Security News

A new DDoS-as-a-Service platform named 'Passion' was seen used in recent attacks by pro-Russian hacktivists against medical institutions in the United States and Europe. "The Passion Botnet was leveraged during the attacks on January 27th, targeting medical institutions in the USA, Portugal, Spain, Germany, Poland, Finland, Norway, Netherlands, and the United Kingdom as retaliation for sending tanks in support of Ukraine," said Radware researchers.

The LockBit ransomware gang has released a free decryptor for the Hospital for Sick Children, saying one of its members violated rules by attacking the healthcare organization. On December 18th, the hospital suffered a ransomware attack that impacted internal and corporate systems, hospital phone lines, and the website.

The André-Mignot teaching hospital in the suburbs of Paris had to shut down its phone and computer systems because of a ransomware attack that occurred on Saturday evening. Jean-Noël Barrot, the Minister Delegate in charge of Digital Transition and Telecommunications, said the hospital immediately isolated the infected systems to limit the spread of the malware to additional devices and alerted the French National Authority for Security and Defense of Information Systems.

Should hospital ransomware attackers get life in prison? Who was the Countess of Computer Science, and just how close did we come to digital music in the 19th century? And could a weirdly wacky email brick your iPhone? The problem with a messaging app is that: [A] it tends to run in the background, so it can receive a message at any time; [B] you don't get to choose who sends you messages, other people do; and [C] it may be that in order to get into the app to delete the rogue message, you have to wait for the app to load, and it decides.

Computer systems are still down at CommonSpirit Health - America's second-largest nonprofit hospital network - more than a week after it was hit by a somewhat mystery cyberattack. Last week, the notice said this included "Electronic health record and other systems," and blamed "An IT security issue." That detail is missing from the latest missive, linked from the CommonSpirit dot-org website.

America's second-largest nonprofit healthcare org is suffering a security "Issue" that has diverted ambulances and shut down electronic records systems at hospitals around the country.CommonSpirit has yet to provide additional details about the cause of the issue, how many facilities were affected, whether any patient data was stolen in what may have been a cyberattack, and whether or not ransomware was involved, even following our prodding of the org.

Critical Insight announced the release of the firm's H1 2022 Healthcare Data Breach Report, which analyzes ​​breach data reported to the United States Department of Health and Human Services by healthcare organizations. This Help Net Security video reveals why attackers are changing targets and moving from large hospitals to smaller hospital systems.

With the healthcare industry continuing to be a top attack vector for cybercriminals and ransomware threat groups, H1 2022 saw an interesting change in targets as attackers moved from large hospital systems and payers, big targets that would likely yield the most data but also have more sophisticated defenses, to smaller hospital systems and specialty clinics that lack the same level of security preparedness, staff size, or budget. Total breaches are declining: The number of reported breaches crested during the second half of 2020 when organizations were so distracted by the pandemic that attackers had an easier time breaching their defenses.

The Center Hospitalier Sud Francilien, a 1000-bed hospital located 28km from the center of Paris, suffered a cyberattack on Sunday, which has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries."This attack on the computer network makes the hospital's business software, the storage systems, and the information system relating to patient admissions inaccessible for the time being," explains CHSF's announcement.

A class action lawsuit has been filed in the Northern District of California against Meta, the UCSF Medical Center, and the Dignity Health Medical Foundation, alleging that the organizations are unlawfully collecting sensitive healthcare data about patients for targeted advertising. According to the lawsuit, neither the hospitals nor Meta informs the patients about the data collection, no user consents are requested, and there is no visible indication of this process.