Tag Archive for: health

Firm Notifies Patients of 55 Health Practices of MOVEit Hack

/in


Breach Notification
,
Cybercrime
,
Fraud Management & Cybercrime

Anesthesiology, Pain Management, Gastro Practices Affected Across Several States

Marianne Kolbasuk McGee (HealthInfoSec) •
October 4, 2023    

Firm Notifies Patients of 55 Health Practices of MOVEit Hack
Image: NorthStar Anesthesia, Arietis Health

Arietis Health, a revenue cycle management vendor is notifying patients of 55 healthcare practices across several states that their sensitive health and personal information has been potentially compromised in a hack of Progress Software’s MOVEit file transfer application.

See Also: How to Reduce Compliance and Risk Workload to Increase Cybersecurity Revenue for Managed Security Service Providers (MSSPs)

Fort Myers, Florida-based Arietis provides billing services to Irving, Texas-based NorthStar Anesthesia, which manages the affected medical practices, which specialize in anesthesia, pain management and related healthcare services.

Arietis in its breach notice said its uses MOVEit file transfer software in the billing services it provides to NorthStar.

Arietis says that it was notified by Progress Software on May 31 of a critical vulnerability affecting MOVEit and took immediate steps to patch its MOVEit server, as advised by Progress Software’s instructions.

But by then, Russian-speaking ransomware group Clop had already launched its mass attack campaign around May 27, when it exploited a zero-day vulnerability in MOVEit to steal data being stored on file transfer servers – a hack that has so far affected thousands of organizations worldwide.

On July 26, Arietis’…

Source…

Firm Notifies Patients of 55 Health Practices Hit by MOVEit Hack

/in


Breach Notification
,
Cybercrime
,
Fraud Management & Cybercrime

Anesthesiology, Pain Management, Gastro Practices Affected Across Several States

Marianne Kolbasuk McGee (HealthInfoSec) •
October 4, 2023    

Firm Notifies Patients of 55 Health Practices Hit by MOVEit Hack
Image: NorthStar Anesthesia, Arietis Health

Arietis Health, a revenue cycle management vendor is notifying patients of 55 healthcare practices across several states that their sensitive health and personal information has been potentially compromised in a hack of Progress Software’s MOVEit file transfer application.

See Also: Live Webinar Tomorrow | Cyber Resilience: Recovering from a Ransomware Attack

Fort Meyers, Florida-based Arietis provides billing services to Irving, Texas-based NorthStar Anesthesia, which manages the affected medical practices, which specialize in anesthesia, pain management and related healthcare services.

Arietis in its breach notice said its uses MOVEit file transfer software in the billing services it provides to NorthStar.

Arietis says that it was notified by Progress Software on May 31 of a critical vulnerability affecting MOVEit and took immediate steps to patch its MOVEit server, as advised by Progress Software’s instructions.

But by then, Russian-speaking ransomware group Clop had already launched its mass attack campaign around May 27, when it exploited a zero-day vulnerability in MOVEit to steal data being stored on file transfer servers – a hack that has so far affected thousands of organizations worldwide.

On July 26, Arietis’ investigation into the incident determined that…

Source…

Philippines state health org struggling to recover from ransomware attack

/in


The government organization that manages the universal healthcare system of the Philippines has struggled to recover from a ransomware incident that forced it to take several websites and portals offline.

On Friday morning, officials from the Philippine Health Insurance Corporation (PhilHealth) said they discovered an information security incident and immediately began an investigation into the situation with the help of several other government agencies. The government-owned entity provides a national health insurance program for the country’s 114 million citizens.

“While investigation is being undertaken, affected systems shall be temporarily shut down to secure our application systems. We appeal for the public’s understanding regarding the matter,” the organization said.

In an update on Monday, PhilHealth President and CEO Emmanuel Ledesma said access to Health Care Institution (HCI) member portals and e-claims “were disabled or unplugged immediately as part of the information security containment measures being implemented by PhilHealth.”

“Affected systems shall be restored at the soonest possible time after the completion of the needed configuration and reinforcement of existing information security measures. We are working to restore these systems on Monday, September 25, 2023,” the organization explained.

“PhilHealth’s Management assures the public that the incident is under control and that no personal information and medical information has been compromised or leaked.”

They added that healthcare facilities are still able to provide benefits to those who come and that PhilHealth is “doing its best to enable the affected systems to work on Monday, Sept 25, 2023.”

The Department of Information and Communication Technology (DICT) and several law enforcement agencies are conducting a forensic investigation into the situation.

While systems are down, members and dependents have to provide a photocopy of the member’s PhilHealth Identification Card (PIC) or Member Data Record (MDR) or any identified acceptable supporting documents.

Payments for services have to be made over the counter and cannot be done online. Healthcare facilities will “continue…

Source…

Dangerous permissions detected in top Android health apps

/in


Leading Android health applications expose users to avoidable threats like surveillance and identity theft, due to their risky permissions. Cybernews has the story.

The Android challenge

In the digital age, mobile applications have become an integral part of our lives, transforming the way we communicate, work, and entertain ourselves. With the vast array of apps available at our fingertips, it’s easy to overlook the potential risks they may pose. Behind the sleek interfaces and promising functionalities lurks a hidden concern that has captured the attention of security researchers and users alike – dangerous Android app permissions.

Android, being the most widely used mobile operating system globally, offers developers great flexibility to create innovative and powerful applications. However, this flexibility also introduces a crucial challenge – maintaining a balance between user convenience and safeguarding sensitive data and privacy.

Our researchers took a look at 50 popular health apps – for fitness, sleep tracking, meditation, mental health, quitting smoking, blood-sugar measurement, and medication reminders, among other purposes – to test their permissions.

Android health apps with dangerous permissions

Android permissions

The Android operating system has a comprehensive permission system designed to protect a user’s privacy and security. While many permissions are essential for apps to function properly, some could be considered more dangerous as they grant apps access to sensitive data and functionalities that, if misused, could compromise user privacy and security.

Here are some of the most dangerous Android app permissions:

  • Location Access: This permission allows apps to track the user’s precise location using GPS and network information. While some apps genuinely need this permission for features like maps and location-based services, malicious apps could misuse this data for stalking, surveillance, or targeted advertising
  • Camera and Microphone Access: Granting an app access to your device’s camera and microphone poses significant privacy risks. Malicious apps with such permissions could spy on users, capture sensitive information, or record audio and video without consent.
  • SMS and Call Log Access:

Source…