Security News

The Federal Bureau of Investigation has issued an alert about hackers targeting healthcare payment processors to route payments to bank accounts controlled by the attacker. Cybercriminals are combining multiple tactics to obtain login credentials of employees at payment processors in the healthcare industry and to modify payment instructions.

'Cyber insecurity' in healthcare is leading to increased patient mortality rates. The most common consequences of attacks are delayed procedures and tests, resulting in poor patient outcomes for 57% of respondent healthcare providers and increased complications from medical procedures for nearly half, according to the report Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care.

U.S. healthcare provider Novant Health has disclosed a data breach impacting 1,362,296 individuals who have had their sensitive information mistakenly collected by the Meta Pixel ad tracking script. To track these advertisements, the healthcare company added the Meta Pixel code to their site to measure how well the advertisements worked.

If you want to understand a little more about it, your Naked Security article explains it incredibly well for people that are not normally acquainted with things like APIC controllers. Do you think, Chester, that they've targeted the Conti gang because they had a little bit of dishonour among thieves, as it were?

In Q2 2022, Kroll observed a 90% increase in the number of healthcare organizations targeted in comparison with Q1 2022, dropping the final nail in the coffin for the "Truce" some criminal groups instituted earlier in the COVID-19 pandemic. Ransomware helped to fuel this uptick against healthcare as attacks increased this quarter to once again became the top threat, followed closely by email compromise.

Cynerio and the Ponemon Institute have examined the current impact of cyberattacks on healthcare facilities and network-connected IoT and medical devices, and found multiple alarming trends. The Insecurity of Connected Devices in HealthCare 2022 Report surveyed 517 experts in leadership positions at hospitals, clinics, healthcare service providers, and healthcare systems throughout the United States.

A class action lawsuit has been filed in the Northern District of California against Meta, the UCSF Medical Center, and the Dignity Health Medical Foundation, alleging that the organizations are unlawfully collecting sensitive healthcare data about patients for targeted advertising. According to the lawsuit, neither the hospitals nor Meta informs the patients about the data collection, no user consents are requested, and there is no visible indication of this process.

The U.S. Department of Justice has announced the seizure of approximately $500,000 in Bitcoin, paid by American health care providers to the operators of the Maui ransomware strain. At the start of this month, Maui was highlighted by the FBI and CISA as a new North Korean-backed ransomware operation extorting western organizations with encryption attacks.

Professional Finance Company, a Colorado-based debt collector whose customers include hundreds of US hospitals, medical clinics, and dental groups, recently disclosed that more than 1.9 million people's private data - including names, addresses, social security numbers and health records - was exposed during a ransomware infection. In a notice [PDF] posted on its website, PFC said it "Detected and stopped a sophisticated ransomware attack" on February 26 this year, during which criminals accessed files containing data from more than 650 healthcare providers [PDF].

Security vulnerabilities pose a risk to any organization, as attackers can take advantage of them to launch malware, infiltrate networks and compromise sensitive data. A recent report from security firm Cyber SecurityWorks looks at how security flaws can be weaponized to attack healthcare organizations.