Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Healthcare Industry. Show all posts
User Privacy
California Cyber Attacks Healthcare Industry Patient Info Ransomware attack User Privacy

Ransomware Actors' Recent Rhysida Attacks Highlight a Rising Threat on HealthCare Institutions

 

The threat organisation behind for the rapidly expanding Rhysida ransomware-as-a-service operation has claimed responsibility for an Aug. 19 attack that disrupted systems at Singing River Health System, one of Mississippi's leading healthcare facilities. 

The attack comes on the heels of one in August against California's Prospect Medical Holdings, which affected 16 hospitals and more than 160 clinics across the country. The extensive nature of the incident caused the Health Sector Cybersecurity Coordination Centre to issue a notice to other organisations in the industry. 

Fatal attack

The attack on Singing River impacted three hospitals and ten clinics in the system, and it is expected to solidify Rhysida's reputation as a growing threat to healthcare organisations in the United States. It's also a reminder of the growing interest in the sector from ransomware perpetrators, who pledged early in the COVID-19 outbreak not to target hospitals or other healthcare facilities. 

Check Point Software's threat intelligence group manager, Sergey Shykevich, who is tracking the Rhysida operation, says he can confirm the Rhysida group has disclosed only a small portion of data allegedly belonging to Singing River on its leak disclosure site. 

The gang has stated that it is willing to sell all of the data it has acquired from the healthcare system for 30 Bitcoin, which is approximately $780,000 at today's pricing. "We sell only to one hand, no reselling, you will be the sole owner," the group stated in a Facebook post. 

After debuting in May and quickly establishing itself as a serious threat in the ransomware world, Rhysida—named after a kind of centipede—has gained widespread attention. The group first targeted organisations in the government, managed service provider, education, manufacturing, and technology sectors. The threat group entered the healthcare industry with its attack on Prospect. 

Earlier this year, when looking into a ransomware attack on a university, Check Point first came across Rhysida. The threat actor's tactics, techniques, and procedures were examined by the security vendor, who found similarities between them and the TTPs of Vice Society, another extremely active threat actor that has been focusing on the health and education sectors since at least 2021. 

Lucrative target

The expansion of the Rhysida operation into the field of healthcare shows how significant the sector is to threat actors. Healthcare organisations offer a real gold mine of personal identity and health information that can be profited from in a variety of ways for individuals with illicit motives. 

Threat actors are also aware that health organisations are more willing to pay a ransom to bargain their way out of an attack and prevent disruptions that could impair their ability to deliver patient care.

"Attacks on healthcare providers have two main significant implications," Shykevich explained. "The hospital's ability to provide basic services to its patients and [on] the patients' sensitive data. Following such cyberattacks, the data quickly makes its way to Dark Web markets and forums." 

This attack is simply one of many ransomware and other types of incidents that have targeted healthcare organisations this year. The attacks uncovered a total of more than 41 million records in the first half of 2023 alone. According to data maintained by the Office for Civil Rights of the US Department of Health and Human Services, the organisation is now looking into more than 440 incidents that healthcare organisations reported during the first eight months of this year.
Read more »
User Privacy
Australia Data Breach Data hack Healthcare Industry User Privacy

Why Australian Healthcare Industry is Becoming a Lucrative target for Cyber Criminals

 

Data breaches are rising across Australia’s healthcare industry faster than many others. Hackers are lured by healthcare’s large attack surface, which includes sensitive and time-critical information. 

According to the latest research from Darktrace, cyber-attacks targeting the health and social care sector in Australia doubled in 2021 compared with data from 2020, and the industry is still the most attacked in Australia in 2022. 

Over the past month, Australians learned the scale of two major health data breaches, with some patients' private data — including bank details and test results — published on the dark web. 

Last week on Thursday, pathology firm Australian Clinical Labs (ACL) disclosed its subsidiary Medlab, which carries out COVID-19 testing and other services, suffered a data breach eight months ago in February and since then it had discovered the data of 223,000 individuals were stolen. 

The same week, Medibank Private also revealed had accessed the data of at least 4 million customers, including their health claims. 

Why hackers are targeting healthcare?


The goal behind the Optus breach in September was crystal clear as it was a human error. The hack exposed the data of nearly 10 million Australians, including driver’s licenses and passport numbers. 

But the data stolen in the Medibank and Medlab hacks is more private and includes test results and diagnostic details. 

According to Peter Lewis, director of the Centre for Responsible Technology, whose data was siphoned in both the telco and Medibank Private breaches, health sector criminals are launching attacks to blackmail people, damage the firms’ reputations, or sell on the vast pools of data to other hackers. 

"There is the sense that they may try and blackmail people," he says. There is sensitive information out there, but I don’t know if that’s the game. The second is to do damage to the organization that they’ve hacked so it is potential for more damaging to Medibank than it is to any individual. But thirdly, it is true that they’ve captured that entire base of health information; maybe they’ll ... try to find ways to make value out of big pools of data."

I think a breach in the intimacy of health information could also open some people up to blackmail or make them less open with healthcare professionals. It is a smart move by hackers but whether it's going to be a sustained shift or only a shift which we've seen with these most recent cases is unclear, says Dr Rob Hosking, Chairman of the Royal Australian College of General Practitioners' technology committee.

"Nobody wants their personal, private information exposed to the public and that’s one of the risks we run with using the benefits of the internet for other things, for remote access, for transfer of information about people’s health and doing things in a much timelier fashion,” Dr. Hosking stated. “The worrying thing here is that it [health breaches] creates mistrust if people are fearful of divulging information to their practitioners; that means they may not get the care that they deserve."

Small steps 

Healthcare providers need to have an incident response plan following the discovery of a data breach. Educating staff on the common attack vectors, such as malware, viruses, email attachments, web pages, pop-ups, instant messages, and text messages, and how to discern unusual activity is essential. 

According to Dr. Robertson-Dunn, health data is expensive and difficult to manage, and sometimes it can be hard to differentiate between what should be kept, and what can be deleted. We need to re-evaluate what has to be held onto. 

"The government and organizations need to get more serious about the security of the data that they keep," he stated. They need to question if they need all of it, if it all needs to be online. If you change GP should the old GP keep your records? There’s probably an argument that maybe they should, but it is a risk. Curating health data is not easy because how do you know what you might need in the future?"
Read more »
Ransomware
Cyber Security Data Encryption Healthcare Industry Ransom Ransomware

Ransomware Attacks Forced Organizations to Shut Down Operations Completely

 

Ransomware attacks have evolved constantly and now the spike in attacks is causing a massive concern for thousands of organizations worldwide. Hackers are taking advantage of security vulnerabilities and encrypting data belonging to all sorts of organizations: from private firms to healthcare facilities and governments. 

What motivates the ransomware attackers to become even more sophisticated and demand tens of millions of dollars is that numerous firms agree to pay the ransom and not reveal the attack. It usually happens because they are afraid of the devastating social consequences. 

Earlier this week, Trend Micro, a global cybersecurity leader, disclosed that a quarter of healthcare organizations hit by ransomware attacks were forced to shut operations completely. The study also revealed that 86% of global healthcare organizations impacted by ransomware attacks suffered operational outages. 

More than half of the global HCOs (57%) acknowledged being hit by ransomware attacks over the past three years. Of these, 25% were forced to shut down their operations, while 60% disclosed that some business processes were affected by an attack. 

On average, it took most responding organizations days (56%) or weeks (24%) to fully restore these operations. In a survey of 145 healthcare business and IT professionals, 60 percent of HCOs also suffered a data breach, potentially increasing compliance and reputational risk, as well as investigation, remediation, and clean-up costs. 

The good news is that most (95%) HCOs say they regularly update patches, while 91% limit email attachments to thwart malware risk. Many also employed detection and response tools for their network (NDR) endpoint (EDR) and across multiple layers (XDR). 

"In cybersecurity, we often talk in abstractions about data breaches and network compromise. But in the healthcare sector, ransomware can have a potentially genuine and very dangerous physical impact," Trend Micro Technical Director Bharat Mistry stated. 

"Operational outages put patient lives at risk. We can't rely on the bad guys to change their ways, so healthcare organizations need to get better at detection and response and share the appropriate intelligence with partners to secure their supply chains." 

The study published by cybersecurity firm Sophos in June revealed that HCOs spend nearly $1.85 million to recover systems after a ransomware attack, the second-highest across all sectors. The average ransom paid by healthcare organizations surged by 33% in 2021, an almost threefold increase in the proportion of victims paying ransoms of $1 million or more.
Read more »
Ransomware
Cyber Attacks data threat FBI. Healthcare Industry Investigation Ransomware

A Hospital Chain Cyberattack is Expected to Take Time to Investigate

 


It took security experts up to Friday to prepare for the coming challenge of determining what the full impact of a cyberattack may be on patients and hospitals at one of the largest health systems in the U.S. Security experts warned that it often takes time to assess the full impact of the attack on patients and hospitals.

Common Spirit Health confirmed earlier this week that they have experienced an information security breach. However, they are yet to respond in detail to questions about the incident. This includes how many of the company's 1,000 care sites serving 20 million Americans were affected by this issue. The health system giant, which is the second-largest nonprofit health system in America, has 140 hospitals in 21 states.

"Several things have to be considered when one is attempting to restore all their systems and finding out the scope of the attack," says Allan Liska, an analyst with the cybersecurity firm Recorded Future. In other words, you are trying to get patient care up and running so that patients can receive care; you are trying to get your doctors and nurses back to using the systems they need to continue their work.

In the healthcare industry, cyber attackers are increasingly considering targeting healthcare organizations - especially those who use malware to lock up a victim's files and manipulate the information to profit from their activities. According to the U.S. government, Ransomware has remained a persistent threat to the industry. This is among the 16 categories of critical infrastructure that the U.S. government identifies as critical.

"The actors behind ransomware will probably know that this will cause a lot of disruption," Liska explained.

As a result, the global healthcare system in 2021 has seen an unusually high number of attacks, with 285 publicly reported cases reported worldwide, according to Liska. Since the beginning of the year, Liska has tracked 155 attacks, an average of 20 attacks per month, suggesting a growing problem. Nevertheless, he estimated that only about 10% of ransomware attacks are publicized, and publicized attacks are highly rare.

Several cyber security experts have said that years of work have promoted a sense of trust among healthcare leaders in the FBI and other federal agencies that target cybercrime.

An FBI spokesperson declined to comment on whether they were investigating the cyberattack on CommonSpirit Health as part of their cybercrime investigation.

According to John Riggi, who serves as the American Hospital Association's national advisor for cybersecurity and risk, he was not qualified to discuss CommonSpirit in particular. Although, in general, he said, it can take days, weeks, or even months to figure out how an attacker gained access to the network, determine what damage has been done, as well as prevent any further damage from occurring.

As Riggi, a former FBI agent who worked for nearly 30 years in the field of cyber security, emphasized that a significant cyberattack on a hospital could pose a serious threat to patient safety and that it was taken seriously by the U.S. government. A major goal of their organization is to identify the attacker and disclose their identity and methodology.

"They don't want to show their hands, and they do not want to divulge what they know about the bad guys," the officer said. During the processing of a crime scene, you are working on the scene in real-time."

However, there is a risk that cyberattack victims who fail to communicate their response plan to attackers and their recovery strategies are at increased risk of being targeted by cybercriminals. This is predicted by Mike Hamilton, the chief information security officer at Critical Insights Cybersecurity in Washington state.


Read more »
Subscribe to: Posts (Atom)