Tag Archive for: Vendor

Pediatric EMR Vendor Hack Affects 2.2 Million

/in


Cloud Security
,
HIPAA/HITECH
,
Security Operations

Incident Spotlights Multiple Common But Serious Data and Vendor Concerns

Marianne Kolbasuk McGee (HealthInfoSec) •
December 2, 2022    

Pediatric EMR Vendor Hack Affects 2.2 Million
Connexin Software, vendor of Office Practicum pediatric EMR software, says a hacked offline data set affected millions. (Photo source: Connexin Software Inc.)

A hacking incident at a cloud-based electronic health records and practice management software vendor affects dozens of the company’s pediatric practice clients and more than 2.2 million of their patients and other individuals.

See Also: Live Webinar | How To Meet Your Zero Trust Goals Through Advanced Endpoint Strategies

Pennsylvania-based Connexin Software Inc., which does business as Office Practicum, reported the hack to the U.S. Department of Health and Human Services on Nov. 11 and said it involved a network server.

Connexin in its breach notification statement lists about 120 pediatric practices affected by the incident.

In the statement, Connexin says that on Aug. 26, it detected “a data anomaly” on its internal network. A forensics investigation determined that an unauthorized third party had gained access to an internal computer network, removing some data contained in an “offline” patient data set used for data conversion and troubleshooting.

Connexin’s “live” electronic medical record system was not accessed, and the incident also did not affect any pediatric practice groups’ systems, databases or medical records systems, the statement says.

In any case, the range of patient data potentially compromised in the incident is wide. Connexin says patient…

Source…

Suffolk cyberattack: County consultant also lobbies for vendor hired to fortify system

/in


A consulting firm hired to help manage Suffolk County’s response to a ransomware attack also has served as a lobbyist for the computer security company brought in more than three years ago to analyze and fortify Suffolk’s networks, according to a Newsday analysis of records.

Computer security experts and a government watchdog group said consulting firm RedLand Strategies and founder Michael Balboni’s roles as state lobbyist for the company — and consultant to Suffolk County — could present potential conflicts of interest in the cleanup of the Sept. 8 cyberattack.

Separately, computer experts raised concerns that Palo Alto Networks, the company that provided the front-line firewall of Suffolk’s defense against cyberattacks, is acting as the primary forensic auditor to analyze what happened when the county’s system was breached.

RedLand and Palo Alto, both responsible for helping safeguard Suffolk’s computer system since 2019, recently were awarded new contracts to manage the county’s response to the attack, determine how the breach occurred and to help fix it.

WHAT TO KNOW

  • A consultant brought in to help manage Suffolk’s response to the Sept. 8 ransomware attack also has served as a lobbyist for a security system vendor that provided Suffolk’s front line of defense. 
  • Good government experts say the roles could present a conflict, but others say the current state of emergency and continuing impacts warrant the measures. 
  • An annual computer network risk-assessment report required by 2018 legislation has been finished only once, and a top recommendation to hire a cybersecurity chief wasn’t followed.
  • Experts say the county should look to independent forensic auditors to conduct a thorough investigation of the cyber breach, rather than use an arm of the firewall company. 

Suffolk has yet to publicly say how ransomware attackers infiltrated its system — potentially hundreds of times in the days and weeks leading up to the attack — but no one is blaming RedLand or Palo Alto. The attack has hobbled telephone and email systems and impacted the police department, Department of Health Services, and the Traffic and Parking Violations Agency as the…

Source…

Romanian Malware Hosting Vendor Extradited to US

/in


Mihai Paunescu, aka Virus, Faces 3 Criminal Counts in Court

Mihir Bagwe (MihirBagwe) •
July 20, 2022    

Romanian Malware Hosting Vendor Extradited to US
Mihai Paunescu after his detention in Colombia (Photo courtesy of the Office of the Attorney General of Colombia)

A Romanian man accused of managing the digital infrastructure behind a banking Trojan that stole tens of millions of dollars now finally faces trial in the United States after his extradition from South America.

See Also: OnDemand | Fireside Chat | Zero Tolerance: Controlling The Landscape Where You’ll Meet Your Adversaries

Federal authorities yesterday presented Mihai Ionut Paunescu, aka Virus, in Manhattan federal court a year after Colombian authorities detained the fugitive in a Bogota airport. Romanian authorities arrested Paunescu in 2012 but released him on bail. A U.S. grand jury returned a three-count indictment against him in 2013. If convicted on all charges – conspiracy to commit bank fraud, wire fraud and computer intrusion – the 37-year-old faces a maximum of 60 years imprisonment.

Paunescu offered cybercriminals so-called “bulletproof hosting,” including a command-and-control server for the Gozi malware that during the early 2000s infected more than 1 million computers. Among them were 60 computers belonging to NASA, through which thieves stole about $19,000.

His business model was to rent servers and network connectivity from legitimate providers and sublease the infrastructure to other cybercriminals. Other malware Paunescu is accused of facilitating include the Zeus and SpyEye Trojans. He also allegedly allowed his criminal clientele to execute DDoS attacks by hosting the BlackEnergy bot toolkit.

Paunescu kept a database to manage his server subleasing operation that included labels such as “zeus 100%SBL” and “100%SBL malware.”

The indictment shows he helped clients evade detection by law enforcement agencies by scanning lists of suspicious or untrustworthy IP addresses maintained by the Spamhaus Project. In case of a match, he relocated his…

Source…

Enterprise Data Warehouse Market Research Report Highlights the Key Findings in the Area of Vendor Landscape, Key Market Segments, Regions, and Latest Trends and Drivers

/in


The market structure is expected to remain fragmented during the forecast period. Vendors are deploying different organic and inorganic growth strategies to compete in the market.

  • Alphabet Inc.
  • Amazon.com Inc.
  • Cloudera Inc.
  • HCL Technologies Ltd.
  • International Business Machines Corp.
  • Microsoft Corp.
  • Oracle Corp.
  • SAP SE
  • Snowflake Inc.
  • Teradata Corp.

View more about the market’s vendor landscape highlights with a comprehensive list of vendors and their offerings.

Key Market Segmentation

The enterprise data warehouse market share growth by the cloud-based segment will be significant during the forecast period.

  • Deployment
  • Geography
    • North America
    • Europe
    • APAC
    • MEA

Request Sample Report of this report for more highlights into the market segments.

Regional Market Outlook

North America will account for 36% of the market’s growth. In North America, the US is the most important market for enterprise data warehouses. This region’s market will grow at a quicker rate than Europe, the Middle East, and South America. Over the projection period, the enterprise data warehouse market in North America would benefit from the technical maturity of numerous industries and the existence of many significant players.

Apart from regions, if we look at the country-wise market growth, US, China, UK, India, and Germany will contribute to the highest market growth.

Download our sample report for more key highlights on the regional market share of most of the above-mentioned countries.

Latest Trends, Driving the Global Enterprise Data Warehouse Market

  • Market Driver:
    • One of the primary enterprise data warehouse market development drivers is the proliferation of data across industries. The amount of data produced by industries is growing all across the world. Most businesses record and save both financial and non-financial transactions. The complexity and diversity of data sets grow as businesses become more digital. The majority of applications benefit from the adoption of business data warehouse solutions to increase data processing and analysis. As a result, the worldwide enterprise data warehouse market will develop in the future years due to the explosion of data across industries.
  • Market Challenge:
    • One of the…

Source…