A growing number of Instagram users are taking to social media, including Twitter and Reddit, to report a mysterious hack which involves locking them out of their account with their email addresses changed to .ru domains. According to victims, their account names, profile pictures, passwords, email addresses associated with their Instagram accounts, and even connected Facebook accounts are being changed in the attack. Many of the affected Instagram users are also complaining about their profile photos replaced with stills from popular films, including Despicable Me 3 and Pirates of the Caribbean. Although it is still unknown who is behind the widespread hack of Instagram accounts, the use of the email addresses originating from Russian email provider mail.ru may indicate a Russian hacker or hacking group is behind the attack, or perhaps hackers pretending to be from Russia.
A Phishing attack compromised 42 K patients personal data’s which was found out by a Floridian firm Health First on Nov 13th and was later reported to the Department of Health and human services. Data breaches.net revealed the hacked details of several employees between February and May 2018. Post the discovery of cyber attacks, Health First has implemented new security measures. Health first, perhaps the procrastination till October in reporting the breach to organization is the only one to report this news, despite many firms remaining unacknowledged of their breaches, hence obviously unreported. North Carolina-based Catawba Valley reported that 3 mail accounts had been accessed by hackers. Similarly, 37 K records of Gold Coast Health Plan were also breached. Another breach incident with compromises in 21 K patients records has made the Minnesota Department of human Services, in fire.
Nearly 2,000 patients at PeaceHealth Southwest Medical Center are beingnotified. The Vancouver medical centre discovered on Aug. 9 that theemployee unnecessarily accessed the electronic files containingprotected health information, including patient names, ages, medicalrecord and account numbers, admission and discharge dates, progressnotes and diagnosis. The company said, PeaceHealth officials do notbelieve any affected patients are at risk for identity theft. Patient SocialSecurity numbers and financial information were not accessed. Aninvestigation revealed the employee accessed patient informationbetween November 2011 and July 2017. The employee no longer worksfor PeaceHealth. They began sending out letters to the 1,969 affectedpatients on Monday.
Another popular Eye care firm named May Eye care on July29th has fallen as a victim of ransomware attack after its server, comprising of its patients names, birth, addresses, medical diagnosis, treatment details, clinical notes and insurance data’s got breached.The patients included in the breached data were identified through 3rd party forensics and by IT security firms. These attacks are launched for extracting monetary payments. Officials have advised that precautious measures must be taken to secure the patients complete information. Inova health system in Virginia notified that 12,331 patients health data’s records have been accessed by a hacker. Officials have confirmed that the same hacker has accessed both the billing system in January 2017 as well as in between July and October 2017 and also some paper records that contained patients names, addresses, DOB’s, medical records and
Social Security numbers in December 2016. Another prominent hospital in Texas, Altus Baytown was attacked by a ransomware on Sept 3rd, with health records being encrypted. The malware impacted not the electronic health record system but the files containing patients names, social security numbers and much more.Hackers demanded ransom for decrypting files. Officials said that these attacks were launched for extorting money and hence Altus firm have bolstered their cybersecurity defences by hiring outside security risk consultants.
The DNC said that it now believes a phishing attempt that was part of an unauthorized test on its Vote Builder system was performed by a third-party and it had worked with its service provider to help thwart the suspected attack The Democratic National Committee said Wednesday that it has thwarted a hacking attempt on its database holding information on tens of millions of voters across the country.
Nearly 2,000 patients at PeaceHealth Southwest Medical Center are beingnotified. The Vancouver medical centre discovered on Aug. 9 that theemployee unnecessarily accessed the electronic files containingprotected health information, including patient names, ages, medicalrecord and account numbers, admission and discharge dates, progressnotes and diagnosis. The company said, PeaceHealth officials do notbelieve any affected patients are at risk for identity theft. Patient SocialSecurity numbers and financial information were not accessed. Aninvestigation revealed the employee accessed patient informationbetween November 2011 and July 2017. The employee no longer worksfor PeaceHealth. They began sending out letters to the 1,969 affectedpatients on Monday.The hospital said personal data may have been obtained througha phishing attack that affected two employee email accounts.Morehead Memorial did not say how many people were affectedby the data breach. An investigation into the data breach hasfound that information about certain patients and employees hasbeen affected, including health insurance payment summaries,treatment overviews, health plan information, and in some cases,Social Security numbers. When the hospital learned of the attack,it cut off access to accounts, reset passwords and hiredconsultants to conduct an investigation The hospital has alsonotified the FBI and the U.S. Department of Homeland Security.
A massive security breach, data of over 50 million Facebook users have been exposed following a security breach by unknown hackers. That a significant number of affected users are from India. However, Facebook did not respond to the question on the number of accounts affected in India, reported PTI. Zuckerberg said’ our engineering team found an attack affecting up to 50 million accounts on Facebook. The attackers exploited a vulnerability in the code of the View As feature which is a privacy feature that lets people see what their Facebook profile would look like to another person"."The vulnerability allowed the attackers to steal Facebook access tokens - which are the equivalent of a digital key which the attackers could have used to take over or access people's accounts," he said. that these tokens were used to access any private messages or posts or to post anything to these accounts." Facebook has invalidated access tokens for the accounts, causing those users to be logged out. Facebook said users don't need to change their passwords.
Vanderbilt University Medical centre (VUMC), details its strategy for responding to mass phishing campaigns with added tech, user focused designed and education.Notorious viruses like Samsam and Ryuk have generated mayhems for health care sectors through various phishing attacks with one – hundredth of mails sent being malicious, reports FireEye researchers. VUMC hasn’t escaped from this attack and hence urges for 2FA implementation for every tech org.Executive Director of Enterprise Cybersecurity Andrew Hutchinson to Health IT Security.com that despite the prevalence of 2FA for various platforms, VUMC had pushed this initiative ulterior, post the recent security threat. Hutchinson said that VUMC used phished sites which hackers used to gain access and so, ackers were able to view the contents while simultaneously being viewed by VUMC. Hence, for prevention 2FA (Two Factor Authentication) is necessary and for implementing it, there must be 100% involvement among employees as it increases the authentication levels of security and for sure will become a hard requirement for time, says Hutchinson. Success lies in providing comfortable situation to employees procuring plenty of opportunities for 2FA factor authentication, says Hutchinson.
EDUCATION AND USER-TRAINING:
He further added that humans made and will make mistakes and hence 100% success is impossible. There is no inevitable barrier against attacks but e are much better than 99% of organizations.
Cyber-security researchers at CyberMDX have discovered two major security flaw in medical devices: Becton Dickinson (BD)’s Alaris TIVA syringe pump and Qualcomm Life Capsule’s Datacaptor Terminal Server (DTS). The researchers worked closely with both the vendors and the vulnerabilities were publically disclosed via the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). They called the flaws as Misfortune Cookie, assigned them a severity rating of 9.8. A potential vulnerability is found in the BD Alaris TIVA syringe pump's software version 2.3.6 and later ones, which were sold outside the United States. The team found out that if a hacker could gain access to a hospital’s network and the Alaris TIVA syringe pump is connected to the server, then the hacker can malicious activity without being caught.
A total of 76 universities in 14 countries have been targeted including institutions. The Mabna Institute, working as part of Cobalt Dickens, allegedly stole information from 76 universities across 21 countries, as well as 47 US and foreign private sector companies, including the US Department of Labor and the United Nations. After discovering a spoof website which masqueraded as one of the target universities, CTU uncovered a wider campaign designed to steal credentials from academic staff.In total, 16 domains have been used by the threat actors to host over 300 spoofed websites, including university login pages and online libraries. The majority of the domains were registered between May and August 2018. The campaign appears to be ongoing, as the latest domain registration took place on August 19.
Presented on oct 2018, Repercussions-21.3 million fine on tesco bank website-www.tescobank.gov
Failing to proactively prevent the foreseeable online attacks of the hackers has resulted for the Scotland-based Tesco bank an whooping $21.3 million loss, fine by the U.K’s financial conduct authority. The 48 hours attack that incurred in November 2016 paved gateway for hackers to steal $2.93 million, reports the financial conduct Authority (an independently operating financial regulatory body of the U.K government. It was pronounced by the FCA that Tesco bank violated the standards which the financial firms must follow (Principal 2). “Principal 2 requires a firm to conduct its business with due skill, care and diligence”, it tells. Magecart another threatening group whom focus on payment card stealing have been tied to another series of online attacks.“Shopper Approved” an e-commerce service based organization situated in Ogden, Utah that enables sites in gathering local, merchant and product reviews from customers is cited to be the latest victim of cyberattack which was later confirmed by them after acknowledging the confirmation of attack from Magecart through an security firm, pertaining to the incident. Additional security measures were also implemented to ensure that this doesn’t exist.
Patients needing emergency care were driven away from East Ohio regional Hospital and Ohio Valley Medical Centre the weekend due to ransomware. The hired IT team took few computer systems for safeguarding the integrity of patients data’s. “We have redundant security, so the attack was able to get through the first layer but not the second layer,” Karin Janiszewski, OVMC and EORH director of marketing and public relations, told local news outlets. There has been no patient information breach. The hospitals are switching to paper charting to ensure patient data protection. At the moment, our emergency rooms are unable to take patients by E-squads, but we can take patients by walk-in. Our IT team is working around the clock right now and we expect to have the issue resolved by (Sunday),” Janiszewski said. Officials haven’t provided an update on the attack. Throughout 2018, ransomware
attacks have been breaching the security of various systems. In July, Cass regional medical centre consumed more than a week for its EHR, post a week after ransomware attack.
Fourteen New York Oncology employees fell prey to the phishing attacks which gave access to credentials. The phishing emails appeared as legitimate email login page which conjured people and deceived them to log inside it. Post the Phishing attacks, the officials passwords were reset for the impacted emails. A forensic firm was hired, emails were reviewed by them and the NYOH were notified of the breaches, later launching incident response protocol. The concluded investigation on Oct 1st exposed the that the impacted emails contained names, email addresses, home addresses and much more. The officials must inform patients within 60 days under HIPAA to the DHS, but failed to do. As a remediation, all victims will be sent notification letters and a year of free credit monitoring. In fact, the Minnesota Department of Human services suffered due to spear-phishing campaigns with more than 1600 government emails victimized.Security researchers warn that attacks towards Healthcare sectors will only be rampant with time.
UnityPoint Health is notifying 1.4 million patients that their records may have been breached when its business system was compromised by a phishing attack. This is the second breach for UnityPoint this year. the health system’s business email system was hit by a series of targeted phishing emails that looked like they were sent from an executive within UnityPoint. An employee fell victim to the emails, which gave hackers access to internal email accounts. The hacked accounts included protected health information, including names, addresses, medical data, treatment information, lab results and/or insurance information. For some of the 1.4 million patients, their payment card and Social Security
number were included in the breach. This breach is the largest in the U.S. this year by a landslide.
An airport spokesman said the information screens were taken offline early on Friday to contain an attack similar to so-called "ransomware".They are now working again at "key locations" including in departures and arrivals, and work is continuing to get the whole site back online. The spokesman said no "ransom" had been paid to get the systems working again. Ransomware is a form of malware in which computer viruses threaten to delete files unless a ransom is paid. Spokesman James Gore said: "We believe there was an online attempt to target part of our administrative systems and that required us to take a number of applications offline as a precautionary measure, including the one that provides our data for flight information screens. That was done to contain the problem and avoid any further impact on more critical systems.
A fine of $200,000 was levied on Virtua as a result of its breached data’s, by the New Jersey attorney general. By April, Virtua agreed to pay the fine and for improving its data security. In Jan 2016, Best Medical Transcription to Virtua experienced a sever misconfiguration that exposed the PHI of 1,654 Virtua patients. As a result, there were contingencies for files to be accessed and downloaded from the FTP site. In addition to this, even New Jersey’s data’s were breached. Their Attorney general Gurbir Grewal swore that, “Protection of New jersey’s patients data’s will persist”. New Jersey’s HIPAA’s Security rule, Breach Notification rule and Privacy rule are cited below:
$640,000 in just 2 weeks and still counting, that is the estimated total revenue of the Ryuk ransomware that attacked various enterprise PCsHermes ransomware which originated from the infamous Lazarus Group of North Korea, it is strongly believed that Ryuk is also the creation of the same group. A malware commonly attributed to the notorious North Korean APT Lazarus Group, which was also used in massive targeted attacks.The malware will attempt to write a dummy file to the Windows directory, which would only be allowed with Admin privileges. If the creation of the file failed, it will sleep for a while and attempt the same another five times. If failure persists beyond these attempts, Ryuk will simply terminate. If the file was successfully created, it will write two more files to a subfolder in the Windows directory.
In cosmos bank, the 78 crores were withdrawn through various ATMs located across 28 countries. The bank said this includes 12,000 VISA card transactions. In the same way, the bank said about Rs 2.50 crore was withdrawn through 2,800 debit card transactions in India at various locations.
According to reports, Rs 13.9 crore was transferred through SWIFT (Society for Worldwide Interbank Financial Telecommunication) transaction. The bank came to know about the malware attack on its debit card payment system on August 11. It observed that unusual repeated transactions were taking place through ATM VISA and RuPay card for nearly two hours. As soon as the suspicious transactions were reported, the bank immediately shut
down its VISA and RuPay debit card payment system.
A borough man allegedly stole more than 1,000 medical recordsfrom an East Brunswick storage unit and sold them, according toauthorities. Fernando Rios, 33, was charged Tuesday with identitytheft, trafficking in personally identifying information andburglary, Middlesex County Prosecutor Andrew C. Carey said in arelease. Rios was arrested after a joint investigation with the U.S.Department of Homeland Security, according to the release. It wasunclear when the break-in occurred. Three doctors from EastBrunswick and Somerset stored their patients' medical records inthe storage unit, the release said.
Dublin Midlands Hospital Group has confirmed an isolated ransomware attack at the Midlands Regional Hospital in Tullamore yesterday. There was no impact on patient care following the attack, which affected the Laboratory Information System.There is also no evidence of other parts of the wider health service being affected by the attack, the group said.The hospital has been assured that there is no evidence it went any further and it is working with the HSE to restore the system.The group said business continuity plans are in operation until the full system is restored.The HSE have informed the Data Protection Commission as a precaution.