Tag Archive for: Broward

Hackers hit Broward Health network, potentially exposing data on 1.3M patients, staff


Hackers breached the computer networks of Broward Health in October and may have accessed personal and financial information on more than 1.3 million patients and staff.

The southeast Florida health system, which operates more than 30 healthcare locations in Broward County, disclosed it was hit with a cyberattack on Oct. 15, 2021, when an intruder gained unauthorized access to the hospital’s network and patient data through a third-party medical provider, according to a statement posted to the health system’s website Saturday.

The health system said it discovered the intrusion four days later, on Oct. 19, and contained the incident, then notified the FBI and the Department of Justice (DOJ).

Broward Health said it waited months to notify victims and make the breach public because the DOJ told them to hold off on sending out breach notification letters to preserve an ongoing law enforcement investigation, the health system said.

RELATED: 2020 offered a ‘perfect storm’ for cybercriminals with ransomware attacks costing the industry $21B

The health system also immediately required a password reset for all employees and engaged an independent cybersecurity firm to conduct an investigation. Broward Health engaged an experienced data review specialist to conduct an extensive analysis of the data to determine what was impacted, which determined some patient and employee personal information may have been impacted. 

The hackers accessed names, birthdays, addresses, banking information, Social Security numbers, drivers’ license numbers, patient histories and treatment and diagnosis records, among other information, according to the health system.

The hospital system did not say how many people were involved, but a submission to the Maine attorney general’s office states that 1,357,879 people were affected. 

The information was removed from the hospital’s system, “however, there is no evidence the information was actually misused,” the health system said in its statement.

The incident did not appear to involve ransomware. Broward Health spokesperson Jennifer Smith told CNN in an email that the hackers did not make any ransom demand and that no ransom was paid.

RELATED: 

Source…

What’s your risk if your Broward school data was breached?


“In my personal opinion, within 72 hours, you’re obligated to tell them, ethically speaking,” said Chester Wisniewski, principal research scientist for Sophos, a global cyber-security company that monitors ransomware threats. “It’s not a law or a rule,” he said, “[but] waiting months is very bad. It’s just more time you’re not being able to fight against your data being abused.”

Source…

Hackers post 25,971 files stolen from Broward schools


The data published includes more 750 employee mileage reports, 36 employee travel reimbursement forms, more than 700 invoices for spring water, more than 1,000 invoices for school construction work, about 400 payments to Broward Sheriff’s Office or local police departments for security, dozens of utility bills and several employee phone lists.

Source…

Broward schools hackers are a new crew of ransomware scammers looking to make millions


The hackers who tried to extort Broward County Public Schools for millions early this month are a tight-knit crew of ransomware scammers tied to nearly 300 attacks over the last five months, according to security experts.

Conti, as the group is known, first appeared near the tail end of 2020, said Chester Wisniewski, a principal research scientist at Sophos, a global cyber-security company that monitors ransomware threats.

The group, Wisniewski said, has set its sights on local governments, hospitals and now school districts. They pick the targets, he said, because security systems are often weak, overlooked and underfunded.

Wisniewski said Conti is a relatively new group among a dozen or so “big game hunter” crews in the ransomware underworld that collect million-dollar payouts by marshaling coordinated attacks on businesses and organizations.

Most crews, he said, operate out of Russia or nearby countries that don’t extradite criminals to the U.S.

After getting individuals within their target companies or organizations to allow them access into systems through spam emails, fake websites or other tricks, they set about gathering sensitive data like Social Security numbers, dates of birth and financial records and holding them hostage until a ransom is paid.

Often ransoms are paid in Bitcoin, a cyber currency that Wisniewski said can be quickly laundered into other cryptocurrencies that are hard to trace.

In February, the FBI reported that over $144 million in Bitcoin has been paid out in ransoms between 2013 and 2019.

Wisniewski said ransomware attacks have been around since the 1990s but they have become more sophisticated and gone after bigger and bigger targets since 2013.

A national cyber task force made up of 15 government agencies investigates the attacks in the U.S., according to the FBI. The task force particularly focuses on attacks of networks that belong to hospitals, local governments, municipalities, and police and fire departments.

“These types of attacks can delay first responders in responding to emergencies or prevent a hospital from accessing lifesaving equipment,” an FBI release said in February. “It is imperative these organization be prepared…

Source…