Nebraska Medicine Data Breach Lawsuit Has Proposed Settlement

Complaint Alleged Multiple Security ‘Failures’ Leading to 2020 Cyberattack A federal court has approved a proposed settlement in a class-action lawsuit filed in February against Nebraska Medicine. This is in the wake of a 2020 malware attack and exfiltration of sensitive personal data and medical records of tens of thousands of individuals. The costs of the proposed settlement could exceed $37 million in patient reimbursements.  Out...

Read More

Ransomware Continues to Cause Disruptions

Oil pipelines and Apple among most recent targets Seemingly every week, there’s a new disruption caused by ransomware. Some of them are more noteworthy than others, with the recent pipeline disruption getting the most coverage followed by a $50M ransom demanded from Apple a few weeks ago. It’s all part of a trend of escalating criminal activity centered around ransomware. Trends While the high-profile demands and disruptions are generating...

Read More

Phishing Threats Continue

Phishing continues to be one of the most prominent, and damaging, ways that cybercriminals gain access to healthcare networks. It is also one of the most straightforward threats for an organization to deal with. Unlike a number of more technical cybercrimes, phishing can be prevented with simple training. Employees who have received training in spotting and reporting phishing emails dramatically reduce the risk that malware and ransomware will...

Read More

70 Breaches Added to Wall of Shame in Last Month

159 Major Breaches in 2021 About 70 major health data breaches have been added to the federal tally in the last four weeks as ransomware attacks have persisted and breaches at vendors have affected clients. As of Monday, the Department of Health and Human Services’ HIPAA Breach Reporting Tool website showed 159 breaches affecting a combined total of 12.5 million individuals have been added to the tally so far this year. That’s up...

Read More

Health Data Breach Tally Crowded with Vendor Incidents

Business Associate Breaches Affect Millions Nearly 1/3 of the major health data breaches added to the federal tally so far this year involve business associates, continuing a trend in recent years. A recent analysis by CI Security found that in the second half of 2020, nearly 75% of all records breached were tied to security incidents involving business associates. Currently, the HHS OCR website shows that 37 major breaches, affecting more than...

Read More

FBI Issues Alert on Growing Egregor Ransomware Threat

  Bureau and Security Experts Warn About Gang’s Effective Extortion Model   The FBI issued a warning this week over the growing threat from the operators behind the Egregor ransomware variant and other cybercriminal gangs affiliated with the group. Since September, the Egregor gang and its affiliates claim to have compromised approximately 150 corporate networks in the U.S. and other countries. In some cases, the extortion...

Read More

New Ransomware Variant Could be the Next Big Malware Threat to Business

New Egregor ransomware has been gaining traction since emerging in September. A new form of ransomware is becoming increasingly prolific as cybercriminals turn to it as a preferred means of encrypting vulnerable networks in an effort to exploit bitcoin from victims. Egregor ransomware first emerged in September but has already become notorious following several high-profile incidents, including attacks against Barnes & Noble and video game...

Read More

Cybercrime: 10 Top Tactics and Trends

From Ransomware and DDoS to Malware and SIM Swapping: Europol Describes Latest Threats According to the seventh annual Internet Organized Crime Threat Assessment, produced by Europol ransomware attacks remain the top cyber-enabled threat. But phishing, business email compromises and other types of fraud – many now using a COVID-19 theme – also loom large. Here are 10 of the top threats from the Europol report in alphabetical order....

Read More

Hefty HIPAA Fine After Breach Involving ‘The Dark Overlord’

Regulator: Georgia Clinic Showed ‘Systemic Noncompliance’ Federal regulators have announced a $1.5 million HIPAA settlement with Athens Orthopedic Clinic in Georgia, stemming from a 2016 breach involving The Dark Overlord hacking group that exposed the records of nearly 209,000 individuals. The exposed PHI included name, date of birth, SSN, patient demographic information, clinical information, and financial/billing information. The...

Read More

Emerging Risk Management Issue: Vendors Hit by Ransomware

Two recent ransomware incidents targeted companies serving healthcare organizations, highlighting an emerging challenge for vendor risk management in the sector. Blackbaud, which sells cloud-based marketing, fundraising, and customer relationship management software, was recently hit by ransomware. Some of its affected clients are now being revealed. Meanwhile, medical debt collector firm R1 RCM, formerly known as Accretive Health, also has...

Read More