Resources
Lawsuit Alleges Iowa Health Center Sent PHI to Facebook
Latest in a String of Similar Proposed Class Actions Across Healthcare Industry The University of Iowa Health Care is facing a proposed class action lawsuit alleging it used website tracking pixels to transmit patient data to Facebook. The claim is the latest in a string of legal actions against other healthcare centers that pasted Facebook Pixel and similar online behavior tracking codes into their patient portals. Concerns, and lawsuits, over the use of web trackers by the healthcare industry have increased significantly in the last 9...
read moreSuccess of EMV Chip leads to changing fraud landscape.
The enhanced security provided by EMV chips has significantly impacted card fraud at retail locations. The continued presence of the magnetic stripe as a backup leads to continuing fraud losses. However, as always, where there’s a will, there’s a way, and criminals continue to use a variety of ways to obtain and exploit card information. Several of these ways continue to rely on the presence of the magnetic strip in order to either obtain details or to make fraudulent purchases. Criminals continue to exploit the magnetic strip in a variety of...
read moreMost Common Connected Devices That Pose Risk to Hospitals
Study: Unpatched Nurse Call Systems, Printers and IP Cameras Top the List Globally, hospitals are expected to deploy over 7 million medical devices by 2026 — or more than 3,850 devices per hospital, according to a study conducted last year by research firm Juniper Research. Many IoT device makers and users have lagged in updating these products to patch vulnerabilities, said Scott Singer, managing director of the University of Minnesota’s Center for Medical Device Cybersecurity. A study of connected medical devices with the...
read moreChina Exploits Zero-Day Vulnerabilities
Chinese Hackers and Others Increasingly Favor Unpatched Vulnerabilities According to security researchers, last year was another bonanza in zero-days for Chinese state hackers. They’re also predicting a permanent uptick in nation-state exploitation of yet-unpatched vulnerabilities. Data taken from original research by cybersecurity firm Mandiant and open-source reporting suggests zero-day exploitation fluctuates from year to year but is generally trending upward. A report from the Google-owned threat intelligence company says 55 zero-days...
read more2022 Reported US Data Breaches Near-Record Highs
After Surge in 2nd Half, 1,802 Breach Notifications Issued in 2022; Over 440 Million Individuals Affected After a slow start, likely due to geopolitical factors, 2022 was another bumper year for data breaches in the United States. U.S. organizations issued 1,802 data breach notifications in 2022, affecting more than 400 million individuals, the Identity Theft Resource Center reports. That figure is just 60 breaches shy of the 1,862 breaches in the U.S. that ITRC counted in 2021. That near miss occurred despite a slowdown in data breach...
read moreRansomware Profits Dip as Fewer Victims Pay Extortion As Funding From Ransoms Goes Down, Gangs Embrace Re-Extortion, Researchers Warn
Bad news for ransomware groups: Experts find that getting a payday is harder as the world fortifies against the onslaught of criminal malware. The good news is that more would-be victims are getting robust defenses in place, including well-rehearsed incident response plans, which make executing a successful attack harder. Also good news, law enforcement agencies mobilize earlier to assist victims, and by doing so, they’re learning better how attackers work and where they might strike next. In 2019, 79% of victims paid a ransom. In 2022,...
read moreNew Threats: BlackCat, Royal Among Most Worrisome Threats to Healthcare
Both Ransomware Groups Pose Serious Concerns to Sector, Warns HHS HC3 The U.S. government is warning that Healthcare entities should be on high alert for signs of the new BlackCat and Royal ransomware-as-a-service groups. On January 12th, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center issued a threat brief that warns that BlackCat conducts triple extortion, meaning it doesn’t just encrypt data and demand an extortion payment, but also threatens to leak the data and conduct distributed...
read moreAndroid Banking Trojan Steals Through Mimicry
Trojan Impersonates More Than 400 Financial and Crypto Exchange Apps The Godfather banking Trojan is causing serious issues in the financial sector due to its ability to mimic the appearance of more than 400 applications, including leading financial and crypto exchange applications. So far, it has targeted institutions in 16 countries. Research from security intelligence firm Group-IB says the Godfather Trojan reappeared in September with slightly modified WebSocket functionality after a brief three-month pause in circulation. A signature...
read moreThree Essential Defenses for Combating Ransomware
The number of successful ransomware attacks has doubled in the last 4 years. But there are concrete steps a healthcare organization can take to avoid costly — and potentially deadly — downtime and better protect themselves against an attack. 1. Move from on-premises servers and backups to the cloud. Doing so outsources availability, uptime, and security to the SaaS vendor and also facilitates better backup and recovery if something does happen. It’s just a question of resources. There’s no “easy button” to make it happen...
read moreBlack Basta Using QBot Banking Trojan Malware to Target US-Based Companies
QBot Backdoor Opens Systems to Loading Cobalt Strike, Ransomware and Other Malware Researchers say the Black Basta group is dropping QBot malware — also called QakBot — in a widespread ransomware campaign targeting mostly U.S.-based companies. QBot malware is a banking Trojan primarily designed to steal banking data, including browser information, keystrokes and credentials. Its previous targets include JPMorgan Chase, Citibank, Bank of America, Citizens, Capital One and Wells Fargo. In the group’s latest campaign, attackers are again...
read more