Targeting of Providers, Plans and Partners Since 2009, healthcare breaches have affected the personal information of 370 million people. Quick math says that’s more than the entire U.S. population, and that’s only counting the major breaches affecting 500 people or more. The situation is growing worse. In just the last three years, the volume and frequency of breaches have nearly doubled, from 368 in 2018 to 715 in 2021. And the nation is on...

Red-Teaming Tool Poses Ongoing Risks When Used by Hackers, HHS Warns The Department of Health and Human Services’ Office of Information Security’s HC3 unit says attackers are weaponizing legitimate security tools. Russian hackers deployed Cobalt Strike’s command-and-control function during their attack against SolarWinds’ network management software. Hackers who earlier this year got into Cisco corporate IT...

Cyberweapon-Grade Hacking Tools Pose Danger for Financial Sector Cyberthieves traditionally on the lower rung of hacking abilities now have access to nation-state-class malicious software, warn close observers of the criminal dark web. The appearance on criminal forums of tools capable of infecting a computer’s boot firmware or malware that evades antivirus detection is a consequence of years of state-sponsored development of cyber...

Use of Social Engineering, Phishing to Divert Payments Cybercriminals are stealing multimillion-dollar payouts from healthcare payment processors by compromising user login credentials, the FBI warns the healthcare industry. In a recent alert, federal agents say they’ve received multiple reports of cybercriminals redirecting healthcare payments into their pockets. According to the FBI, cybercriminals used employees’ publicly...

$155 Million in fines and settlements. While physical data breaches have declined substantially in the last 10 years, they still can happen without proper diligence. That lack of diligence and vendor oversight has led to a $35M fine for Morgan Stanley from the SEC and a class-action settlement of $60M over the same breach. This is in addition to a $60M fine from the Comptroller of the Currency in 2020. All for improperly decommissioning server...

Some 60 breaches affecting about 2.5 million individuals were added in July to the federal tally of major health data breaches. Those incidents continued a trend playing out in 2022: Large hacking incidents predominately involving ransomware attacks against providers, vendors, or both are responsible for an overwhelming amount of data theft. About 80% of the major breaches reported were related to hacking/IT incidents, and these breaches...

AWS Domains Used to Send Phishing Emails and Steal Credentials Cybercriminals are using Amazon Web Services to create phishing pages that bypass security scanners and scam victims into handing over credentials. The scammers send targets what appears to be a standard password expiration email or other emails meant to create a sense of urgency. The emails come from legitimate AWS domains, but a closer look shows the inclusion of false nicknames,...

New draft of federal cybersecurity guidance could help healthcare organizations avoid regulatory fines in the wake of breaches. Federal regulators are looking for the adoption of “recognized security practices,” when investigating the aftermath of a breach involving protected health information. In 2021, Congress told the Department of Health and Human Services to consider whether a medical center or business associate can show that it...

Cybersecurity, or the lack of it, is something that we all need to be concerned about. In no industry is that more readily apparent than the financial sector. As the threats continue to evolve, it’s important that we don’t forget about older threats that continue to pose serious risks to financial institutions. Ideally, all organizations would rapidly expunge known vulnerabilities from their networks, starting with the most severe bugs that...

Depending on where you put its tracking pixel, it might be. Lawsuit: Facebook Is Collecting Patient Data of ‘Millions’ Class Action Alleges Meta Pixel Code Tracks Websites, Patient Portal Interactions A class action is alleging Facebook unlawfully collects patient data from the online portals of hundreds of medical providers without knowledge or consent. The lawsuit, filed Friday (June 17, 2022) by an anonymous “John...