How GPT’s Evil Twin Could Be Used in BEC Attacks A black hat AI tool called Worm GPT is being used to improve the efficacy of phishing emails. This is particularly troubling because a recent survey shows that 1 in 5 people fall for the fake, AI-generated emails, according to cybersecurity researchers. Researchers at SlashNext recently assessed WormGPT, an evil twin of OpenAI’s GPT AI model designed specifically for malicious...

Latest Breach Affects 234,000 Individuals; Involves Recent MCNA Insurance Co. Hack The state government of Iowa reported to federal regulators a third major health data breach since April involving a third-party vendor. The breach stems from an incident at dental health insurer MCNA Insurance Co. The Iowa Department of Health and Human Services reported hackers had compromised the protected health information of nearly 234,000 Iowa residents in...

Latest in a String of Similar Proposed Class Actions Across Healthcare Industry The University of Iowa Health Care is facing a proposed class action lawsuit alleging it used website tracking pixels to transmit patient data to Facebook. The claim is the latest in a string of legal actions against other healthcare centers that pasted Facebook Pixel and similar online behavior tracking codes into their patient portals. Concerns, and lawsuits, over...

Study: Unpatched Nurse Call Systems, Printers and IP Cameras Top the List   Globally, hospitals are expected to deploy over 7 million medical devices by 2026 — or more than 3,850 devices per hospital, according to a study conducted last year by research firm Juniper Research. Many IoT device makers and users have lagged in updating these products to patch vulnerabilities, said Scott Singer, managing director of the University of...

Chinese Hackers and Others Increasingly Favor Unpatched Vulnerabilities According to security researchers, last year was another bonanza in zero-days for Chinese state hackers. They’re also predicting a permanent uptick in nation-state exploitation of yet-unpatched vulnerabilities. Data taken from original research by cybersecurity firm Mandiant and open-source reporting suggests zero-day exploitation fluctuates from year to year but is...

After Surge in 2nd Half, 1,802 Breach Notifications Issued in 2022; Over 440 Million Individuals Affected After a slow start, likely due to geopolitical factors, 2022 was another bumper year for data breaches in the United States. U.S. organizations issued 1,802 data breach notifications in 2022, affecting more than 400 million individuals, the Identity Theft Resource Center reports. That figure is just 60 breaches shy of the 1,862 breaches in...

Both Ransomware Groups Pose Serious Concerns to Sector, Warns HHS HC3 The U.S. government is warning that Healthcare entities should be on high alert for signs of the new BlackCat and Royal ransomware-as-a-service groups. On January 12th, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center issued a threat brief that warns that BlackCat conducts triple extortion, meaning it doesn’t just...

The number of successful ransomware attacks has doubled in the last 4 years. But there are concrete steps a healthcare organization can take to avoid costly — and potentially deadly — downtime and better protect themselves against an attack. 1. Move from on-premises servers and backups to the cloud. Doing so outsources availability, uptime, and security to the SaaS vendor and also facilitates better backup and recovery if something does happen....

Targeting of Providers, Plans and Partners Since 2009, healthcare breaches have affected the personal information of 370 million people. Quick math says that’s more than the entire U.S. population, and that’s only counting the major breaches affecting 500 people or more. The situation is growing worse. In just the last three years, the volume and frequency of breaches have nearly doubled, from 368 in 2018 to 715 in 2021. And the nation is on...

Red-Teaming Tool Poses Ongoing Risks When Used by Hackers, HHS Warns The Department of Health and Human Services’ Office of Information Security’s HC3 unit says attackers are weaponizing legitimate security tools. Russian hackers deployed Cobalt Strike’s command-and-control function during their attack against SolarWinds’ network management software. Hackers who earlier this year got into Cisco corporate IT...