Tag Archive for: health

Ransomwared health insurer wasn’t using anti-virus software • The Register

/in


A recent ransomware attack on the Philippine Health Insurance Corporation (PhilHealth) occurred while the organization’s antivirus software subscription had expired.

PhilHealth was attacked around September 22 and shut down many of its systems to battle an infection for which the Medusa ransomware gang claimed responsibility.

The incident saw a huge leak of personal information. PhilHealth was also slow to restore service, delaying medical matters for many.

Filipinos are justifiably outraged that their national health insurer was attacked and disrupted.

But they can express stronger emotions still – because on Monday local media outlet GMA’s 24 Oras program reported the attack took place while PhilHealth was not running antivirus software. The insurer’s license had apparently lapsed several months before, but government procurement regulations made it impossible to renew.

It’s not unusual for government agencies in developing nations to use unlicensed software, when commercial licenses are often priced beyond their means. In 2021, for example, The Register covered an outage at Pakistan’s Federal Board of Revenue that it swore could not have been caused by unpaid licenses because it caught up on its bills. Your correspondent also once spoke to a major vendor of design software that had 500 people show up to a conference in India – a nation in which it had sold no licenses and in which users felt they could pirate with impunity.

Whatever the reason for PhilHealth’s security fail, its repercussions are serious: personal information has reached the dark web.

The insurer on Sunday posted a press release warning customers to ignore unexpected calls, messages, and emails asking for passwords and other information.

The insurer also “appealed to refrain from further circulating leaked data as it has dire consequences under the law,” including up to 20 years in jail.

As if that will scare ransomware and phishing scum.

PhilHealth is presently using antivirus software – reportedly a trial license that expires in 30 days. ®

Source…

McLaren Health Care Facing 3 Lawsuits in Ransomware Hack

/in


Cybercrime as-a-service
,
Fraud Management & Cybercrime
,
Governance & Risk Management

Litigation Filed Days After Alphv/BlackCat Claimed to Have Stolen Data of 2.5 Million Patients

Marianne Kolbasuk McGee (HealthInfoSec) •
October 10, 2023    

McLaren Health Care Facing 3 Lawsuits in Ransomware Hack
McLaren Health Care faces at least three proposed federal class action lawsuits so far in the aftermath of a massive data theft allegedly by Alphv/Blackcat. (Image: McLaren Health Care)

A recent attack by a Russian ransomware-as-a-service group that stole the personal information of 2.5 million patients of McLaren Health Care has triggered at least three proposed federal class action lawsuits in recent days, claiming the healthcare company failed to protect patient privacy.

See Also: Challenges and Solutions in MSSP-Driven Governance, Risk, and Compliance for Growing Organizations

The lawsuits – which each make similar allegations, including negligence by McLaren – were all filed in the same Michigan federal court by plaintiffs who are – or were – McLaren patients on behalf of themselves and others situated.

The litigation was filed only days after Alphv/Blackcat on Sept. 29 boasted on its dark web site to have stolen 6 terabytes of “sensitive data” pertaining to 2.5 million McLaren patients. The threat actor also claimed its “backdoor is still running” on McLaren’s network (see: Group Claims it Stole 2.5 Million Patients’ Data in Attack).

Attorneys filed lawsuits quickly against McLaren – even before the company notified individuals…

Source…

Ransomware attack threatens to expose McLaren Health patient data

/in


Michigan Attorney General Dana Nessel warned this week a cyberattack against McLaren Health Care could affect a large number of patients.

McLaren Health, a healthcare system with 15 Michigan hospitals, was hit by a ransomware attack in August, according to the attorney general’s office. Ransomware, a type of malware that can shut down an entire network, is used to steal data before encrypting the system. The stolen information is then held hostage until a ransom is paid.

“This attack shows, once again, how susceptible our information infrastructure may be,” Nessel said in a statement. “Organizations that handle our most personal data have a responsibility to implement safety measures that can withstand cyber-attacks and ensure that a patient’s private health information remains private.”

A cybercriminal group called ALPHV, or BlackCat, claimed responsibility for stealing the sensitive personal health information of 2.5 million McLaren patients, a news release said. But the actual number of affected patients and the type of health information remains unknown.

ALPHV claimed in a message posted to the dark web last week the McLaren data was on the dark web and would be released in a few days unless a ransom payment was received. The group is also linked to the data breach at MGM Resorts that is reportedly costing $100 million.

McLaren shared a statement saying, “we are investigating reports that some of our data may be available on the dark web and will notify individuals whose information was impacted, if any, as soon as possible.”

The healthcare group also said it found no evidence the cybercriminals still have access to the IT system. McLaren has brought in security experts and is working with law enforcement, a news release said.

“Protecting the security and privacy of data in our systems is a top organizational priority, so we immediately launched a comprehensive investigation to understand the source of the disruption and identify what, if any, data exposure occurred,” McLaren said.

Nessel encouraged McLaren patients to protect their data and know the warning signs when someone is using private medical information:

  • A doctor’s bill for services you did not…

Source…

Firm Notifies Patients of 55 Health Practices of MOVEit Hack

/in


Breach Notification
,
Cybercrime
,
Fraud Management & Cybercrime

Anesthesiology, Pain Management, Gastro Practices Affected Across Several States

Marianne Kolbasuk McGee (HealthInfoSec) •
October 4, 2023    

Firm Notifies Patients of 55 Health Practices of MOVEit Hack
Image: NorthStar Anesthesia, Arietis Health

Arietis Health, a revenue cycle management vendor is notifying patients of 55 healthcare practices across several states that their sensitive health and personal information has been potentially compromised in a hack of Progress Software’s MOVEit file transfer application.

See Also: How to Reduce Compliance and Risk Workload to Increase Cybersecurity Revenue for Managed Security Service Providers (MSSPs)

Fort Myers, Florida-based Arietis provides billing services to Irving, Texas-based NorthStar Anesthesia, which manages the affected medical practices, which specialize in anesthesia, pain management and related healthcare services.

Arietis in its breach notice said its uses MOVEit file transfer software in the billing services it provides to NorthStar.

Arietis says that it was notified by Progress Software on May 31 of a critical vulnerability affecting MOVEit and took immediate steps to patch its MOVEit server, as advised by Progress Software’s instructions.

But by then, Russian-speaking ransomware group Clop had already launched its mass attack campaign around May 27, when it exploited a zero-day vulnerability in MOVEit to steal data being stored on file transfer servers – a hack that has so far affected thousands of organizations worldwide.

On July 26, Arietis’…

Source…