Source: www.databreachtoday.com – Author: 1 What are the key elements of a successful healthcare identity security program? SailPoint healthcare experts Matthew Radcliffe and Rob Sebaugh detail what else look for to accelerate your business and improve your security posture. In an interview with ISMG, the two SailPoint executives discuss: Elements of a successful identity security […]

La entrada Healthcare Identity Security: What to Expect from Your Solution – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.bleepingcomputer.com – Author: Bill Toulas The WebTPA Employer Services (WebTPA) data breach disclosed earlier this month is impacting close to 2.5 million individuals, the U.S. Department of Health and Human Services notes. Some of the impacted people are customers at large insurance companies such as The Hartford, Transamerica, and Gerber Life Insurance. WebTPA is a GuideWell […]

La entrada WebTPA data breach impacts 2.4 million insurance policyholders – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA24-131A) which disseminates known Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) associated to Black Basta ransomware, a ransomware variant whose operators have encrypted and stolen data from at least 12 out of 16 critical infrastructure sectors, including the Healthcare and Public Health (HPH) Sector.

The post Response to CISA Advisory (AA24-131A): #StopRansomware: Black Basta appeared first on AttackIQ.

The post Response to CISA Advisory (AA24-131A): #StopRansomware: Black Basta appeared first on Security Boulevard.

Source: www.bleepingcomputer.com – Author: Bill Toulas Electronic prescription provider MediSecure in Australia has shut down its website and phone lines following a ransomware attack believed to originate from a third-party vendor. The incident has impacted personal and health information of individuals but the extent remains unclear at this time. Operating since 2009, MediSecure provides digital […]

La entrada MediSecure e-script firm hit by ‘large-scale’ ransomware data breach – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

What are the financial performance benefits of strong cyber governance? In a blog series dedicated to the SEC’s new rules, we haven’t talked much about the connection between cybersecurity and

The post Investing Wisely: The Financial Benefits of Strong Cyber Resilience appeared first on Axio.

The post Investing Wisely: The Financial Benefits of Strong Cyber Resilience appeared first on Security Boulevard.

Source: www.bleepingcomputer.com – Author: Bill Toulas The Singing River Health System is warning that it is now estimating that 895,204 people are impacted by a ransomware attack it suffered in August 2023. Singing River Health System is a major healthcare provider located in Mississippi, operating the Singing River Hospital in Pascagoula, Ocean Springs Hospital, and the Singing River Gulfport […]

La entrada Singing River Health System: Data of 895,000 stolen in ransomware attack – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Preliminary numbers show a nearly 4 percent decrease in deaths from opioids, largely fentanyl, but a rise in deaths from meth and cocaine.

© Erin Schaff/The New York Times

Singing River Health System says the personal information of roughly 900,000 individuals was stolen in an August 2023 ransomware attack.

The post 900k Impacted by Data Breach at Mississippi Healthcare Provider appeared first on SecurityWeek.

Source: www.exponential-e.com – Author: Graham Cluley Security agencies in the United States have issued a new warning about the Black Basta ransomware group, in the wake of a high-profile attack against the healthcare giant Ascension. The cyber attack last week forced the Ascension computer systems offline, and caused some hospital emergency departments to turn away […]

La entrada Black Basta ransomware group’s techniques evolve, as FBI issues new warning in wake of hospital attack – Source: www.exponential-e.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Dr. Hilary Cass published a landmark report that led to restrictions on youth gender care in Britain. U.S. health groups said it did not change their support of the care.

© Tori Ferenc for The New York Times

Будет! Russian ransomware rascals riled a Roman Catholic healthcare organization.

The post FBI/CISA Warning: ‘Black Basta’ Ransomware Gang vs. Ascension Health appeared first on Security Boulevard.

Richard Slayman received the historic procedure in March. The hospital said it had “no indication” his death was related to the transplant.

Richard Slayman received the historic procedure in March. The hospital said it had “no indication” his death was related to the transplant.

Source: securityaffairs.com – Author: Pierluigi Paganini A cyberattack hit the US healthcare giant Ascension A cyberattack hit the US Healthcare giant Ascension and is causing disruption of the systems at hospitals in the country. Ascension is one of the largest private healthcare systems in the United States, ranking second in the United States by the number of hospitals as of 2019. […]

La entrada A cyberattack hit the US healthcare giant Ascension – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Nathan Eddy, Contributing Writer Source: MBI via Alamy Stock Photo Healthcare provider Ascension, which operates 140 hospitals across 19 states, fell victim to a cyberattack that took down multiple essential systems including electronic health records (EHRs), the MyChart platform for patient communication, and certain medication and test-ordering systems. The organization disclosed […]

La entrada Ascension Healthcare Suffers Major Cyberattack – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

One of the largest healthcare systems in the United States is scrambling to contain a hack that's causing disruption and “downtime procedures” at hospitals around the country.

The post Healthcare Giant Ascension Hacked, Hospitals Diverting Emergency Service appeared first on SecurityWeek.

Ascension, one of the largest nonprofit healthcare systems in the United States, is facing disruptions in clinical operations due to a cyberattack that prompted the organization to take some of its systems offline. The organization detected unusual activity on select technology network systems on Wednesday, prompting immediate response, investigation initiation and activation of remediation efforts. Consequently, access to certain systems has been interrupted during the ongoing investigation process. The healthcare organization has advised its business partners to temporarily sever connections to its systems as a precautionary measure and said it would notify partners when it is safe to reconnect. The cyber incident has disrupted clinical operations, prompting an investigation into the extent and duration of the disruption. Ascension has notified relevant authorities about the cyberattack and enlisted the services of Mandiant incident response experts to aid in the investigation and remediation efforts. The organization operates in 19 states and the District of Columbia, Ascension oversees 140 hospitals and 40 senior care facilities. It also boasts of a significant workforce comprising of 8,500 providers, 35,000 affiliated providers and 134,000 associates. In 2023, Ascension’s total revenue amounted to $28.3 billion.

Patients Say Chaos on Display at Ascension Healthcare

Talking about the disruptions at the healthcare facility, Ascension said, “Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible.” But the ground reality seems to be different, as per a patient account. Talking to local news media Fox 2, a patient named Zackery Lopez said “chaos” was on display this Wednesday in Ascension Providence Southfield hospital where he had to wait nearly seven hours to get a pain medication for his cancer resurgence.

“Right now it is crazy. Nurses are running around. Doctors are running around. There’s no computers whatsoever they can use," Lopez said. "So, they’re actually using charts.”

Lisa Watson, a nurse at Ascension Via Christi St. Joseph in Wichita, Kansas, told another local news outlet that the hospital shut down its operating rooms on Wednesday following the cybersecurity issue. She also said that system’s, which the hospital uses to scan medications of patients was down, along with their electronic charts.

“We are paper-charting all medications, and all lab orders are being hand-written and sent by pneumatic tube systems to the unit they’re supposed to go to,” said Watson.

"No one knew where they (forms) were or which ones to use for hours. We need to have the forms ready to go to switch to paper charting. I left still not knowing how to place lab orders, talked with dozens of people from lab to phlebotomy to management, no one knew. No one was prepared and patients suffered."

“We have endless incessant modules about stupid policies to save hospitals money but never about downtime protocol,” she added.

Lopez is also concerned that his personal information was possibly at risk but said he has not received a convincing answer from the authorities yet. "They really didn’t tell me if it was protected or not," he said. "They really kind of just brushed it off when I asked them. They say they’re trying to get everything back on, back on track." **Update on May 10, 1 AM ET** The company in a Thursday update said that it did not have a definite timeline to restore systems that were pulled offline as a result of the cybersecurity incident.

“Systems that are currently unavailable include our electronic health records system, MyChart (which enables patients to view their medical records and communicate with their providers), some phone systems, and various systems utilized to order certain tests, procedures and medications.”

It added that patient care was being provided with established downtime protocols and procedures, in which Ascension's workforce is well trained. “It is expected that we will be utilizing downtime procedures for some time. Patients should bring to their appointment notes on their symptoms and a list of current medications and prescription numbers or the prescription bottles so their care team can call in medication needs to pharmacies,” the update said. As a precautionary measure, some non-emergent elective procedures, tests and appointments have been temporarily paused and patients appointments or procedures will need to be rescheduled.

“Due to downtime procedures, several hospitals are currently on diversion for emergency medical services in order to ensure emergency cases are triaged immediately.”

Healthcare Breaches on the Rise

This incident adds to a growing list of healthcare breaches and ransomware attacks, including the Change Healthcare that caused widespread disruptions across U.S. Initially described as an “enterprise-wide connectivity issue,” the severity of the attack went a bar above when Blackcat – also known as Alphv ransomware gang claimed responsibility for it. The Russia-based ransomware and extortion gang claimed to have stolen millions of Americans’ sensitive health and patient information, a tactic commonly employed by ransomware gangs to exert pressure on victims. However, on February 29, Blackcat withdrew its claim on the breached data of the healthcare group, raising questions if a ransom was paid. The company did confirm that is paid a $22 million ransom later but it now faces multiple lawsuits for alleged negligence in safeguarding clients’ personal information. The parent company UnitedHealth has allocated over $2 billion to fight the fallout of the Change Healthcare data breach. The company last week also stated that a lack of multi-factor authentication (MFA) resulted into the massive hack. In a related development, the U.S. Department of Health and Human Services (HHS) recently cautioned about threat actors employing social engineering tactics to target IT help desks in the Healthcare and Public Health (HPH) sector. These attackers employ deception to enroll new multi-factor authentication (MFA) devices under their control, thereby gaining access to corporate resources, the HHS warned.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Welcome to Axio’s series on cybersecurity for healthcare providers, where we share expert insights and practical advice tailored to the unique security needs of the medical sector. Our aim is

The post Harnessing Cyber Risk Quantification to Safeguard Healthcare Providers appeared first on Axio.

The post Harnessing Cyber Risk Quantification to Safeguard Healthcare Providers appeared first on Security Boulevard.

Healthcare cybersecurity company Blackwell Security has raised $13 million and appointed Geyer Jones as its first CEO.

The post Healthcare Cybersecurity Firm Blackwell Raises $13 Million appeared first on SecurityWeek.

MedStar Health, a prominent non-profit healthcare provider disclosed a data breach that impacts more than 183,000 patients from its hundreds of care locations which it operates in the Baltimore-Washington area in the U.S. The not-for-profit healthcare provider is worth $7.7 billion and is one of the largest employers in the region with more than 34,000 associates working across 300 care locations including 10 hospitals and 33 urgent care clinics, ambulatory care centers and primary and specialty care providers. They together treat hundreds of thousands of patients on a yearly basis. The impacted individuals' personal data may have been compromised when an outsider gained access to emails and files of three employees, MedStar Health said in a statement on the data breach. MedStar Health reported notifying 183,709 affected patients via letters and filed a notice with the Department of Health and Human Services. The unauthorized access occurred sporadically between January and October last year, with patient information found in breached files and emails. Although there's no indication of actual acquisition or viewing of patient data, the company couldn't rule out such access. Patient information including names, addresses, dates of birth, service dates, provider names and insurance details, were contained in the compromised emails and files, MedStar Health said. The healthcare provider urged affected patients to monitor healthcare statements for any unusual activities and assured implementation of new safeguards to prevent future breaches.

Earlier MedStar Health Data Breach

The digital woes of the healthcare provider are not new. In fact, this is the second time in a decade that MedStar Health is facing a massive data breach scare. In 2016, a virus, likely a ransomware malware infected the computer network of MedStar Health. This prompted a complete shutdown of services for the healthcare giant, which resulted in diversion of new patients to other hospitals and the care givers had to resort to pen and paper to continue regular operations. The impact was such that the FBI was called in to investigate the MedStar Health data breach, which followed similar cyberattacks on at least three other medical institutions in California and Kentucky.

Healthcare Breaches on the Rise

This incident adds to a growing list of healthcare breaches and ransomware attacks, including the Change Healthcare that caused widespread disruptions across U.S. Initially described as an “enterprise-wide connectivity issue,” the severity of the attack went a bar above when Blackcat – also known as Alphv – ransomware gang claimed responsibility for it. The Russia-based ransomware and extortion gang claimed to have stolen millions of Americans’ sensitive health and patient information, a tactic commonly employed by ransomware gangs to exert pressure on victims. However, on February 29, Blackcat withdrew its claim on the breached data of the healthcare group, raising questions if a ransom was paid. The company did confirm that is paid a $22 million ransom later but it now faces multiple lawsuits for alleged negligence in safeguarding clients' personal information. The parent company UnitedHealth has allocated over $2 billion to fight the fallout of the Change Healthcare data breach. The company last week also stated that a lack of multi-factor authentication (MFA) resulted into the massive hack. Blackcat in September 2023 claimed a similar data breach on McLaren Healthcare, where nearly 6 terabytes worth of data was siphoned. Owing to such large scale healthcare data breaches, the U.S. Cybersecurity and Infrastructure Security Agency in March unveiled a cybersecurity toolkit for healthcare sector that would help them implement advanced tools, that fortify their defenses against evolving threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

People with two copies of the gene variant APOE4 are almost certain to get Alzheimer’s, say researchers, who proposed a framework under which such patients could be diagnosed years before symptoms.

© Vsevolod Zviryk/Science Source

New research finds that the death rate among Black youths soared by 37 percent, and among Native American youths by 22 percent, between 2014 and 2020, compared with less than 5 percent for white youths.

© Carolyn Kaster/Associated Press

CEO Andrew Witty testified before Congress on Wednesday, disclosing a significant cyberattack on Change Healthcare, a subsidiary of UnitedHealth Group. UnitedHealth Group CEO revealed that hackers breached the company's computer system, releasing ransomware after stealing someone's password.

The cybercriminals exploited a portal lacking multifactor authentication (MFA), a basic cybersecurity safeguard.

During an hour-long congressional hearing, Witty informed lawmakers that the company has not yet determined how many patients and healthcare professionals were impacted by the cyberattack on Change Healthcare in February. The hearing, which focused on how hackers gained access to Change Healthcare, a separate division of UnitedHealth, raised questions about the lack of basic cybersecurity measures before the cyberattack. "Change Healthcare was a relatively older company with older technologies, which we had been working to upgrade since the acquisition," Witty explained. But for some reason, which we continue to investigate, this particular server did not have MFA on it.

Multifactor Authentication and Cybersecurity

Multifactor authentication adds a second layer of security to password-protected accounts by requiring users to enter an auto-generated code sent to their phone or email. Despite being a common feature on apps, this safeguard was not in place on the compromised server. Witty assured that all logins for Change Healthcare now have multifactor authentication enabled. The cyberattack on Change Healthcare was attributed to the Russia-based ransomware gang ALPHV or BlackCat. The group claimed responsibility for the cyberattack, alleging it stole more than six terabytes of data, including "sensitive" medical records. The attack caused a disruption of payment and claims processing across the country, stressing doctor's offices and healthcare systems by interfering with their ability to file claims and get paid. UnitedHealth paid a $22 million ransom in Bitcoin to BlackCat, a decision made by Witty himself. However, despite the ransom payment, some sensitive records from patients were still posted by hackers on the dark web. The ransom payment was one of the hardest decisions I've ever had to make and I wouldn't wish it on anyone," Witty stated.

Scope of the Cyberattack on Change Healthcare and Financial Impact

Change Healthcare processes 15 billion transactions a year, according to the American Hospital Association, meaning that even patients who weren't customers of UnitedHealth were potentially affected. The company revealed earlier this month that personal information covering a "substantial portion of people in America" may have been taken in the attack. The breach has cost UnitedHealth Group nearly $900 million, excluding the ransom paid, according to company officials in the first-quarter earnings report last week.

Rising Threat of Ransomware Attacks

Ransomware attacks have become increasingly common within the healthcare industry. According to a 2022 study published in JAMA Health Forum, the annual number of ransomware attacks against hospitals and other healthcare providers doubled from 2016 to 2021. This escalation in cyber threats highlights the urgent need for enhanced cybersecurity measures across the industry.

The breach at Change Healthcare echoes a similar incident in March 2024, where Refuah Health Center faced a cyberattack due to the lack of MFA. The New York Attorney General's office intervened, resulting in a $1.2 million investment by Refuah in enhancing cybersecurity measures. The health center also agreed to pay $450,000 in penalties and costs, resolving allegations of inadequate cybersecurity controls.

Prioritizing Cybersecurity in Healthcare Both incidents highlight the critical importance of implementing strong cybersecurity measures, especially in the healthcare sector. With patient data at stake, organizations must invest in multifactor authentication and other advanced security protocols to safeguard sensitive information. As cyber threats continue to evolve, proactive measures are essential to protect the privacy and security of patient data. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

UnitedHealth CEO Andrew Witty said in a U.S. Senate hearing that his company is still trying to understand why the server did not have the additional protection.

The post Change Healthcare Cyberattack Was Due to a Lack of Multifactor Authentication, UnitedHealth CEO says appeared first on SecurityWeek.

Women at risk for extreme high blood pressure should take a daily baby aspirin. But their doctors don’t always tell them.

© Gary Cameron/Reuters

UnitedHealth Group’s CEO Andrew Witty shares details on the damaging cyberattack in testimony before a US Congress committee set for May 1, 2024.

The post UnitedHealth CEO Says Hackers Lurked in Network for Nine Days Before Ransomware Strike appeared first on SecurityWeek.

The LockBit ransomware group has allegedly claimed responsibility for an earlier Cannes Hospital cyberattack impacting the Cannes Simone Veil Hospital Center (Centre Hospitalier de Cannes). The Cannes Simone Veil Hospital Center, also known as the Broussailles Hospital, was named after former French health minister Simone Veil. The hospital offers patient facilities such as anesthesia, surgery, ENT, ophthalmology, dentistry, mental health, and senior care. While the hospital was immediate in implementing stringent containment measures, ongoing investigations did not find evidence of data theft or direct ties to any threat actor groups.

Staff Forced to Degrade Services After Cannes Hospital Cyberattack

After the cyberattack, medical professionals were forced to switch to pen, paper, and manual processes to continue to provide essential healthcare services such as emergency care, surgery, obstetrics, and pediatrics to patients. Telephony services continue to work normally. Even weeks after the attack, the site still maintains a notice of the cybersecurity attack. The notice reads that the hospital staff is investigating the cyberattack in conjunction with experts (ANSSI, Cert Santé, Orange CyberDéfense, GHT06). Further, the notice stated that while the investigation remains ongoing, there have not yet been any ransom demands or identification of data theft operations. [caption id="attachment_65802" align="alignnone" width="683"] Source: ch-cannes.fr[/caption] Cybersecurity analyst Dominic Alvieri, on X(Twitter), shared an alleged LockBit claim of responsibility for the earlier incident. [caption id="attachment_65735" align="alignnone" width="1200"] (Source: Dominic Alvieri/ @AlvieriD / x.com)[/caption] If the claims are true, the Cannes Simone Veil Hospital Center would be one of the latest victims in a series of recent cyberattacks claimed by LockBit after the ransomware group's operations were disrupted following joint-effort action from the FBI, NCA the UK, and the Europol.

LockBit Ransomware Group Apologised for Earlier Cyberattack on Children's Hospital

Since healthcare targets remain a sensitive target for cyberattacks, many threat actor groups have made claims or suggested they would avoid such targets in their operations. During the Covid-19 pandemic, the Maze ransomware group announced that they would not target healthcare organizations. Later the group was found to continue targeting healthcare units in its operations. Last year in January 2023, LockBit apologized for an attack on Toronto's Hospital for Sick Children, blamed a partner for the attack, in its data leak site, claiming to have blocked the partner allegedly responsible for the attack, and offered code to restore the affected systems. The cyberattack had significant consequences for the pediatric firm such as delayed lab and imaging results, shut down of phone lines, and the staff payroll system. These incidents highlight that the healthcare system remains vulnerable to cyberattacks and can prove to have unwelcome effects on patient health, staff functioning, and morale. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

US healthcare giant is warning millions of current and former patients that their personal information was exposed to third-party advertisers.

The post Kaiser Permanente Data Breach Impacts 13.4 Million Patients appeared first on SecurityWeek.

Despite an arsenal of drugs, many Americans are still unaware of their infections until it’s too late. A Biden initiative languishes without Congressional approval.

© Adria Malcolm for The New York Times

Pivmecillinam, which has been used in Europe for decades, will become available next year to women 18 and older.

© Steve Gschmeissner/Science Source

Since a new form of bird flu arrived in 2022, federal officials have sought to reassure Americans that the threat to the public remained low.

© Patrick T. Fallon/Agence France-Presse — Getty Images

UnitedHealth confirms that personal and health information was stolen in a ransomware attack that could cost the company up to $1.6 billion.

The post UnitedHealth Says Patient Data Exposed in Change Healthcare Cyberattack appeared first on SecurityWeek.

SYNLAB Italia, a provider of medical diagnostic services has temporarily halted its healthcare services across Italy after experiencing a cyber incident. The healthcare diagnostics entity stated the SYNLAB Italia cyber-incident occurred during the early hours of 18th April and that it had become aware of the incident at 07.00 CET (Central European Time). Following the SYNLAB Italia cyber-incident, the IT department took action to block the entire company infrastructure from accessing the affected network while shutting down all machines in accordance with the company’s security guidelines. SYNLAB Italia is part of SYNLAB Group, which was founded by a loose association of German physicians. The group claims a presence in over 30 countries, with a staffing of over 28,000 employees and claims to conduct approximately 600 million tests every year.

Firm Halts Operations After SYNLAB Italia Cyber-incident

[caption id="attachment_64376" align="alignnone" width="1000"] Source: Shutterstock[/caption] After becoming aware of the SYNLAB Italia cyber-incident, the healthcare facilitator established a task force consisting of internal and external professionals who took action to mitigate potential impact stemming from the attack while focusing on restoring critical services as early as possible. SYNLAB then moved to secure biological samples that had already been collected and subsequently restored patient services such as specialist outpatient visits and physiotherapy. Upon visiting SYNLAB Italia’s site, visitors are prompted with links to visit either a patient service or customer service updates page. The patient page provides details about regional availability, outpatient services, regional center emergency numbers while informing patients about the services that remain suspended. The Customer and Business services page provides visitors with details about the cyberattack, alternative emergency numbers SYNLAB stated that its task force is investigating every aspect of its IT infrastructure as well as its backup systems to restore its systems as soon as possible. The company stated that it had filed a complaint with the Postal Police, and has followed procedure for issuing a preliminary notification to the Guarantor Authority for the Protection of Personal Data. SYNLAB has apologized to its patients for the incident and stated that it had made available dedicated telephone and social channels for managing patient requests and information in the interim as some of its services and official email system remained down. The company stated that it would update patients, customers and the public on updates through its official website and social media channels while stating that it is working on limiting customer inconvenience and providing necessary support.

Medical Data at Risk in SYNLAB Italia Cyber-incident

[caption id="attachment_64377" align="alignnone" width="1000"] Source: Shutterstock[/caption] The healthcare provider stated that although the investigation is ongoing and the full extent of compromised data hasn't been confirmed, it acknowledged the potential exposure of sensitive medical data. Moreover, SYNLAB Italia affirmed its adherence to GDPR regulations when addressing concerns regarding potential data exposure. It pledged to restore systems as readily as possible while implementing necessary measures aimed at secure resumption of services on an urgent basis. The company confirmed that it had issued emails communicating the incident to some of its patients through an external provider not impacted by the attack. The Cyber Express has reached out to SYNLAB Italia for further details regarding the attack, but no response has been received yet. No threat actor group or individual has been observed claiming responsibility for the attack so far. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

In a bid to safeguard patient data, UnitedHealth Group, a prominent healthcare conglomerate, confirmed that it has paid ransom to cyberthreat actors after its subsidiary, Change Healthcare, fell victim to a cyberattack in February. The company also acknowledged that files containing personal information were compromised in the Change Healthcare cyberattack.

According to a statement provided to CNBC, UnitedHealth stated, “This attack was conducted by malicious threat actors, and we continue to work with law enforcement and multiple leading cybersecurity firms during our investigation. A ransom was paid as part of the company’s commitment to do all it could to protect patient data from disclosure.”

Ransom Payment Amount And Method

Though the exact ransom amount was not disclosed by UnitedHealth, Wired magazine reported on March 4 that the company likely paid around $22 million in bitcoin to the attackers, citing darknet forum posts and blockchain analysis. The Cyber Express Team contacted Change Healthcare officials to inquire about the reported ransom payment. However, at the time of publication, no official response has been received. UnitedHealth further disclosed that cyberthreat actors accessed files containing protected health information (PHI) and personally identifiable information (PII). The breached files could potentially affect a significant portion of the American population. However, the company clarified that, to date, there is no evidence of exfiltration of materials such as doctors’ charts or full medical histories among the compromised data. "Based on initial targeted data sampling to date, the company has found files containing protected health information (PHI) or personally identifiable information (PII), which could cover a substantial proportion of people in America. To date, the company has not seen evidence of exfiltration of materials such as doctors’ charts or full medical histories among the data," reads the official release. Andrew Witty, CEO of UnitedHealth Group, expressed the company’s commitment to addressing the concerns raised by the attack, stating, “We know this attack has caused concern and been disruptive for consumers and providers, and we are committed to doing everything possible to help and provide support to anyone who may need it.”

Change Healthcare Cyberattack Details and Infiltration

The attackers, identified as the ALPHV ransomware gang or one of its affiliates, infiltrated Change Healthcare’s networks more than a week before launching the ransomware strike, as reported by The Wall Street Journal. They gained entry through compromised credentials on an application that allows staff to remotely access systems, as multifactor authentication protocols were not enabled on this particular application. In response to the breach, UnitedHealth has taken steps to mitigate the impact on affected individuals. The company has set up a dedicated website for patients to access resources and launched a call center offering free identity theft protection and credit monitoring for two years. However, due to the ongoing complexity of the data review, the call center is unable to provide specific details about individual data impact. Change Healthcare, which processes approximately 15 billion transactions a year and handles one in three medical records, suffered significant disruption from the attack. More than 100 systems were shut down, affecting numerous healthcare providers and leaving some reliant on loans and personal funds to stay operational. UnitedHealth reported that the attack has cost the company $872 million so far.

Recovery Efforts and Assistance Programs

Despite the challenges, UnitedHealth has been steadily restoring systems since March, including pharmacy software, claims management, and other platforms. The company has also launched financial assistance programs, although some providers have expressed dissatisfaction with the amounts offered and reported feeling pressured to make positive public comments about the loans by UnitedHealth staff. As UnitedHealth continues its efforts to recover from the cyberattack, it remains vigilant in ensuring the security of patient data and strengthening its cybersecurity defenses to prevent future incidents. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Cannes Hospital Centre – Simone Veil cancels medical procedures after shutting down systems in response to a cyberattack.

The post Cannes Hospital Cancels Medical Procedures Following Cyberattack appeared first on SecurityWeek.

Among those with substance use disorders who have been referred to child welfare, less than half received medication or counseling.

© Hiroko Masuike/The New York Times

The change followed a sweeping review by England’s National Health Service that found “remarkably weak” evidence for youth gender treatments.

© Iain Masterton/Alamy Live News

After a drawn-out global controversy over the coronavirus, the W.H.O. has updated its classification of how pathogens spread through the air.

© Alena Ivochkina/Alamy

Cannes Simone Veil Hospital Center (CHC-SV) is grappling with the aftermath of a cyberattack that struck the hospital on April 16. The cyberattack on CHC-SV has thrust the hospital into a state of heightened alert as it navigates the complexities of ensuring uninterrupted patient care while contending with the fallout of compromised digital systems.

The response to the cyberattack has been swift and decisive by CHC-SV. The hospital's crisis unit wasted no time in implementing stringent measures, including a general cyber containment protocol that swiftly severed all computer access while ensuring telephony services remained operational. "All computer access was consequently cut off. Telephony continues to work," reads the official notice on the Cannes Simone Veil Hospital Center website.

Cyberattack on CHC-SV: Ongoing Investigations

Collaboration with expert partners such as ANSSI, Cert Santé, Orange CyberDéfense, and GHT06 has been instrumental in analyzing the cyberattack and formulating an effective response strategy. Despite the absence of ransom demands or identified data theft, investigations remain ongoing. "The cyberattack is currently being analyzed in conjunction with expert partners (ANSSI, Cert Santé, Orange CyberDéfense, GHT06). There have been no ransom demands or data theft identified at this stage. Investigations remain ongoing," informed the hospital. In the wake of the CHC-SV cyberattack, hospital professionals have seamlessly transitioned to so-called degraded procedures, relying on paper-based methods to maintain essential healthcare services. While these procedures may be more time-consuming, they ensure that critical medical needs across various specialties, including emergencies, surgery, obstetrics, and pediatrics, continue to be met with unwavering diligence. "Hospital professionals have been applying so-called degraded procedures since Tuesday morning (using paper kits). These procedures are more time-consuming and examination delivery times are longer. Everything is done to guarantee the continuation of care in complete safety across all fields of activity (emergencies, medicine, surgery, obstetrics, geriatrics, pediatrics, psychiatry, home hospitalization, rehabilitation)," notice reads further.

Regional Collaboration for Patient Care Optimization

The coordination efforts extend beyond the confines of CHC-SV, with the establishment collaborating closely with regional health agencies and partner hospitals to regulate patient flow and optimize utilization of healthcare resources. Despite the disruptions caused by the cyberattack on CHC-SV, emergency services remain active. The solidarity demonstrated by partner institutions, including CHU Nice, CH Grasse, CH Antibes, and private sector collaborators, has been invaluable in navigating this challenging period. However, the impact of the cyberattack has been felt, with approximately a third of non-urgent interventions and consultations disrupted in the initial days following the incident. Efforts are underway to expedite the resumption of services, with the operating program expected to reach 90% capacity in the coming days. Importantly, CHC-SV's proactive approach to cybersecurity, including regular risk assessments and preparedness exercises, has ensured a swift and coordinated response to the cyberattack. Priority is being given to restoring IT systems directly linked to patient care processes, emphasizing the hospital's unwavering commitment to maintaining the highest standards of healthcare delivery. The road to recovery, however, remains fraught with uncertainties, as technical investigations and necessary catch-up efforts are anticipated to prolong the return to normalcy. Drawing from the experiences of other healthcare institutions that have faced similar challenges, CHC-SV is bracing for a protracted recovery process. Furthermore, the recent cyberattack on Change Healthcare in the United States highlights the pervasive nature of cyber threats in the healthcare sector. With disruptions reverberating across the country, the incident underlines the urgent need for enhanced cybersecurity measures to fortify healthcare systems worldwide. In response to the cyberattack on Change Healthcare, UnitedHealth Group has mobilized substantial financial support to mitigate the impact on healthcare providers, highlighting the far-reaching consequences of cyber incidents in the healthcare ecosystem. Against the backdrop of a global healthcare landscape increasingly vulnerable to cyber threats, the incident at CHC-SV serves as a poignant reminder of the critical importance of cybersecurity in safeguarding patient welfare. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Last week on Malwarebytes Labs:

• How to change your Social Security Number
• Apple warns people of mercenary attacks via threat notification system
• How to check if your data was exposed in the AT&T breach
• Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities
• How to protect yourself from online harassment
• Introducing the Digital Footprint Portal
• New ransomware group demands Change Healthcare ransom
• Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla
• 35-year long identity theft leads to imprisonment for victim
• Porn panic imperils privacy online, with Alec Muffett (re-air): Lock and Code S05E08

Stay safe!

---

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

We want to hear from pet owners about their experiences taking their animals to the vet, and how they paid for their animals’ care.

© Jenna Schoenefeld for The New York Times

A public research institute in Brazil has proved a new shot protects against the disease, but can’t make it fast enough to stop the huge outbreak sweeping Latin America.

© Martin Mejia/Associated Press

One company is going to great lengths to build it up, but it will be years before it returns to the minimum level.

© Jekesai Njikizana/Agence France-Presse — Getty Images

The state’s Supreme Court ruled that the 1864 law is enforceable today. Here is what led to its enactment.

© Rebecca Noble/Reuters

Five European countries have recently restricted hormone treatments for adolescents with gender distress. They have not banned the care, unlike many U.S. states.

© Tori Ferenc for The New York Times

Ireland will require them starting in 2026, and there are nascent efforts elsewhere to add more explicit labeling about the health risks of drinking.

Premature babies especially benefited from skin-to-skin contact, and women tended to respond more strongly than men did.

© Luke Sharrett for The New York Times

A nonprofit group called R.I.P. Medical Debt has relieved Americans of $11 billion in hospital bills. But that did not improve their mental health or their credit scores, a study found.

© Erin Schaff/The New York Times

Despite the explosion in ransomware hacks like the one against Change Healthcare, regulation is spotty and few new safeguards have been proposed to protect patient data, vulnerable hospitals and medical groups.

© Unitedhealth Group, via Reuters