Japan Prime Minister Shigeru Ishiba implements a new cybersecurity defense law ahead of national elections to take proactive measures against cyber threats. The legislation allows the government to monitor online communications and requires private companies to report cyberattacks.
The US healthcare sector is now reeling from a seemingly never-ending series of cyberattacks. The problem is becoming so dire that there is growing concern that it may even spark a genuine healthcare crisis. The recent ransomware attack on Kettering Health, for example, which operates 14 hospitals and over 120 medical facilities in Ohio, is merely the latest volley in a remorseless wave of cyberattacks on the cash-rich sector.
Following an investigation by the Federal Bureau of Investigation (FBI), a pharmacist at the University of Maryland Medical Center, Dr. Matthew Bathula, is accused of allegedly carrying out a decade-long campaign of cyber-voyeurism. According to local newspaper, the Baltimore Banner, Bathula allegedly watched the women colleagues in real-time, including one while she was home breastfeeding, undressing, and having sex with her husband. Six of the women are suing the hospital for negligence.
Another cyber breach as potentially damaging as that of the infamous hook-up site for married users, Ashley Madison, 15 years ago has recently come to light that could have equally serious consequences.
According to a notification filed this month with the California Department of Justice, the sperm bank California Cryobank reports a breach that occurred last April. Stolen files include the names, social security numbers, driver’s license numbers, financial accounts, and health insurance information of many of the sperm bank donors and their recipients.
Cybersecurity professionals are restless, with over 60% planning to switch jobs in the next year. A new study by IANS Research and Artico Search highlights career stagnation as a major reason, while salaries remain high across the industry.
The report finds senior professionals are the most eager to leave, frustrated by limited growth opportunities. Specialists in cloud security, application security, and threat intelligence, however, continue to command the highest salaries.
Search engine giant’s Google Threat Intelligence Group reports that cybercriminal and state-backed cyber-attacks on the healthcare sector in countries such as the US and UK have escalated to a level where they are actually costing lives.
“Healthcare’s share of posts on data leak sites has doubled over the past three years, even as the number of data leak sites tracked by Google Threat Intelligence Group has increased by nearly 50% year over year. The impact of these attacks means that they must be taken seriously as a national security threat, no matter the motivation of the actors behind it,” says Google.
Ransomware attacks on the healthcare sector have risen by a third in 2024 with the US the prime target. Cybersecurity company Black Kite reports 374 incidents in the past year, a 32.16 percent rise in the number of attacks on the industry over 2023. Healthcare is now among the top targets for ransomware, surpassed only by manufacturing and professional services.
The rapid rise in ransomware attacks on the healthcare sector is the result of increasing ruthlessness on the part of ransomware gangs. Until relatively recently, some sectors, such as healthcare and education, were considered off-limits. According to Black Kite, if an affiliated criminal gang attacked a healthcare organization, the core ransomware group would frequently step in, apologizing to the victim organization -sometimes even decrypting the ransomed data for free.
While the assassination of health insurance CEO Brian Thompson on the streets of central New York last week has been grabbing headlines this month, life-endangering cyber-attacks on the US healthcare industry are escalating at an alarming rate. Once again, the pressing need for both IT and physical security could not be more clear.
According to John Riggi, national advisor for healthcare security and risk at the American Hospital Association, healthcare security must now be seen as far more than just an IT issue. This year has seen what amounts to a sea change in the way healthcare executives must view not only their own personal security but also the impact of cyber-attacks not only on their bottom line but also on the lives and well-being of patients.
German authorities have made arrests linked to drug-selling platform Crimenetwork, seizing over $1 million in crypto assets. Crimenetwork is alleged to be the largest darkweb marketplace in the country and enabled users to buy and sell drugs, and offered illicit services such as the forging of documents and trading of stolen data.
The Los Angeles County Department of Public Health has been breached by a cyber-attack that has compromised the personal information of over 200,000 private individuals. This is the latest breach in a series of major cyber-attacks on the healthcare sector.
As with so many breaches, the Los Angeles County breach was the result of a phishing attack aimed at unsuspecting staff. The attack enabled a hacker to gain the log-in credentials of 53 public health employees and subsequently compromised the personal information of 200,000 patients.
According to the LA County Department of Public Health: “The information identified in the potentially compromised e-mail accounts may have included DPH clients/employees/other individuals’ first and last name, date of birth, diagnosis, prescription, medical record number/patient ID, Medicare/Med-Cal number, health insurance information, Social Security Number, and other financial information.”
Microsoft revealed that it’s placing the AI-powered Copilot+ feature for PCs on hold due to critical safety concerns.
“We are adjusting the release model for Recall to leverage the expertise of the Windows Insider community to ensure the experience meets our high standards for quality and security,” Microsoft said in an update.
Microsoft announced the launch of its new cybersecurity program to support hospitals in rural America from cyber attacks.
Microsoft’s new security suite and cyber training offering will provide nonprofit pricing and discounts to critical access hospitals and rural emergency hospitals.
In a public statement, Alex Haurek, TikTok’s spokesperson, announced the hack on CNN’s TikTok account, among other high-profile accounts.
“We have taken measures to stop this attack and prevent it from happening in the future. We’re working directly with affected account owners to restore access if needed,” he added.
On Monday, May 20th, the Environmental Protection Agency (EPA) issued a warning, urging water utility systems in the US to take action to prevent vulnerabilities.
The EPA says 70% of water systems inspected don’t fully comply with the Safe Drinking Water Act requirements, stating that some have “critical cyber vulnerabilities” such as default passwords that may be easily compromised.
Boeing made a significant disclosure: The LockBit ransomware group targeted the company, which demanded a staggering $200M extortion payment.
Boeing did not pay LockBit a ransom despite 43 GB of company data leaked on the ransomware group’s website in November 2023. Boeing is now in contact with the FBI to mitigate the breach.
Cybercriminal groups have now completely abandoned any pretense that theirs are basically victimless crimes by attacking the healthcare sector with increasing ruthlessness. Healthcare, once said to be off limits to ‘responsible’ cyber criminals, is now the subject of an urgent warning from the Cybersecurity Coordination Center (HC3) of the US Department of Health and Human Services.
“HC3 has recently observed threat actors employing advanced social engineering tactics to target IT help desks in the health sector and gain initial access to target organizations,” the warning states.
Tactics include contacting an organization’s IT help desk with phone calls from a familiar area code and claiming to be an employee in a financial role.
Google agreed to remove billions of personal records amid the previously announced lawsuit, accusing the tech giant of illegal surveillance.
The personal records belong to approximately 136 million Google Chrome users. To add to the settlement, Google will add more disclosures of the terms for their ‘incognito mode’ feature.
The ‘INC Ransom’ ransomware group publicly threatened to release three terabytes of NHS Scotland sensitive patient and staff data, after publishing a smaller sample size proving the viability of the threat.
NHS Dumfries and Galloway’s efforts to prevent the attack from being repeated are underway in collaboration with Police Scotland and the National Cyber Security Centre (NCSC).
An under-the-radar attack that creates fake Google docs is now playing havoc across multiple sectors in the US and UK, particularly in healthcare. Companies’ increasing reliance on widely-used off-the-shelf external software may save costs and create efficiencies in the short-term, but it also offers new inroads for the current generation of increasingly devious and skilled cybercriminals
Cybersecurity firm Netskope has identified a new Google Docs threat in the wild, AZORult infostealer. It is designed to steal sensitive information such as user credentials, browser information, credit card details and crypto-wallet data. A comprehensive study conducted by Netskope’s research team has uncovered a campaign where an attacker created fake Google Docs pages on Google sites from which to download malicious payloads.
Following actions taken against the infamous BlackCat ransomware group in December by the US Federal Bureau of Investigation (FBI), the cybercriminal gang has warned it is taking off the gloves in its fight with law enforcement. BlackCat previously took pride in regularly announcing that it does not encourage or support affiliates who target crucial sectors such as healthcare. But this approach has changed radically since the end of 2023.
“Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized. This is likely in response to the ALPHV Blackcat administrator’s post encouraging its affiliates to target hospitals after operational action against the group and its infrastructure in early December 2023,” said the FBI.
The Mozilla Foundation released research that unveils that all 11 romantic AI chatbots tested, failed security and privacy tests.
All 11 chatbots feature data privacy concerns, pulling much more data than is needed from the collective 100 million users of these chatbots. Mozilla urges these chatbots to minimize exploiting vulnerable users through more transparent data privacy practices.
Specialists from the Netherlands’ Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) announced a Chinese nation-state-sponsored malware ‘Coathanger’ and its breach on the Dutch Ministry of Defense (MoD).
The stealthy ‘Coathanger’ malware’s code revealed a remote access trojan (RAT) specifically built to infiltrate Fortinet’s FortiGate firewalls through the ‘CVE-2022-42475’ vulnerability, which resulted in stolen user account credentials from the Dutch MoD’s servers.
Orbit Chain revealed to its users that as a result of a cyber attack, $84.5M worth of Ethereum and DAI (cryptocurrencies) were illicitly transferred to seven wallet addresses on the 1st of January.
Orbit Chain is now coordinating with the Korean National Police Agency and the Korea Internet & Security Agency (KISA) to find the threat actors behind the cyber attacks, and to further protect its customers’ crypto wallets.
Cybercrime, which has become a multi-trillion-dollar industry over recent decades, became increasingly sophisticated during 2023, with criminal groups now adopting many of the business practices used by legitimate enterprises. According to a new report from cybersecurity firm, Sophos, leading ransomware gangs now increasingly employ their own internal HR and PR departments.
Far from shying away from the media, as criminals always have in the past, some ransomware gangs have been swift to seize the opportunities it affords them. Some regularly issue press releases and take great pains to forge relationships with individual journalists using the same PR methods as those employed by legitimate corporations. Threat actors also offer Frequently Asked Questions (FAQs) and answers for journalists visiting their leak sites, encouraging reporters to get in touch, give in-depth interviews, and recruit writers, reports Sophos.
According to Sophos’ latest report, 62% of the most active ransomware groups in the world deliberately enable remote encryption for their attacks.
Sophos’ report entitled “CryptoGuard: An Asymmetric Approach to the Ransomware Battle,” gathered the data based on Sophos’ detected and halted ransomware attacks in 2023. The report further stated that remote encryption is used as a tactic for effective, widespread ransomware attacks within organizations, aiming to steal as much sensitive information as possible.
The Department of Justice announced that the Russian national behind the malware tool Trickbot, used to launch ransomware attacks on American hospitals, pleaded guilty to his role in the malware tool’s development.
Trickbot was used to facilitate ransomware attacks on a string of American hospitals and health systems, disrupting care delivery and risking patient safety.
The Federal Bureau of Investigation (FBI) warns that cybercriminals and online blackmailers are targeting plastic surgeons to harvest electronically protected health information (ePHI) on their patients. Personal ePHI includes sensitive information and photographs, enabling the cybercriminals to extort money from the patients themselves as well as from plastic surgery practices, something that could prove lucrative to blackmailers targeting wealthy celebrities who are in the public eye.
The Q3-2023 Ransomware Report of cyber threat intelligence company Cyble has shown that ransomware attacks have doubled over the past year.
The reports also show the healthcare sector to be the most targeted in these attacks, and the US as being the most targeted area.
The cyber-war just got dirtier. A year or two back, an age in cyber-years, even the most ruthless cyber-gangs avoided attacking medical facilities to create a better public image in the eyes of the hacker community. Their stance has weakened somewhat since then, with attacks on the health sector becoming more common. But a recent attack on the US Red Cross is unusual enough to ring alarm bells outside the cybersecurity community.
In today’s roundup; Cyberattacks encrypt UK school data, Russian threat actors may face lengthy imprisonment, and ‘Charming Kitten’ hacks 34 company systems.
The healthcare sector is coming under increasingly severe pressure from cyber-attacks. On the heels of news earlier last week that the infamous Lazarus Group is launching a new campaign targeting internet backbone infrastructure and healthcare facilities in the US and Europe comes news of a major attack by the Rhysida ransomware group on Los Angeles-based Prospect Medical Holdings.
Editorial Team
