth startup came to light in the wake of the COVID-19 pandemic, after the online-only virtual health services came into culture due to lockdown, disclosing the security lapse in its system at the time. 

In a filing with the federal government, pertaining to the security lapse, the company revealed that it has shared personal and health-related information of patients who were attempting to seek therapy or other mental health care service via their app. 

The collected and distributed data includes information like names, phone numbers, email addresses, dates of birth, IP addresses, and other demographic data. In addition to data obtained from Cerebral's online mental health self-assessment, which may also have included the services that the patient chose, assessment responses, and other related health information was also there.

Reportedly, Cerebral was using trackers and other data-collecting programmes that the company included in its apps to share patient data with digital giants in real time. 

In most cases, it has been observed that online users have no idea if they are opting into the tracking options in these apps, and simply accept the app’s terms of use and privacy policies, which they clearly do not read. 

According to Cerebral, the data could vary from patient to patient based on different factors, like “what actions individuals took on Cerebral’s Platforms, the nature of the services provided by the Subcontractors, the configuration of Tracking Technologies,” and more. The company added that it will notify the affected users, regardless of “how an individual interacted with the Cerebral’s platform.” 

Moreover, it claims that nothing such as the patient’s social security, credit card credentials, or bank account information has been exposed. Following the data breach in January, the company says it has “disabled, reconfigured, and/or removed any of the tracking pixels on the platform to prevent future exposures, and has enhanced its information security practices and technology vetting processes.” 

It added that the company has terminated the tracking code from its apps. However, the tech giants are under no obligation in taking down the exposed data that Cerebral has shared. 

Taking into account the way Cerebral manages sensitive patient information, it is being protected by the HIPAA health privacy regulation in the United States. The U.S. Department of Health and Human Services, which supervises and enforces HIPAA, has compiled a list of health-related security violations under investigation. Cerebral's data leak is the second-largest compromise of health data in 2023.  

Read more »
User Privacy
Data Breach Data Leak Healthcare Data Healthcare Firm Ransomware attack User Privacy

Ransomware Group Siphons Data of 1 Million Patients Using a New Zero-Day Flaw

 

One of the biggest healthcare organisations in the United States, Community Health Systems (CHS), has acknowledged this week that they had been the target of a cyberattack. In a recent ransomware attack, hackers gained access to the protected and personal health information of up to 1 million individuals. Tennessee is the home of CHS, which operates 80 hospitals across 16 states. 

GoAnywhere MFT, a well-known file transfer programme created by Fortra (formerly HelpSystems), which enables big businesses to share data safely, is to blame for the data breach. According to CHS, Fortra just informed them of a security incident that led to the unapproved disclosure of patient data. 

In a filing with government officials on February 13, Community Health Systems revealed the hack. As noted by TechCrunch, this is Community Health Systems' second recent data breach involving patient information.

The newly discovered zero-day vulnerability was used in a hacking campaign by the Russian-affiliated ransomware cybercrime outfit Clop. Almost a hundred businesses utilising the Fortra software, including CHS, are said to have been compromised.

CVE-2023-0669 is the official tracking number for the zero-day flaw in Fortra's GoAnywhere software, which was first discovered on February 2 by security expert Brian Krebs. Because Fortra's website at the time was not publicly accessible, Krebs posted the vulnerability report on his Mastodon account. 

The University of Colorado, Kroger, Morgan Stanley, and Qualys are just a few of the public institutions and commercial targets that the Clop ransomware group has previously targeted. 

In the medical field, ransomware can occasionally but severely result in fatal outcomes, especially in a large, multi-state hospital unit. A patient lost their life in September 2020 at Düsseldorf University Hospital in Germany as a result of a ransomware outbreak that prevented emergency surgery. 

Using cryptocurrency transactions as a means of payment for the decryption of victims' data, ransomware has grown into a multi-billion dollar criminal industry.
Read more »
Subscribe to: Posts (Atom)