Tag: drug | Page 2

Hackers Reportedly Gain Access to Drug Enforcement Administration Data Portal

May 12, 2022/in Computer Security

It’s thought hackers have managed to compromise a data portal run by the US Drug Enforcement Administration (DEA), unlocking access to a wealth of information.

As cybersecurity journalist Brian Krebs reports, the breach would have allowed the attackers to prowl through 16 federal law enforcement databases covering a wide variety of investigative data. How did this happen? A failure to implement multi-factor authentication seems to be a key cause.

Krebs wrote that he’s learned “the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.”

He said a tip for this story came from an unnamed administrator at Doxbin—“a highly toxic online community that provides a forum for digging up personal information on people and posting it publicly.” Krebs further noted that this unauthorized access could be abused to upload fake data about suspects, citing commentary from Nicholas Weaver, a researcher at the University of California at Berkeley’s International Computer Science Institute.

False tips have often been used to initiate “swatting” attacks, in which hoax reports about crimes in progress lead to police swarming a residence with heavily armed SWAT teams. The target–or a random bystander–can wind up dead in the process.

Unfortunately, Krebs has personal experience with that scenario. In 2013, Fairfax County, Va., police showed up at his door, guns drawn after getting a phony tip that Russians had broken in and shot his wife. The perpetrator was caught after participating in an online forum clandestinely run by the FBI, and subsequently got sentenced in 2016.

The login page for the DEA’s El Paso Intelligence Center (yes, EPIC) invites users to log in with a government-issued Personal Identity Verification card, but also allows traditional username and password access. The source Krebs spoke to told him that “the hacker who obtained this illicit access was able to log in using the stolen credentials alone, and that at no time did the portal prompt for a second authentication factor.”

That would be a serious security risk for a webmail…

Source…

High-Tech Drug Infusion Pumps in Hospitals Vulnerable to Damage, Hackers – Consumer Health News

March 21, 2022/in Computer Security

MONDAY, March 21, 2022 (HealthDay News) — You’ve probably seen an infusion pump, even though the name might make it sound like a mysterious piece of medical technology.

These devices govern the flow of IV medications and fluids into patients. They help deliver extra fluids to people in the emergency room, administer monoclonal antibodies to folks with COVID-19, and pump chemotherapy drugs to cancer patients.

“If you’re watching a television drama, they are the boxes next to the bedside. Tubing goes from a medication bag through the pump to the patient,” said Erin Sparnon, senior engineering manager for device evaluation at the non-profit health care quality and safety group ECRI.

But the widespread usefulness of these ever-present devices has also made them a top technology hazard for U.S. hospitals, experts say.

Damaged infusion pumps can cause a patient to receive too much or too little medicine, potentially placing the lives of critically ill patients at risk. Plastic can crack, hinges can pinch, electronics can fail, batteries can die — and a patient can be placed in peril.

“There are over a million infusions running in the U.S. every day. The good news about that is the vast majority of them are just fine. The bad news is that a one in a million problem can happen every day,” Sparnon said.

“That’s why infusion pumps get a lot of attention, because they’re ubiquitous. They’re everywhere and they’re used on critical patients for critical medications,” Sparnon said. “We regularly get reports from health care settings where patients have been harmed due to pump damage.”

Damaged infusion pumps placed number three on ECRI’s list of top 10 technology hazards for 2022, mainly due to the potential for something to go mechanically wrong with them, Sparnon said.

But others have raised concerns that “smart” wi-fi-connected infusion pumps could be hacked and manipulated to harm patients.

Still, Sparnon said an infusion pump that’s been manhandled or damaged in some way poses a much greater and more concrete safety risk than the possibility of a hacked pump.

“I know it sounds really cool, but there are no reports of patient harm due to a hack,” Sparnon said. “I would put a lot more emphasis on…

Source…

Hacker targeted Auburn Police, Farnum Center after drug arrest | Crime

November 21, 2020/in Computer Security

CONCORD — A Hooksett man has admitted to hacking the computers of the Farnum Center, the Auburn Police Department and several department employees following his arrest on heroin possession charges, federal prosecutors announced.

The hacking involved rerouting a drug-help telephone number to an adult entertainment business and pop-up messages praying for the death of his arresting officer, federal prosecutors said.

Wayne Kenney Jr., 31, pleaded guilty in U.S. District Court on Wednesday to unauthorized computer access and damage of protected computers.

The hacking took place five years ago:

Kenney installed malicious software on Auburn police computers that prompted pop-up messages that read “I pray for the death of” the arresting officer.

People logging into the Farnum Center found a link to a video that depicted safer heroin injection.

The Farnum Center’s 1-800 number was directed to an adult entertainment company.

Kenney impaired the integrity of Auburn police and town government data and deleted some files.

Police Department employees lost control of email and social media accounts, which were defaced with embarrassing material such as pornography.

The attacks on the Auburn Police Department took place from February to July 2015, prosecutors said in a release. The attack against the Farnum system took place July 1, 2015.

Kenney’s lawyer said he was going through personal problems when the crimes occurred.

“He is remorseful and a different person than he was at the time,” said Concord lawyer Amy Spencer

Prosecutors say the hacking took place after Auburn police arrested Kenney in early 2015 for heroin possession. He received a suspended sentence and was ordered into drug treatment at Farnum Center.

Kenney used a customized keyboard stroke logger, computer viruses and phishing emails to accomplish the hacks. The attacks were so sensitive that prosecutors identified personal victims as John and Jane Does.

“Certainly, Easterseals learned from that circumstance,” said Nancy Rollins, chief operating officer of Easterseals NH, which runs the Farnum Center drug and alcohol treatment center.

She said such an attack would not be successful nowadays,…

Source…

Japanese drug firm Shionogi hit by cyberattack and data breach – The Japan Times

October 23, 2020/in Internet Security

Japanese drug firm Shionogi hit by cyberattack and data breach The Japan Times
“data breach” – read more

Tag Archive for: drug