Healthcare organizations worldwide are facing a surge in cyberattacks. The healthcare industry is grappling with increasingly sophisticated cyberattacks, often exploiting known vulnerabilities that should have been addressed much earlier. Automated Linux patching helps ensure that systems are continuously updated with the latest security patches. These days, healthcare organizations are increasingly relying on advanced technologies like […]

The post How Automated Linux Patching Boosts Healthcare Security appeared first on TuxCare.

The post How Automated Linux Patching Boosts Healthcare Security appeared first on Security Boulevard.

The LA County’s Department of Public Health says the personal information of 200,000 was compromised in a data breach.

The post 200,000 Impacted by Data Breach at Los Angeles County Public Health Agency appeared first on SecurityWeek.

Dr. Vivek Murthy said he would urge Congress to require a warning that social media use can harm teenagers’ mental health.

© Susan Walsh/Associated Press

Methods such as hormonal implants and injections are reaching remote areas, providing more discretion and autonomy.

Many pregnant women who struggle with drugs put off prenatal care, feeling ashamed and judged. But as fatal overdoses rise, some clinics see pregnancy as an ideal time to help them confront addiction.

Stephen Massey has taken on role at GenesisCare, which reports increased demand ‘as a result of NHS backlogs’

The Conservative party’s chief executive has taken on a senior role at a private cancer care firm that said in its annual report it had benefited from soaring NHS waiting times.

Stephen Massey was appointed CEO of the party in November 2022, months after he donated £25,000 of his personal wealth to support Rishi Sunak’s first, and unsuccessful, bid to become Tory leader.

Continue reading...

💾

© Photograph: vilevi/Alamy

💾

© Photograph: vilevi/Alamy

Ascension says patient information was stolen in an early-May ransomware attack that involved an employee downloading malware.

The post Ascension Says Personal, Health Information Stolen in Ransomware Attack appeared first on SecurityWeek.

The City of Cleveland, Ohio, has been hit by a cyberattack that has closed City Hall and other offices, but the city says essential services remain operational. The city hasn’t revealed the nature of the incident, but the Cleveland cyberattack is one of the highest-profile ones to date affecting a major U.S. municipality. In a recent update on X, the city said it is “still investigating the nature and scope of the incident. The City is collaborating with several key partners who provide expert knowledge and deep experience in this work.”

Cleveland Essential Services Functioning

City Hall and offices at Erieview Plaza are closed to the public and non-essential employees, but the city sought to reassure residents that key services and data remain safe. Emergency services, such as 911, Police, Fire, and EMS are operational, along with other essential services such as water, pollution control, power services, ports and airports. The update said that “certain City data is confirmed to be unaffected, including: - Taxpayer information held by the CCA. - Customer information held by Public Utilities.” That still leaves other data sources that could be affected, however, such as city employees’ personal data. In its initial announcement on X, the city said, “We have shut down affected systems to secure and restore services. Emergency services and utilities are not affected. Updates will be provided as available.” The city hasn’t said whether the incident is ransomware or another cyber attack type, but that will presumably be revealed in later updates. Cleveland itself is home to 362,000 residents, while the surrounding metropolitan area has a population of more than 2 million.

Cleveland Cyberattack Follows Wichita Ransomware; Healthcare Network Hit

Cleveland isn’t the biggest U.S. city to be hobbled by a cyber attack, as at least a few bigger cities have been hit by cyber incidents. The 394,000-resident city of Wichita, Kansas was hit by a ransomware attack last month in an attack linked to the LockBit ransomware group, but Baltimore was perhaps the biggest U.S. city hit by a cyberattack in a crippling 2019 incident that closely followed an Atlanta cyberattack. All of that pales in comparison to the U.S. government, which got hit by more than 32,000 cybersecurity incidents in fiscal 2023, up 10% from fiscal 2022, according to a new White House report on federal cybersecurity readiness. Threat actors seemingly have no end of targets, as a healthcare network in Texas, Arkansas and Florida is also reporting recent cyber troubles that the BlackSuit ransomware group is claiming responsibility for. The Special Health Resources network posted a notice on its website (copied below) that states, “We are currently experiencing a network incident that has caused a temporary disruption to our phones and computer systems. During this time, we are STILL OPEN and ready to serve our patients and community!” [caption id="attachment_76662" align="alignnone" width="750"] Special Health Resources website notice[/caption] If Special Health’s troubles are linked to a cyberattack, they seem to have fared better than the damage sustained by NHS London recently, as cyber attackers seemingly have abandoned long-standing pledges to avoid attacking healthcare systems.

The modest benefits of the treatment, donanemab, made by Eli Lilly, outweigh the risks, the panel concluded unanimously.

Agents from various federal agencies will focus on unauthorized candy-flavored and nicotine-laden vapes that have flooded the U.S. market from overseas.

© Mike Blake/Reuters

Senator Ron Wyden (D-Ore.) is pressing the U.S. government to accelerate cybersecurity enhancements within the healthcare sector following the devastating Change Healthcare ransomware attack that exposed the protected health information of nearly a third of Americans. In a letter to Xavier Becerra, secretary of the U.S. Department of Health and Human Services, Wyden urged HHS to implement immediate, enforceable steps to improve “lax cybersecurity practices” of large healthcare organizations.

“It is clear that HHS’ current approach to healthcare cybersecurity — self-regulation and voluntary best practices — is woefully inadequate and has left the health care system vulnerable to criminals and foreign government hackers.” - Wyden.

He stated that the sub-par cybersecurity standards have allowed hackers to steal patient information and disrupt healthcare services, which has caused “actual harm to patient health.”

MFA Could Have Stopped Change Healthcare Attack

The call from Wyden comes on the back of the ransomware attack on Change Healthcare — a subsidiary of UnitedHealth Group — which, according to its Chief Executive Officer Andrew Witty, could have been prevented with the basic cybersecurity measure of Multi-Factor Authentication (MFA). The lack of MFA on a Citrix remote access portal account that Change Healthcare used proved to be a key vulnerability that allowed attackers to gain initial access using compromised credentials, Witty told the Senate Committee on Finance in a May 1 hearing.

“HHS’ failure to regulate the cybersecurity practices of major health care providers like UHG resulted in what the American Hospital Association has described as the worst cyberattack against the healthcare sector in U.S. history.” - Wyden

The use of MFA is a fundamental cybersecurity practice that HHS should mandate for all healthcare organizations, Wyden argued. He called for the implementation of broader minimum and mandatory technical cybersecurity standards, particularly for critical infrastructure entities that are designated as "systemically important entities" (SIE) by the U.S. Cybersecurity and Infrastructure Security Agency. “These technical standards should address how organizations protect electronic information and ensure the healthcare system’s resiliency by maintaining critical functions, including access to medical records and the provision of medical care,” Wyden noted. He suggested that HHS enforce these standards by requiring Medicare program participants to comply.

Wyden’s Proposed Cybersecurity Measures for HHS

Wyden said HHS should mandate a range of cybersecurity measures as a result of the attack. “HHS must follow the lead of other federal regulators in mandating cybersecurity best practices necessary to protect the healthcare sector from further, devastating, easily-preventable cyberattacks,” Wyden argued. The Democratic senator proposed several measures to enhance cybersecurity in the healthcare sector, including:

• Mandatory Minimum Standards: Establish mandatory cybersecurity standards, including MFA, for critical healthcare infrastructure.
• Rapid Recovery Capabilities: Ensure that organizations can rebuild their IT infrastructure within 48 to 72 hours following an attack.
• Regular Audits: Conduct regular audits of healthcare organizations to assess and improve their cybersecurity practices.
• Technical Assistance: Provide technical security support to healthcare providers.

Wyden criticized HHS for its current insufficient regulatory oversight, which he believes contributes to the ongoing cyberattacks harming patients and national security. “The current epidemic of successful cyberattacks against the health care sector is a direct result of HHS’s failure to appropriately regulate and oversee this industry, harming patients, providers, and our national security,” Wyden said. He urged HHS to use all of its authorities to protect U.S. healthcare providers and patients from mounting cybersecurity risks.

The State of Ransomware in Healthcare

The healthcare sector was the most common ransomware target among all critical infrastructure sectors, according to FBI’s Internet Crime Report 2023. The number of attacks and individuals impacted have grown exponentially over the last three years. [caption id="attachment_75474" align="aligncenter" width="1024"] Ransomware attacks on healthcare in last three years. (Source: Emsisoft)[/caption]

“In 2023, 46 hospital systems with a total of 141 hospitals were impacted by ransomware, and at least 32 of the 46 had information, including protected health information, stolen.” - Emsisoft

A study from McGlave, Neprash, and Nikpay from the University of Minnesota School of Public Health found that in a five-year period starting in 2016, ransomware attacks likely killed between 42 and 67 Medicare patients. Their study further observed a decrease in hospital volume and services by 17-25% during the week following a ransomware attack that not only hit revenue but also increased in-hospital mortality among patients who were already admitted at the time of attack.

HHS Cybersecurity Response

HHS announced in December plans to update its cybersecurity regulations for the healthcare sector for the first time in 21 years. These updates would include voluntary cybersecurity performance goals and efforts to improve accountability and coordination. The Healthcare and Public Health Sector Coordinating Council also unveiled a five-year Health Industry Cybersecurity Strategic Plan in April, which recommends 10 cybersecurity goals to be implemented by 2029. Wyden acknowledged and credited the latest reform initiatives from HHS and the HSCC, but remains concerned about the lengthy implementation timeline, which he said requires urgency when it comes to the healthcare sector. The latest letter follows Wyden’s request last week to the SEC and FTC to investigate for any negligence in cybersecurity practices of UnitedHealth Group. HHS is currently investigating the potential UHG breach that resulted in the exposure of protected health information of hundreds of thousands of Americans.

A Russian cyber gang is believed to be behind a ransomware attack that disrupted London hospitals and led to operations and appointments being canceled.

The post A Russian Cyber Gang Is Thought to Be Behind a Ransomware Attack That Hit London Hospitals appeared first on SecurityWeek.

Train people. It makes a difference. In organizations without security awareness training, 34% of employees are likely to click on malicious links or comply with fraudulent requests.

The post Cybersecurity Training Reduces Phishing Threats – With Numbers to Prove It appeared first on Security Boulevard.

The panel endorsed targeting a variant of the coronavirus that is now receding, though some officials suggested aiming at newer versions of the virus that have emerged in recent weeks.

© Jamie Kelter Davis for The New York Times

The National Academies said the condition could involve up to 200 symptoms, make it difficult for people to work and last for months or years.

© Alex Wroblewski for The New York Times

Several hospitals in London have canceled operations and appointments after being hit in a ransomware attack.

The post London Hospitals Cancel Operations and Appointments After Being Hit in Ransomware Attack appeared first on SecurityWeek.

An independent group of experts expressed concerns that the data from clinical trials did not outweigh risks for treatment of post-traumatic stress disorder.

© Travis Dove for The New York Times

Source: www.databreachtoday.com – Author: 1 Breach Notification , Healthcare , HIPAA/HITECH HHS OCR Advises HIPAA-Covered Entities to Coordinate Notification Duties With UHG Marianne Kolbasuk McGee (HealthInfoSec) • June 3, 2024     HHS OCR said HIPAA-covered entities can delegate to Change Healthcare the notification to millions of patients potentially affected by the company’s data breach. […]

La entrada Feds Say Change Healthcare Can Handle Breach Notification – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Baptist Health CISO James Case shared insights on transforming cybersecurity through a risk-focused lens at a recent webinar we hosted. The discussion was moderated by Axio President, David White and

The post Webinar Recap: Critical Concerns for Healthcare Providers in 2024 appeared first on Axio.

The post Webinar Recap: Critical Concerns for Healthcare Providers in 2024 appeared first on Security Boulevard.

The UPGRADE program seeks to enhance and automate cybersecurity for healthcare facilities, focused on protecting operations and ensuring continuity of patient care.

The post Cybersecurity Automation in Healthcare Program Launched by HHS Agency appeared first on Security Boulevard.

"I write to request that your agencies investigate UnitedHealth Group’s (UHG) negligent cybersecurity practices, which caused substantial harm to consumers, investors, the healthcare industry, and U.S. national security. The company, its senior executives, and board of directors must be held accountable," declared Senator Ron Wyden, Chairman of the Senate Committee on Finance, in a letter to federal regulators on May 30. This urgent plea follows the devastating cyberattack on Change Healthcare, a subsidiary of UHG, raising critical questions about the company's cybersecurity integrity. In a four-page letter, Senator Wyden linked the recent cyberattack on Change Healthcare to the infamous SolarWinds data breach, blaming UHG's leadership for a series of risky decisions that ended in this tragic cyberattack. [caption id="attachment_73457" align="aligncenter" width="1024"] Source: SEC[/caption]

Broader Context of Cyberattack on Change Healthcare

At the heart of the criticism is the appointment of a Chief Information Security Officer (CISO) who had no prior full-time experience in cybersecurity before assuming the role in June 2023. This, according to Wyden, epitomizes the corporate negligence that has placed countless stakeholders at risk. Wyden argues that Martin's appointment exemplifies a broader pattern of poor decision-making by UHG’s senior executives and board of directors, who should be held accountable for the company’s cybersecurity lapses. The comparison to SolarWinds is particularly telling. The SolarWinds incident exposed vulnerabilities in software supply chains, leading to widespread consequences across multiple sectors. Similarly, UHG's data breach, if proven to result from preventable lapses, highlights the critical need for stringent cybersecurity practices in healthcare, an industry that handles sensitive personal and medical data.

The Incident and Initial Reactions

The incident in question involved hackers exploiting a remote access server at Change Healthcare, which lacked multi-factor authentication (MFA). This basic cybersecurity lapse allowed the attackers to gain an initial foothold, leading to a ransomware infection that crippled UHG’s operations. During testimony before the Senate Finance Committee on May 1, 2024, UHG CEO Andrew Witty admitted that the company’s MFA policy was not uniformly implemented across all external servers. Witty's revelations highlighted a broader issue of inadequate cybersecurity defenses at UHG, despite the industry's reliance on MFA as a fundamental safeguard.

Industry Standards and Regulatory Expectations

Wyden’s letter points out that the Federal Trade Commission (FTC) has mandated MFA for financial services companies under the Safeguards Rule and has enforced its use in cases against companies like Drizly and Chegg. These precedents establish MFA as a non-negotiable standard for protecting consumer data. UHG's failure to implement this basic security measure on all its servers is a glaring oversight, suggesting a disconnect between its stated policies and actual practices. Moreover, Wyden highlights the necessity of multiple lines of defense in cybersecurity. The fact that hackers could escalate their access from one compromised server to the entire network indicates a lack of network segmentation and other best practices designed to contain breaches. This deficiency exacerbates the initial failure to secure remote access points.

Consequences and Broader Implications

The implications of UHG’s cybersecurity failures are profound. The immediate aftermath saw significant disruptions, with some of UHG's systems taking weeks to restore. Witty admitted that while cloud-based systems were quickly recovered, many critical services running on UHG's own servers were not engineered for rapid restoration. This lack of resilience in UHG’s infrastructure planning highlights a failure to anticipate and mitigate the risk of ransomware attacks, a known and escalating threat. Wyden’s letter also addresses the financial fallout. UHG has already estimated the breach's cost at over a billion dollars, reflecting the significant economic impact of the cyberattack. This financial burden, coupled with negative media coverage, exposes UHG to substantial political and market risks. The case echoes the SEC’s stance in the SolarWinds case, where cybersecurity practices were deemed crucial for investor decisions. Investors in UHG would similarly consider enhanced cybersecurity practices essential, given the potential for massive breaches to affect stock value and company reputation.

Accountability and Regulatory Action

Senator Wyden calls for the FTC and SEC to investigate UHG’s cybersecurity and technology practices, aiming to determine if any federal laws were violated and to hold senior officials accountable. This push for accountability highlights the role of corporate governance in cybersecurity. The Audit and Finance Committee of UHG’s board, responsible for overseeing cybersecurity risks, is criticized for its apparent failure to fulfill its duties. Wyden suggests that the board's lack of cybersecurity expertise likely contributed to the oversight failures, a critical point in an era where cybersecurity threats are increasingly sophisticated and pervasive.

The prevalence of post-traumatic stress disorder among college students rose to 7.5 percent in 2022, more than double the rate five years earlier, researchers found.

© Tristan Spinski for The New York Times

Views: 3Source: www.cybertalk.org – Author: slandau By Zac Amos, Features Editor, Rehack.com. In recent years, ransomware has emerged as a critical threat to the healthcare industry, with attacks growing in frequency, sophistication and impact. These cyber assaults disrupt hospital operations, compromise patient safety and undermine data integrity. Understanding how ransomware tactics have evolved — from basic phishing […]

La entrada The evolution of healthcare ransomware attacks – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Strauss Borrelli PLLC, a leading law firm known for handling data breach litigation, has launched an investigation into the recent WD & Associates data breach. WDA, based in Rhode Island, is an employee benefits brokerage firm specializing in healthcare consulting. The company assists clients in making well-informed decisions about financial planning and employee benefits. The incident may have exposed sensitive personally identifiable information and protected health information for an undetermined number of patients and other affected individuals.

WD & Associates Data Breach

WD & Associates provide a wide range of services including Employee Benefits, Safe Money Management, HR Consulting, Retirement Planning, IRA Rollovers, Actuarial Consulting, Risk Management, Business Consulting, Organizational Development. However, information from these services may be potentially compromised after a recent data breach. The security incident occurred between February 1 and February 9, 2023, when an unauthorized actor accessed sensitive information stored on WDA systems. WD stated that it had taken immediate action to secure its network and launched an investigation to determine the nature and scope of the breach. WDA began notifying potentially impacted individuals of the incident on May 24, 2024. The potentially exposed information includes:

• Name
• Social Security number
• Date of birth
• Driver’s license number
• Passport number
• Financial account information
• Medical information
• Health insurance information

WD is offering 24 months of complimentary credit monitoring services through Experian to enrolled individuals. The company also stated that it would implement additional cybersecurity tools and review existing policies and procedures to prevent similar incidents from occurring in the future. WD also stated that it had notified details about the investigation to relevant federal law enforcement and would notify relevant regulators, as legally required.

Strauss Borrelli PLLC Investigation Into Data Breach

The Strauss Borrelli PPLC Law firm announced on it's site that it would be interested in discussing further rights and potential legal remedies with the individuals who received the recent data breach notification letter from WD & Associates, Inc. Individuals can contact the law firm through their number 872.263.1100 or e-mail address sam@straussborrelli.com. Individuals should also remain vigilant against identity theft and fraud by regularly reviewing account statements, explanation of benefits, and monitoring free credit reports for suspicious activity. Additionally, U.S. consumers are legally entitled to one free credit report annually from each of the three major credit reporting bureaus(Equifax, Experian, and TransUnion). To request a free credit report, visit www.annualcreditreport.com or call 1-877-322-8228. Consumers also have the option to place a fraud alert or implement credit freeze on their credit file at no cost. Suspicious activity should be reported promptly to relevant parties, including insurance companies, healthcare providers, and financial institutions. WD & Associates affirmed its commitment to protecting the privacy and security of its clients' information and that the company would continue to provide updates and further information as soon as they become available. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The impact of the Cencora data breach is far more widespread than earlier thought as more than a dozen pharmaceutical giants including Novartis and GlaxoSmithKline disclose personal and health information data leaks stemming from the February breach incident. Cencora Inc., formerly recognized as AmerisourceBergen, and its Lash Group affiliate announced in a February filing with the Securities and Exchange Commission (SEC) that the company faced a cybersecurity incident where “data from its information systems had been exfiltrated.” Cencora is a major pharmacy company with over 46,000 employees and approximately $262.2 billion in revenue in 2023. Based in Pennsylvania, it operates in around 50 countries globally. The popular American drug wholesaler did not disclose the extent of the data breach in its February SEC filing but did confirm at the time that some of the data exfiltrated in the attack could contain personal information. Last week, however, Cencora and The Lash Group clients began notifying state Attorneys General about a data breach that stemmed from the February cybersecurity incident at Cencora. At least 15 pharmaceutical companies reported that the personal data of hundreds of thousands of individuals were compromised. Notifications identified the following affected companies:

• AbbVie Inc.
• Acadia Pharmaceuticals Inc.
• Bayer Corporation
• Bristol Myers Squibb Company and Bristol Myers Squibb Patient Assistance Foundation
• Dendreon Pharmaceuticals LLC
• Endo Pharmaceuticals Inc.
• Genentech, Inc.
• GlaxoSmithKline Group of Companies and the GlaxoSmithKline Patient Access Programs Foundation
• Incyte Corporation
• Marathon Pharmaceuticals, LLC/PTC Therapeutics, Inc.
• Novartis Pharmaceuticals Corporation
• Pharming Healthcare, Inc.
• Regeneron Pharmaceuticals, Inc.
• Sumitomo Pharma America, Inc. / Sunovion Pharmaceuticals Inc.
• Tolmar

State Attorneys General often announce data breaches without specifying the number of affected people but AG’s office in Texas does disclose the number impacting the state residents. Based on these partial numbers, at least 542,000 individuals seem to be impacted from the Cencora data breach, till date. The Cyber Express reached out to Cencora for confirming the total number of individuals impacted to understand the full extent of the data breach but did not receive any communication till the time of publishing the article.

Cyber Forensic Findings from the Cencora Data Breach

Cencora detected the cyberattack on February 21, and took immediate action to contain and prevent further unauthorized access. Based on the investigation that likely concluded in April, Cencora said personal information including first name, last name, address, date of birth, health diagnosis, and medications and prescriptions was compromised in the attack. AmerisourceBergen Specialty Group (ABSG), a unit of Cencora, said Friday the breach involved data of a prescription supply program run by the now defunct subsidiary, Medical Initiatives Inc. Further details on how the supply program was exploited remain unclear. U.S. has been rocked by a host of cybersecurity breaches linked to the healthcare industry in recent days. While Change Healthcare cyberattack was one of the most notable ones, the Medstar and Ascension breaches have displayed the vulnerability of the healthcare sector to cyberattacks. The latest in the list of healthcare data breaches is the Sav-Rx data breach that compromised the health data of more than 2.8 million people. Cencora’s investigation, however, found no connection with other major healthcare cyberattacks and, in its notifications, said they were unaware of any actual or attempted misuse of the stolen data. The company said it has not seen any public disclosure of the stolen data, till date. The affected individuals have been offered 24 months of credit monitoring and identity theft remediation services at no cost and steps have also been taken to harden defenses to prevent such security breaches in the future. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

A threat actor is asking $50,000 for data allegedly stolen from Australian digital prescription services provider MediSecure.

The post Data Stolen From MediSecure for Sale on Dark Web appeared first on SecurityWeek.

Medicare Advantage plans say it reduces waste and inappropriate care. Critics say it often restricts coverage unnecessarily.

© Caroline Yang for The New York Times

A new analysis of dozens of studies has identified the most common warning symptoms in adults under 50, whose rates of colon and rectal cancer are on the rise.

© Jean-Paul Pelissier/Reuters

The personal information of 400,000 individuals was compromised in a data breach at El Centro Del Barrio (CentroMed).

The post 400,000 Impacted by CentroMed Data Breach appeared first on SecurityWeek.

A bill that is expected to pass would impose prison time and thousands of dollars in fines on people possessing the pills without a prescription.

© Evelyn Hockstein/Reuters

ARPA-H has announced a $50 million investment in tools to help IT teams better secure hospital environments.

The post US to Invest $50 Million in Securing Hospitals Against Cyber Threats appeared first on SecurityWeek.

CISA has added CVE-2023-43208, an unauthenticated remote code execution vulnerability, to its KEV catalog. 

The post CISA Warns of Attacks Exploiting NextGen Healthcare Mirth Connect Flaw appeared first on SecurityWeek.

At the American Psychiatric Association’s annual meeting, a patient described a restraint that haunts him, more than eight years later.

© Diana Cervantes for The New York Times

When a child in a small Cambodian town fell sick recently, his rapid decline set off a global disease surveillance system.

Health insurance firm WebTPA says the personal information of 2.4 million individuals was compromised in a data breach.

The post 2.4 Million Impacted by WebTPA Data Breach appeared first on SecurityWeek.

MediSecure says data related to prescriptions distributed until November 2023 was compromised in a ransomware attack.

The post MediSecure Data Breach Impacts Patient and Healthcare Provider Information  appeared first on SecurityWeek.

Preliminary numbers show a nearly 4 percent decrease in deaths from opioids, largely fentanyl, but a rise in deaths from meth and cocaine.

© Erin Schaff/The New York Times

Singing River Health System says the personal information of roughly 900,000 individuals was stolen in an August 2023 ransomware attack.

The post 900k Impacted by Data Breach at Mississippi Healthcare Provider appeared first on SecurityWeek.

Dr. Hilary Cass published a landmark report that led to restrictions on youth gender care in Britain. U.S. health groups said it did not change their support of the care.

© Tori Ferenc for The New York Times

Richard Slayman received the historic procedure in March. The hospital said it had “no indication” his death was related to the transplant.

Richard Slayman received the historic procedure in March. The hospital said it had “no indication” his death was related to the transplant.

People with two copies of the gene variant APOE4 are almost certain to get Alzheimer’s, say researchers, who proposed a framework under which such patients could be diagnosed years before symptoms.

© Vsevolod Zviryk/Science Source

New research finds that the death rate among Black youths soared by 37 percent, and among Native American youths by 22 percent, between 2014 and 2020, compared with less than 5 percent for white youths.

© Carolyn Kaster/Associated Press

Women at risk for extreme high blood pressure should take a daily baby aspirin. But their doctors don’t always tell them.

© Gary Cameron/Reuters

Despite an arsenal of drugs, many Americans are still unaware of their infections until it’s too late. A Biden initiative languishes without Congressional approval.

© Adria Malcolm for The New York Times

Last week on Malwarebytes Labs:

• How to change your Social Security Number
• Apple warns people of mercenary attacks via threat notification system
• How to check if your data was exposed in the AT&T breach
• Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities
• How to protect yourself from online harassment
• Introducing the Digital Footprint Portal
• New ransomware group demands Change Healthcare ransom
• Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla
• 35-year long identity theft leads to imprisonment for victim
• Porn panic imperils privacy online, with Alec Muffett (re-air): Lock and Code S05E08

Stay safe!

---

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

Information newly made available under California law has shed light on data broker practices, including exactly what categories of information they trade in.

Any business that meets the definition of data broker must register with the California Privacy Protection Agency (CPPA) annually. The CPPA defines data brokers as businesses that consumers don’t directly interact with, but that buy and sell information about consumers from and to other businesses.

Where there’s money to be made you’ll find companies and individuals that will go to any length to get a piece of the action. At the moment there are around 480 data brokers registered with the CPPA. However, that might be just the tip of the iceberg, because there are a host of smaller players active that try to keep a low profile. There are 70 fewer data brokers listed than last year, but it is questionable whether they went out of business or just couldn’t be bothered with all the regulations tied to being a listed data broker.

The law requires registered data brokers to disclose in which of the following categories they actively trade information in:

• Minors (24)
• Precise Geolocation (79)
• Reproductive healthcare data (25)

Four of these data brokers are active in all three of these categories: LexisNexis Risk Solutions, Harmon Research Group, Experian Marketing Solutions, and BDO USA, P.C., Global Corporate Intelligence group.

What is particularly disturbing is the traffic in the data of minors. Children require special privacy protection since they’re more vulnerable and less aware of the potential risks associated with data processing.

When it comes to children’s data, the CCPA requires businesses to obtain opt-in consent to sell the data of a person under the age of 16. Children between the ages of 13 and 16 can provide their own consent, but for children under the age of 13, businesses must obtain verifiable parental consent before collecting or selling their data.

Data brokers were under no obligation to disclose information about selling data belonging to minors until the Delete Act was signed into law on October 10, 2023. The Delete Act is a Californian privacy law which provides consumers with the right to request the deletion of their personal information held by various data brokers subject to the law through a single request.

The next step forward would be if more states followed California’s example. So far only four states—California, Vermont, Oregon, and Texas—have enacted data broker registration laws.

The Children’s Online Privacy Protection Act (COPPA), which regulates children’s privacy, does not currently prevent companies from selling data about children. An update for the bill (COPPA 2.0), that would enhance the protection of minors, is held up in Congress.

In Texas, data brokers are governed by Chapter 509 of the Business and Commerce Code and this includes the specification that each data broker has a “duty to protect personal data held by that data broker.” This is important because, as we have seen, breaches at these data brokers can be combined with others and result in a veritable treasure trove of personal data in the hands of cybercriminals.

Check your digital footprint

If you want to find out how much of your data has been exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

---

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. “ALPHV“) as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks. However, the cybercriminal who claims to have given BlackCat access to Change’s network says the crime gang cheated them out of their share of the ransom, and that they still have the sensitive data Change reportedly paid the group to destroy. Meanwhile, the affiliate’s disclosure appears to have prompted BlackCat to cease operations entirely.

In the third week of February, a cyber intrusion at Change Healthcare began shutting down important healthcare services as company systems were taken offline. It soon emerged that BlackCat was behind the attack, which has disrupted the delivery of prescription drugs for hospitals and pharmacies nationwide for nearly two weeks.

On March 1, a cryptocurrency address that security researchers had already mapped to BlackCat received a single transaction worth approximately $22 million. On March 3, a BlackCat affiliate posted a complaint to the exclusive Russian-language ransomware forum Ramp saying that Change Healthcare had paid a $22 million ransom for a decryption key, and to prevent four terabytes of stolen data from being published online.

The affiliate claimed BlackCat/ALPHV took the $22 million payment but never paid him his percentage of the ransom. BlackCat is known as a “ransomware-as-service” collective, meaning they rely on freelancers or affiliates to infect new networks with their ransomware. And those affiliates in turn earn commissions ranging from 60 to 90 percent of any ransom amount paid.

“But after receiving the payment ALPHV team decide to suspend our account and keep lying and delaying when we contacted ALPHV admin,” the affiliate “Notchy” wrote. “Sadly for Change Healthcare, their data [is] still with us.”

Change Healthcare has neither confirmed nor denied paying, and has responded to multiple media outlets with a similar non-denial statement — that the company is focused on its investigation and on restoring services.

Assuming Change Healthcare did pay to keep their data from being published, that strategy seems to have gone awry: Notchy said the list of affected Change Healthcare partners they’d stolen sensitive data from included Medicare and a host of other major insurance and pharmacy networks.

On the bright side, Notchy’s complaint seems to have been the final nail in the coffin for the BlackCat ransomware group, which was infiltrated by the FBI and foreign law enforcement partners in late December 2023. As part of that action, the government seized the BlackCat website and released a decryption tool to help victims recover their systems.

BlackCat responded by re-forming, and increasing affiliate commissions to as much as 90 percent. The ransomware group also declared it was formally removing any restrictions or discouragement against targeting hospitals and healthcare providers.

However, instead of responding that they would compensate and placate Notchy, a representative for BlackCat said today the group was shutting down and that it had already found a buyer for its ransomware source code.

“There’s no sense in making excuses,” wrote the RAMP member “Ransom.” “Yes, we knew about the problem, and we were trying to solve it. We told the affiliate to wait. We could send you our private chat logs where we are shocked by everything that’s happening and are trying to solve the issue with the transactions by using a higher fee, but there’s no sense in doing that because we decided to fully close the project. We can officially state that we got screwed by the feds.”

BlackCat’s website now features a seizure notice from the FBI, but several researchers noted that this image seems to have been merely cut and pasted from the notice the FBI left in its December raid of BlackCat’s network. The FBI has not responded to requests for comment.

Fabian Wosar, head of ransomware research at the security firm Emsisoft, said it appears BlackCat leaders are trying to pull an “exit scam” on affiliates by withholding many ransomware payment commissions at once and shutting down the service.

“ALPHV/BlackCat did not get seized,” Wosar wrote on Twitter/X today. “They are exit scamming their affiliates. It is blatantly obvious when you check the source code of their new takedown notice.”

Dmitry Smilyanets, a researcher for the security firm Recorded Future, said BlackCat’s exit scam was especially dangerous because the affiliate still has all the stolen data, and could still demand additional payment or leak the information on his own.

“The affiliates still have this data, and they’re mad they didn’t receive this money, Smilyanets told Wired.com. “It’s a good lesson for everyone. You cannot trust criminals; their word is worth nothing.”

BlackCat’s apparent demise comes closely on the heels of the implosion of another major ransomware group — LockBit, a ransomware gang estimated to have extorted over $120 million in payments from more than 2,000 victims worldwide. On Feb. 20, LockBit’s website was seized by the FBI and the U.K.’s National Crime Agency (NCA) following a months-long infiltration of the group.

LockBit also tried to restore its reputation on the cybercrime forums by resurrecting itself at a new darknet website, and by threatening to release data from a number of major companies that were hacked by the group in the weeks and days prior to the FBI takedown.

But LockBit appears to have since lost any credibility the group may have once had. After a much-promoted attack on the government of Fulton County, Ga., for example, LockBit threatened to release Fulton County’s data unless paid a ransom by Feb. 29. But when Feb. 29 rolled around, LockBit simply deleted the entry for Fulton County from its site, along with those of several financial organizations that had previously been extorted by the group.

Fulton County held a press conference to say that it had not paid a ransom to LockBit, nor had anyone done so on their behalf, and that they were just as mystified as everyone else as to why LockBit never followed through on its threat to publish the county’s data. Experts told KrebsOnSecurity LockBit likely balked because it was bluffing, and that the FBI likely relieved them of that data in their raid.

Smilyanets’ comments are driven home in revelations first published last month by Recorded Future, which quoted an NCA official as saying LockBit never deleted the data after being paid a ransom, even though that is the only reason many of its victims paid.

“If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future,” LockBit’s extortion notes typically read.

Hopefully, more companies are starting to get the memo that paying cybercrooks to delete stolen data is a losing proposition all around.