Tag Archive for: emergency

‘Akira’ ransomware behind Bucks Co. cyberattack that crippled emergency dispatch system – NBC10 Philadelphia

/in


About a week after a cyberattack crippled Bucks County’s computer-aided emergency dispatch system, officials, on Friday, announced they believe they know who was behind the attack.

According to county officials, the ransomware group “Akira” is believed to have been responsible for the attack on a computer-aided emergency dispatch system that — according to the Department of Homeland Security — enables “dispatchers, call- takers, and 911 operators to prioritize and record incident calls, identify the status and location of responders in the field, and effectively dispatch responder personnel.”

“The County has shared with its local, state and federal partners that the ransomware “Akira” is involved so that they can have situational awareness and review their own systems,” county officials announced.

However, officials said, all 911 phone and radio systems remain operational as they investigate the cyberattack.

According to the Department of Health and Human Services, Akira is a Ransomware-as-a-Service (RaaS) group that started operations in March 2023.

“The group has targeted multiple sectors, including finance, real estate, manufacturing, and healthcare,” says the Dept. of Health and Human Services, noting that the group typically demands ransom payments in these cyberattacks.

Without this system, Bucks County officials said that the county has lost automated services powered by CAD and law enforcement officials cannot access databases for the Commonwealth Law Enforcement Assistance Network nor the National Crime Information Center.

Officials said they are working with state and federal partner agencies to assist in the investigation into the cybersecurity incident and, the county’s IT department is working to get the systems back online as soon as possible.

As of Sunday, officials still had no projected timeframe for when these services might resume.

Source…

CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits

/in


Jan 20, 2024NewsroomNetwork Security / Threat Intelligence

CISA Issues Emergency Directive

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products.

The development arrives as the vulnerabilities – an authentication bypass (CVE-2023-46805) and a code injection bug (CVE-2024-21887) – have come under widespread exploitation by multiple threat actors. The flaws allow a malicious actor to craft malicious requests and execute arbitrary commands on the system.

The U.S. company acknowledged in an advisory that it has witnessed a “sharp increase in threat actor activity” starting on January 11, 2024, after the shortcomings were publicly disclosed.

Cybersecurity

“Successful exploitation of the vulnerabilities in these affected products allows a malicious threat actor to move laterally, perform data exfiltration, and establish persistent system access, resulting in full compromise of target information systems,” the agency said.

Ivanti, which is expected to release an update to address the flaws next week, has made available a temporary workaround through an XML file that can be imported into affected products to make necessary configuration changes.

CISA is urging organizations running ICS to apply the mitigation and run an External Integrity Checker Tool to identify signs of compromise, and if found, disconnect them from the networks and reset the device, followed by importing the XML file.

In addition, FCEB entities are urged to revoke and reissue any stored certificates, reset the admin enable password, store API keys, and reset the passwords of any local user defined on the gateway.

Cybersecurity firms Volexity and Mandiant have observed attacks weaponizing the twin flaws to deploy web shells and passive backdoors for persistent access to infected appliances. As many as 2,100 devices worldwide are estimated to have been compromised to date.

Cybersecurity

The initial attack wave identified in December 2023 has been attributed to a Chinese nation-state group that is being tracked as…

Source…

Ransomware attack prompts multistate hospital chain to divert some emergency room patients elsewhere

/in


NASHVILLE, Tenn. (AP) — A ransomware attack has prompted a health care chain that operates 30 hospitals in six states to divert patients from some of its emergency rooms to other hospitals while postponing certain elective procedures.

Ardent Health Services said it took its network offline after the Nov. 23 cyberattack, adding in a statement that it suspended user access to information technology applications such as software used to document patient care.

By Tuesday afternoon, more than half of Ardent’s 25 emergency rooms had resumed accepting some patients by ambulance or by fully lifting their “divert” status, Ardent spokesperson Will Roberts said. Divert status means hospitals have asked ambulances to take people needing emergency care to other nearby facilities. Roberts said hospitals nationwide have at times used divert status during flu season, COVID-19 surges, natural disasters and large trauma events.

The company said it could not yet confirm the extent of any compromised patient health or financial information. It reported the issue to law enforcement and retained third-party forensic and threat intelligence advisers, while working with cybersecurity specialists to restore IT functions as quickly as possible. There was no immediate timeline for resolving the problems.

Based in the Nashville, Tennessee, suburb of Brentwood, Ardent owns and operates 30 hospitals and more than 200 care sites with upwards of 1,400 aligned providers in Oklahoma, Texas, New Jersey, New Mexico, Idaho and Kansas.

Ardent said each hospital is still providing medical screenings and stabilizing care to patients arriving at emergency rooms.

In Amarillo, Texas, William Spell said he and his mother have had flu-like symptoms for days but couldn’t make a doctor’s appointment through an online patient portal because of the cyberattack.

“We are trying to figure out other options as to what to do next,” said Spell, 34.

BSA Health System – the Ardent umbrella provider for Spell’s clinic and other facilities in the city – said it was working to restore its patient portal and system for video doctors’ visits. Spell said his…

Source…

2 New Jersey hospital emergency rooms closed due to ransomware attack

/in



Both hospitals are part of the Hackensack Meridian Health system – Pascack Valey Medical Center in Westwood, New Jersey, and Mountainside Medical Center in Montclair.

Source…