Security News

Two thousand servers containing 45 million images of X-rays and other medical scans were left online during the course of the past twelve months, freely accessible by anyone, with no security protections at all. Among the data - drawn from unprotected online storage devices with ties to hospitals and medical centres all over the planet - were 23,000 images of UK patients, left exposed to the public internet on 90 separate servers.

Despite hospitals being on the front lines during the pandemic, bad actors have continued to target them with ransomware. Incidents of ransomware attacks against hospitals skyrocketed in October.

A late October cyberattack on the computer systems of the University of Vermont Medical Center is costing the hospital about $1.5 million a day in lost revenue and recovery costs, its CEO said. The Oct. 28 attack crippled the computer systems of the hospital system that serves much of Vermont and parts of upstate New York.

Administrators scrambled to keep the hospital operational - cancelling non-urgent appointments, reverting to pen-and-paper record keeping and rerouting some critical care patients to nearby hospitals. The Vermont hospital had fallen prey to a cyberattack, becoming one of the most recent and visible examples of a wave of digital assaults taking U.S. health care providers hostage as COVID-19 cases surge nationwide.

The University of Vermont Health Network is still recovering from a Ryuk Ransomware attack in October 2020, with services slowly coming back online. In October, the University of Vermont hospitals suffered a Ryuk ransomware attack that impacted services to varying degrees in all seven hospitals in their health network.

Wired has a detailed story about the ransomware attack on a Dusseldorf hospital, the one that resulted in an ambulance being redirected to a more distant hospital and the patient dying. After a detailed investigation involving consultations with medical professionals, an autopsy, and a minute-by-minute breakdown of events, Hartmann believes that the severity of the victim's medical diagnosis at the time she was picked up was such that she would have died regardless of which hospital she had been admitted to.

The world's second-largest white-label laptop manufacturer, has been hit by the file-scrambling DoppelPaymer ransomware gang - and the hackers want $17m in cryptocurrency before they'll hand over the decryption key. Compal staff say they arrived at work on Monday to be told of the outbreak, and that they needed to back up their files.

Republican Gov. Phil Scott said Wednesday that he has called in the Vermont Army National Guard's Combined Cyber Response Team to help the University of Vermont Health Network respond to last week's cyberattack that officials said caused significant network problems affecting six hospitals in Vermont and New York. The team will work with the health network to review thousands of computers and devices and ensure they do not have malware or virus, the governor said.

Hackers are stepping up attacks on health care systems with ransomware in the United States and other countries, creating new risks for medical care as the global coronavirus pandemic accelerates. The three agencies "Have credible information of an increased and imminent cybercrime threat to US hospitals and health care providers," said the alert issued Wednesday, calling on health systems to "Take timely and reasonable precautions to protect their networks from these threats."

Threatpost breaks down the scariest stories of the week ended Oct. 30 haunting the security industry -- including bugs that just won't die.