Tag Archive for: provider

Harris County, Texas, HHS Provider Hit With Ransomware

/in


(TNS) — Harris County officials had few details to add Thursday morning about the investigation into a recent ransomware attack on the county’s provider for mental health services, saying cybersecurity experts had recommended they not share information.

“As mentioned … we are not able to share further information,” said Nicole Lievsay, a spokeswoman for the Harris Center for Mental Health and IDD. “When we are able, we will share what is available.”

Late Wednesday, officials with the center said it had been the target of a ransomware attack Tuesday and that some employee files had become inaccessible because of encryption.


Investigators were working to determine if any data was compromised in the attack, officials said.

Technology professionals with the center preemptively shut down the network during the attack to prevent its spread, officials said. As a result, some staff have had limited access to their files and there have been delays with patient care.

Center administrators were working with their teams and third-party security response specialists to restore full functionality, officials said. Officials reported the attack to law enforcement but cybersecurity officials recommended not to share more information.

A spokesman for the FBI referred comments about whether the agency was investigating the matter to the county.

©2023 the Houston Chronicle, Distributed by Tribune Content Agency, LLC.

Source…

Large Michigan healthcare provider confirms ransomware attack

/in


One of the largest healthcare systems in Michigan confirmed that it is dealing with a ransomware attack after a notorious hacker gang boasted about the incident.

A spokesperson for McLaren HealthCare said the organization recently detected suspicious activity on its computer network and immediately began an investigation.

“Based on our investigation, we have determined that we experienced a ransomware event. We are investigating reports that some of our data may be available on the dark web and will notify individuals whose information was impacted, if any, as soon as possible,” a spokesperson said.

McLaren operates 13 hospitals across Michigan, as well as other medical services such as infusion centers, cancer centers, primary and specialty care offices and a clinical laboratory network. The company has more than 28,000 employees and also has a wholly owned medical malpractice insurance company.

Earlier this month, the company reported outages affecting billing and electronic health record systems. According to the Detroit Free Press, McLaren had to shut down the computer network at 14 different facilities — a situation that got so bad that employees had to communicate through their personal phones.

The spokesperson said McLaren has “retained leading global cybersecurity specialists to assist in our investigation, and we have been in touch with law enforcement. We have also taken measures to further strengthen our cybersecurity posture with a focus on securing our systems and limiting disruption to our patients and the communities we serve.”

The spokesperson added that systems “remain operational” but did not respond to requests for comment about whether billing and record systems had been restored to functionality. They did not say whether a ransom would be paid.

The Black Cat/AlphV ransomware gang took credit for the attack in a post on its leak site early on Friday morning.

The gang — which initially did not name the company before hours later adding McLaren’s name — claimed to have stolen 6 TB of data, allegedly including the personal data of millions as well as videos of the hospitals’ work.

mclaren-healthcare-michigan-map.pngImage: McLaren HealthCare

Michigan’s Emergency Management…

Source…

Encrypted email provider Proton has built its own CAPTCHA service

/in


Image Credits: Oleksandr Hruts / Getty Images

Proton, the Swiss company that develops privacy-focused online services such as email, has developed its very own CAPTCHA service to help discern between genuine login attempts and bots — and it touts the new system as the world’s first CAPTCHA that is “censorship resistant.”

The company said it has already been testing its CAPTCHA system for several months, and has now transitioned to its home-grown solution entirely.

“As we investigated available CAPTCHA options, we weren’t satisfied, so we decided to develop our own,” Eamonn Maguire, a former Facebook engineer who now heads up Proton’s machine learning team, wrote in a blog post. “Our primary goal was to provide a system that doesn’t compromise on privacy, usability and accessibility, or security.”

CAPTCHAs, a contrived acronym that stands for the decidedly less-punchy “completely automated public Turing test to tell computers and humans apart,” have long been used on the web to prevent bots from creating multiple accounts with a specific service, or illicitly trying to access someone else’s account through credential stuffing. This is usually presented to the user in the form of a visual or cognitive challenge, one that is relatively easy for a human to complete but difficult for a machine.

CAPTCHAs, while generally effective, come with trade-offs in terms of usability, accessibility, cultural biases, and annoyances that businesses would prefer not to impose on their users. This is why companies such as Apple and Cloudflare have sought ways to tell the difference between humans and bots automatically using alternative mechanisms, such as through device and telemetry data.

And then there is the elephant in the room that is data privacy, with some CAPTCHA services — notably Google’s ReCAPTCHA — collecting hardware and software data. And for a company such as Proton, which has built an entire business off the back of privacy-focused tools such as email, a VPNpassword manager, cloud storage, calendar, and password manager, it doesn’t make a whole heap of sense to compromise its reputation through relying on such third-party…

Source…

Hosting provider CloudNordic loses customer data in ransomware attack

/in


Danish cloud hosting provider CloudNordic ApS has been struck by a ransomware attack that resulted in most customer data being lost and its systems rendered unusable.

According to a statement on the company’s website, the ransomware attack took place on Aug. 18 local time, with those behind the attack shutting down all systems, including websites, email systems and customer support systems. In their words, the attack affected “everything” and “paralyzed CloudNordic completely.”

The attack occurred as the company moved servers from one data center to another. Despite the machines being moved being protected by security software, some of the machines were infected before the move, and when they were moved, they then infected the new data center. Unfortunately, the company had all of its internal systems in the new data center.

In this case, the ransomware spread via CloudNordic’s internal network, gaining access to central administration and backup systems. Via the backup system, the attackers then gained access to all storage, the replication backup system and the secondary backup system, encrypting data on every system it got to.

The form of ransomware was not disclosed, but regardless of its type, CloudNordic noted, it cannot and does not want to meet the ransom being demanded by the hackers. According to Danish media Wednesday, the attack has also affected hundreds of companies that used CloudNordic for their hosting.

“This is another example of cyber gangs strategically focusing on high-value targets like managed service providers where they can use data exfiltration to extort multiple organizations at once and increase the odds of ransom payment,” Darren Wiliams, founder and chief executive of ransomware protection company BlackFog Inc., told SiliconANGLE. “This means the aftermath of the attack will likely unfold over a prolonged period, similar to the MOVEit attacks.”

Kevin Kirkwood, deputy chief information systems officer at security intelligence firm LogRhythm Inc., noted that ransomware attacks continue to target businesses with substantial data.

“Effectively countering these cyberthreats demands thorough readiness and enterprises must adopt…

Source…