Tag: attacked | Page 5

Scripps Health was attacked by hackers. Now, patients are suing for failing to protect their health data

June 22, 2021/in Computer Security

It took several weeks for Scripps Health to get its computer network and medical records system back online after it was hit with a ransomware attack May 1.

Now, the five-hospital health system is facing several class-action lawsuits from patients who charge that system leaders failed to keep their medical data safe from hackers.

San Diego-based Scripps Health was besieged by a cyberattack that forced the health system to take a portion of its IT system offline for several weeks, which significantly disrupted care and forced medical personnel to use paper records.

But the cybercriminals didn’t just disrupt operations; the hackers also stole data on close to 150,000 patients, the health system said earlier this month.

Scripps Health notified 147,267 patients that hackers acquired some health and personal financial information during last month’s ransomware attack.

A lawsuit filed Monday in the Southern District of California on behalf of patients Michael Rubenstein, Richard Machado and others accuses the health system of negligence and invasion of privacy as a result of the data breach.

RELATED: Before attacking IT systems, hackers stole information from 147K patients, Scripps Health says

The personal information—including names, drivers’ licenses and Social Security numbers and/or patient care records of nearly 150,000 Scripps Health patients—was compromised in the massive data breach, according to Oakland, California-based law firm Scott Cole & Associates, which is representing the plaintiffs in the case.

“That medical histories were accessed in this data hack makes this situation unique,” Scott Cole, the principal attorney on the case, said in a statement. “Despite hundreds of data breaches every year in this country, most do not involve such highly sensitive patient information as was obtained here.”

The lawsuit claims Scripps Health maintained inadequate security measures for detecting and addressing the cyberattack, especially given knowledge of a heightened threat.

In addition to monetary damages, the suit demands Scripps Health implement and maintain sufficient security protocols going forward so as to prevent future attacks.

A Scripps Health…

Source…

400 companies attacked by Conti ransomware

May 23, 2021/in Internet Security

The FBI says a group of criminals behind the Conti ransomware have attacked more than 400 organizations worldwide, 290 of which are in the United States. This includes health facilities, communities and the police force. HSE, Ireland’s national healthcare provider, was recently infected with the Conti ransomware, which affected patient services. The group is demanding up to 25 million euros to encrypt the files.

To access victims’ networks, the Conti Team uses well-known methods, such as links in email messages pointing to malware, victim email links, and stolen RDP credentials. On average, attackers spend four to three weeks on the network before releasing ransomware. The FBI warns that it is common for attackers to call victims when the organization does not respond to the group’s requests two to eight days after the ransomware “”pdf).

a

The monitoring service asks you to share as much information about the group as possible about the victims, namely Bitcoin addresses, the encryption tool provided and the IP addresses. The FBI also makes recommendations to prevent such attacks. For example, it is recommended to disable hyperlinks in incoming email and deliver emails from outside the company with a banner. Organizations are also advised to focus on cyber security awareness and staff training.

a

“Explorer. Devoted travel specialist. Web expert. Organizer. Social media geek. Coffee enthusiast. Extreme troublemaker. Food trailblazer. Total bacon buff.”

Source…

Unsecured computer attacked 51 times per minute | 2021-04-26

April 26, 2021/in Computer Security

Unsecured computer attacked 51 times per minute | 2021-04-26 | Security Magazine

Source…

Microsoft warns even patched Exchange servers can still be attacked

March 29, 2021/in Internet Security

Microsoft’s analysis of the series of attacks that exploit the now-fixed zero-day vulnerabilities on Exchange servers reveals that the threat doesn’t end simply by applying patches.

Chinese state-sponsored threat actor Hafnium was blamed for being the first to exploit the vulnerabilities known as ProxyLogon vulnerabilities. Utilities such as Microsoft’s one-click tool has helped ensure that over 90% servers, several at small business that lack dedicated IT and security teams, have now plugged the vulnerabilities. However, the threat is far from over.

“Many of the compromised systems have not yet received a secondary action, such as human-operated ransomware attacks or data exfiltration, indicating attackers could be establishing and keeping their access for potential later actions,” the company warned.

TechRadar needs you!

We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Second wave?

Even though a majority of the servers have been patched, the cause of concern are reports from security experts such as ESET, which had observed over 5000 compromised servers.

In the weeks following the disclosure of the vulnerabilities and the release of the patches, security researchers picked up several attacks on Exchange servers such as the human-operated DearCry ransomware attack.

In a blog post, the Microsoft 365 Defender Threat Intelligence Team has now shared “threat trends” that it has observed as part of its investigations into the attacks.

Besides human-operated attacks that drop malware such as ransomware into the servers, the team has picked up on several instances of web shell attacks and credential theft. The researchers believe these could potentially be used for follow up attacks.

They’ve shared detailed analysis into several known post-compromise activities, while urging administrators to exercise credential hygiene in order to prevent the threat actors from regaining access to the servers.

It has also published tools and guides to help remove known web shells and attack tools, while sharing…

Source…

Tag Archive for: attacked