Tag Archive for: hospitals

Cyberattacks on hospitals ‘should be considered a regional disaster,’ researchers find : NPR

/in


Cyberattacks on hospitals “should be considered a regional disaster,” a study finds.

Busà Photography/Getty Images


hide caption

toggle caption

Busà Photography/Getty Images

Cyberattacks on hospitals “should be considered a regional disaster,” a study finds.

Busà Photography/Getty Images

It was early May in 2021 when patients flooded the emergency room at the University of California San Diego Health Center.

“We were bringing in backup staff, our wait times had gone haywire, the whole system was overloaded,” said Dr. Christopher Longhurst, UC San Diego’s chief medical officer and digital officer. “We felt it.”

But the crunch wasn’t the result of a massive accident or the latest wave of patients infected by a new coronavirus variant. The influx was the direct result of a ransomware attack, a costly and unfortunately now common form of cybercrime in which hackers lock down their victims’ files and demand a ransom, often millions of dollars, to unlock them.

In reality, UC San Diego wasn’t the target. Their systems were intact. Instead, hackers had breached the hospital down the street, Scripps Health. The culprits not only took over the hospital’s digital records system and its entire computer network, but stole millions of patients’ confidential data. Scripps struggled for weeks to get back online, and is still dealing with the aftermath, having paid $3.5 million in a legal settlement earlier this year with patients whose data was exposed.

Cyberattacks on hospitals ‘should be considered a regional disaster,’ a study finds

Previously, there’s been very little concrete data or analysis breaking down the direct impacts of a cyberattack on a hospital, let alone an entire region of healthcare providers. Most evidence of harm, including deaths, remains anecdotal and has been the subject of lawsuits, including one…

Source…

Two hospitals, pharma company hit by ransomware attack in a month | Ahmedabad News

/in


AHMEDABAD: When a team of experts from the National Forensic Sciences University (NFSU) checked the logs of the ransomware files at a city hospital after a cyberattack, they were surprised – the execution of the file, which took place at 2am, had been sitting pretty in the system since March!
“The latest attack was found to be of the ransomware of Phobos class, which has been around since 2018 and evolving continuously. According to our information, in the past one month, there have been two major attacks on hospitals and a major pharma company. Of the three cases, an FIR has been filed for only one,” said a senior cyber cell official.

ransomware attack

“There could have been more such attacks, but the companies are often afraid of reporting such incidents fearing infamy and change in the company safety perception,” he added.
Sources privy to the investigation said that a delayed cyberattack is not uncommon, but fewer such cases have been reported in Gujarat so far.
“Such tactics are used by the attackers when they want to cover a very large ground and infect lateral systems. As seen in this case, even the backup servers were infected. It’s possible when the root directory is controlled by the attackers and the cyber security does not detect the impending attack,” said a cyber security expert.
NFSU sources said that while the system is up and running after a few days of the incident, the decryption of data is still going on. In a majority of the cases, decryption poses a major challenge.
The hospital administration has been advised to adopt cloud storage to safeguard against such incidents in the future.
Sunny Vaghela, CEO of a city-based cyber safety firm, said that healthcare has remained a major target for country-based and international hackers because of the huge database the hospitals and pharma companies maintain.
“They often threaten to release the data on the dark web or sell it for a price. Prevention is better than cure, and here also, the demand for penetration testing is on the rise. Firewall breaches and delayed activation of the ransomware ‘payload’ indicate that active cyber safety measures remained ineffective. There could be many reasons for it including pending system updates to…

Source…

Microsoft turns to court order to take down ransomware hacking tool that targeted hospitals

/in


Microsoft and a group of cybersecurity firms received help from the courts with the massive takedown Thursday of a notorious hacking tool that had been co-opted by cybercriminals to target hospitals and healthcare systems. 

Joining forces with cybersecurity firm Fortra and the Health Information Sharing and Analysis Center (H-ISAC), the firms applied for and received a court order designed to remove bootleg versions of Fortra’s Cobalt Strike software. Last Friday, the U.S. District Court for the Eastern District of New York awarded the court order to the organizations, enabling them to seize domain names where malicious actors were storing the “cracked” versions of the software.

For years, a malicious version of the tool — initially designed to enable companies to check their cyber defenses — has been manipulated by bad actors launching ransomware attacks on unwitting victims.

Ransomware families associated with the cracked copies of Cobalt Strike “have been linked to more than 68 ransomware attacks impacting healthcare organizations in more than 19 countries around the world,” according to Microsoft, costing hospital systems “millions of dollars in recovery and repair costs, plus interruptions to critical patient care services including delayed diagnostic, imaging and laboratory results, canceled medical procedures and delays in delivery of chemotherapy treatments.” 

As hospitals grappled with the coronavirus pandemic across the U.S., cybercriminals ramped up crippling cyber attacks designed to lock down computer networks containing patient data in exchange for hefty ransoms. Analysis conducted by the Cybersecurity and Infrastructure Security Agency (CISA) found such attacks posed long-term negative impacts on hospitals, creating more ambulance diversions and increased mortality. 

Older, illegal copies of the Cobalt Strike software — often referred to as “cracked” versions — have been abused by criminals in a series of high profile attacks, including those waged against the government of Costa Rica and the Irish Health Service Executive, according to Microsoft.

At least two infamous Russian-speaking ransomware gangs — Conti and LockBit — are listed…

Source…

Hospitals urged to tighten DDoS defenses after health data found on Killnet list

/in


The Killnet hacktivist group is actively targeting the health sector with DDoS attacks, claiming to have successfully exfiltrated data from a number of hospitals within the last month, according to a Department of Health and Human Services Cybersecurity Coordination Center alert.

In fact, users found and publicly shared global health and personal information belonging to global health organizations on the alleged Killnet list on Jan. 28.

John Riggi, the American Hospital Association’s national advisor for cybersecurity and risk, warned that “As of today, we understand that some of the named entities were, in fact, targeted by DDoS attacks.”

However, the impact of the activity was found to be “minimal and temporary with no impact to care delivery services,” he added. Although DDoS attacks don’t typically cause significant damage, the traffic surges brought on by these cyberattacks can cause website outages that can last for several hours or days.

As such, provider entities should ensure they have adequate DDoS protection for their web hosting.

Killnet is notorious for launching DDoS attacks with “thousands of connection requests and packets to be sent to the target server or website per minute, slowing down or even stopping vulnerable systems,” according to a December HC3 alert that followed a successful attack on a U.S. healthcare entity.

The group operates multiple public channels for recruitment purposes and has suspected ties with Russian government organizations like the Russian Federal Security Service (FSB) or the Russian Foreign Intelligence Service (SVR). But the connections have not been confirmed. 

What’s clear is that the group’s senior members have extensive experience with deploying DDoS attacks, having “previously operated their own DDoS services and botnets. Most of these operations rely on publicly available DDoS scripts and IP stressers.

But researchers are divided on the group’s impact, noting the group has failed at pivoting their attack models. In October, for example, Killnet successfully blocked the infrastructure of J.P. Morgan but was unable to disrupt the bank operations.

The Department of Justice seized 48 internet domains tied to some of…

Source…