Security News

Computer systems are still down at CommonSpirit Health - America's second-largest nonprofit hospital network - more than a week after it was hit by a somewhat mystery cyberattack. Last week, the notice said this included "Electronic health record and other systems," and blamed "An IT security issue." That detail is missing from the latest missive, linked from the CommonSpirit dot-org website.

America's second-largest nonprofit healthcare org is suffering a security "Issue" that has diverted ambulances and shut down electronic records systems at hospitals around the country.CommonSpirit has yet to provide additional details about the cause of the issue, how many facilities were affected, whether any patient data was stolen in what may have been a cyberattack, and whether or not ransomware was involved, even following our prodding of the org.

Critical Insight announced the release of the firm's H1 2022 Healthcare Data Breach Report, which analyzes ​​breach data reported to the United States Department of Health and Human Services by healthcare organizations. This Help Net Security video reveals why attackers are changing targets and moving from large hospitals to smaller hospital systems.

With the healthcare industry continuing to be a top attack vector for cybercriminals and ransomware threat groups, H1 2022 saw an interesting change in targets as attackers moved from large hospital systems and payers, big targets that would likely yield the most data but also have more sophisticated defenses, to smaller hospital systems and specialty clinics that lack the same level of security preparedness, staff size, or budget. Total breaches are declining: The number of reported breaches crested during the second half of 2020 when organizations were so distracted by the pandemic that attackers had an easier time breaching their defenses.

The Center Hospitalier Sud Francilien, a 1000-bed hospital located 28km from the center of Paris, suffered a cyberattack on Sunday, which has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries."This attack on the computer network makes the hospital's business software, the storage systems, and the information system relating to patient admissions inaccessible for the time being," explains CHSF's announcement.

A class action lawsuit has been filed in the Northern District of California against Meta, the UCSF Medical Center, and the Dignity Health Medical Foundation, alleging that the organizations are unlawfully collecting sensitive healthcare data about patients for targeted advertising. According to the lawsuit, neither the hospitals nor Meta informs the patients about the data collection, no user consents are requested, and there is no visible indication of this process.

While other businesses worry about reputational damage when they're hit by a ransomware attack, hospitals have to worry about canceled operations and ambulances backing up outside the emergency department. If an attack does get through, there is immense pressure on hospitals to simply pay the ransom.

The relationship between medical device manufacturers and healthcare delivery organizations has always been challenged by a lack of good communication, mostly to the detriment of the latter. The impact of a cyberattack is not equally shared: While a HDO may be rendered inoperable for days or weeks by ransomware, the MDM may or may not be receiving some bad press.

Hospitals and Health Care group has disconnected all incoming and outgoing Internet connections after discovering they suffered a cyberattack that resulted in the theft of sensitive administrative and patient data. The cyberattack occurred on April 19th and affected the CHs of Vitry-le-François and Saint-Dizier, causing GHT to disconnect Internet connections to the hospitals to prevent the attack's spread and further data theft.

As many as five security vulnerabilities have been addressed in Aethon Tug hospital robots that could enable remote attackers to seize control of the devices and interfere with the timely distribution of medication and lab samples. Aethon TUG smart autonomous mobile robots are used in hospitals around the world to deliver medication, transport clinical supplies, and independently navigate around to perform different tasks such as cleaning floors and collecting meal trays.