Security News

German hospital network Katholische Hospitalvereinigung Ostwestfalen has confirmed that recent service disruptions at three hospitals were caused by a Lockbit ransomware attack. It severely impacted the systems that support the operations of three hospitals in Bielefeld, Rheda-Wiedenbrück, and Herford, Germany.

Two British teens who were members of the Lapsus$ gang have been sentenced for their roles in a cyber-crime spree that included compromising Uber, Nvidia, and fintech firm Revolut, and also blackmailing Grand Theft Auto maker Rockstar Games. Arion Kurtaj, 18, of Oxfordshire, was sentenced Thursday to detention at a hospital in the UK for an indefinite amount of time.

Kurtaj who is 18 years of age and autistic is among the primary Lapsus$ threat actors, and was involved in the leak of assets associated with the video game, Grand Theft Auto VI. Sentenced to life in a 'secure hospital'. Arion Kurtaj, a member of the Lapsus$ cybercrime group, was sentenced indefinitely to a "Secure hospital" by a British judge, according to a BBC report.

The U.S. Department of Health and Human Services warned hospitals this week to patch the critical 'Citrix Bleed' Netscaler vulnerability actively exploited in attacks. "The Citrix Bleed vulnerability is being actively exploited, and HC3 strongly urges organizations to upgrade to prevent further damage against the Healthcare and Public Health sector. This alert contains information on attack detection and mitigation of the vulnerability," HC3 warned.

NHS Fife is on the wrong end of a stern ticking off by Britain's data regulator after it made a howling privacy error that aided an as yet unknown person who had entered a hospital ward only to walk off with data on 14 patients. Due to a "Lack of checks and formal processes" the unauthorized individual who was not employed by the health service was "Handed" a document containing the personal data of 14 patients, and even helped administer care to one, the ICO investigation found.

Capital Health hospitals and physician offices across New Jersey are experiencing IT outages after a cyberattack hit the non-profit organization's network earlier this week. Capital Health confirmed that both hospitals are currently accepting incoming patients, including emergency rooms and all other locations, under protocols established for system downtime.

Ardent Health Services, a healthcare provider operating 30 hospitals across six U.S. states, disclosed today that its systems were hit by a ransomware attack on Thursday. "Ardent Health Services and its affiliated entities became aware of an information technology cybersecurity incident on the morning of November 23, 2023, which has since been determined to be a ransomware attack," the organization said on Monday.

The former chief operating officer of a cybersecurity company has pleaded guilty to hacking two hospitals, part of the Gwinnett Medical Center, in June 2021 to boost his company's business. Vikas Singla, who worked for Securolytics, a network security company that provided services to the healthcare industry, pleaded guilty to hacking into the systems of GMC Northside Hospital hospitals in Duluth and Lawrenceville, as prosecutors said in a June 2021 indictment.

An Atlanta tech company's former COO has pleaded guilty to a 2018 incident in which he deliberately launched online attacks on two hospitals, later citing the incidents in sales pitches. Under a plea deal he signed last week, Vikas Singla, a former business leader at network security vendor Securolytics - a provider to healthcare institutions, among others - admitted that in September 2018 he rendered the Ascom phone system of Gwinnett Medical Center inoperable.

Cybercriminals have Canada in the crosshairs, with five Ontario hospitals and a fresh Spamoflague disinformation campaign targeting "Dozens" of Canadian government officials, including the PM. The cyberattack against five southern Ontario hospitals has shut down IT systems, forcing them to cancel patient appointments over "The next few days," according to service provider TransForm. On Monday, the services org posted an alert saying that its member hospitals and Windsor-Essex Hospice were experiencing a systems outage, which included email.