The recent cyberattack on healthcare shows just how vulnerable this sector is
The clear BlackCat ransomware attack shows the risks to the healthcare industry and suppliers
An apparent ransomware attack on a major electronic health record company shows just how vulnerable the healthcare industry is to potentially catastrophic cyberattacks.
The cyber incident affected NextGen Healthcare last week. It appears to have been caused by a ransomware group that the Department of Health and Human Services warned of earlier this month.
The company says it doesn’t appear the hackers obtained any customer data, though it doesn’t say anything about patient or employee data. The suspected Russian ransomware group that claimed responsibility, BlackCat, placed an alleged sample of NextGen information on its extortion site—usually used to force victims to pay or risk further exposure—but later delisted NextGen.
However, the NextGen incident is finally happening, it highlights trends in attacks on key vendors and the healthcare system.
What happened (according to those involved)
Founded in 1974, NextGen Healthcare is headquartered in Atlanta and has 2,800 employees and reported revenue of nearly $600 million in 2022. It says it provides software and technology services in “mobile” settings, a term ranging from doctors’ offices to outpatient clinics, and has helped more than from 2,500 healthcare organizations worldwide.
This is what NextGen told the media on Happened in response to inquiries about BlackCat’s list of extortion sites:
- NextGen Healthcare is aware of this allegation, and we are working with leading cybersecurity experts to investigate and address it. We immediately contained the threat, secured our network, and returned to normal operations. Our forensic review is ongoing and, to date, we have not uncovered any evidence of access. to or steal customer data. The privacy and security of our customer information is of the utmost importance to us.”
The statement is silent on whether any patient or employee data was affected, Databreaches.net pointed out. Company spokespeople did not answer questions about elements of the incident on Sunday. and an alleged spokesperson for BlackCat (also known as ALPHV) Refuse to provide further evidence To obtain customer data.
It is not uncommon for companies to later learn that the breach was more extensive than originally thought. It is also not uncommon for cybercriminals to lie about the type of data they stole, or They brag about having stolen something they never did.
BlackCat is a “relatively new ransomware threat to the health sector, but one that is highly capable.” to me Briefing on the HHS threat On January 12th Not the first time US authorities issued warnings About the group.
- HHS called it a “triple extortion” group, which is characterized by ransomware attacks that accompany threats of data leakage and distributed denial-of-service attacks aimed at knocking websites offline.
- It has ties to notorious old Russian ransomware gangs, such as Darkside/Black Matter and REvil.
- The group said it does not “attack government medical institutions, ambulances, and hospitals,” but that “the rule does not apply to pharmaceutical companies and private clinics.” HHS notes that ransomware gangs frequently break these promises.
- BlackCat favors American targets, according to HHS, which is common for ransomware gangs, many of which are believed to be located in Eastern Europe.
Ransomware risks to healthcare organizations severeIncluding It may cause the death of the patient. North Korean and Iranian hackers have Show special interest In the follow-up to the attacks on the sector.
Companies providing services to other companies are a prominent way for ransomware gangs and other cyber criminals to expand their reach. Notable incidents include:
- In 2021, REvil entered a software system Developed by Kaseyawhich in turn affected what Kaseya estimated were between 800 and 1,500 companies.
- suspected Russian hackers Access SolarWinds As a way to reach US government agencies, government organizations around the world, and major technology companies.
- Specifically in the healthcare sector, a ransomware incident in the UK last summer affect the service provider It caused problems for the country’s National Health Service.
No matter how the NextGen incident turns out, it is one episode in an eventful start to 2023 due to ransomware. This year has seen the usual array of attacks and revelations mixed with some unusual setbacks.
- restaurants in the UK, including KFC, Pizza Hut and Taco Bell, It had to be shut down After a ransomware attack on parent company Yum! the company said on Wednesday.
- The Los Angeles Unified School District earlier this month acknowledged that last year’s ransomware hackers He stole employees’ social security numbers.
- On New Year’s Eve, the LockBit gang apologized for what it said was a subsidiary hacking into a children’s hospital in Canada, and I offered the hospital a decoder to open their systems.
- A study by blockchain analytics firm Chainalysis was released over the weekend Suggest that ransomware payments In 2022, as more victims seemed to refuse to pay ransom to the scammers holding their networks hostage. The company concluded that ransomware criminals continue to use cryptocurrency, contributing to illegal crypto activity reaching an all-time high last year. In another report this year.
Cybercriminals steal over $500,000 from the Republican Senator’s Campaign Committee
They stole the money after sending Moran bogus bills to Congress, the senator’s campaign committee. Jerry Moran (Republic of Cannes.) Raw storyDave Leventhal reports. The FEC said the commission recovered about a quarter of the stolen funds, which amounted to $690,000.
“Cybercriminals targeted the accounting firm used by Moran For Kansas and funds were diverted to fraudulent bank accounts,” according to a Moran For Kansas spokesperson. Tom Brandt Tell your Raw Story in an email. “As soon as a discrepancy was realized, it was reported to law enforcement. We are currently pursuing all available avenues for refunds and there is an ongoing investigation with the FBI. The campaign has also consulted with the Federal Election Commission on how to transparently report unauthorized expenditures.”
Cybercriminals have targeted other political campaigns as well. Joining Moran among politicians at the federal level to experience thefts from their campaign accounts in recent years is the president Joe Bidenwhose committee lost its 2020 Democratic presidential campaign at least $71,000,” Leventhal wrote. “Republican National Committee, Rep. Diana Harshbarger (Republic of – Tennessee), Former Democratic Presidential Candidate and Congressman Tulsi Gabbard and rapper-turned-2020 presidential candidate Yee, ex- Kanye Westamong others who reported money stolen from their political accounts.”
T-Mobile has been hacked — again
T-Mobile said the hacker stole information such as names, addresses, emails, phone numbers, dates of birth and account numbers on up to 37 million customers, TechcrunchLorenzo Franceschi-Peccherai reports. It’s the eighth time the phone company – which has 110 million customers – has been hacked since 2018.
The company said in a report on the securities deposit and exchange commission.
A company spokesperson did not respond to TechCrunch’s request for comment.
A hacker found a sensitive US no-fly list on an open server
Swiss hacker Maya arson The list – which includes people who are not allowed to travel to or from the United States – was found on a server operated by a regional US airline, daily pointMikael Thalin and David Kovucci Report.
“The server contained data from the 2019 version of the federal no-fly list that included first and last names and dates of birth,” CommuteAir spokesman Eric Kane told The Daily Dot. “In addition, access to certain flight information and a CommuteAir employee was available. We have submitted a notification to the Cybersecurity and Infrastructure Security Agency and are continuing the full investigation.”
The Transportation Security Administration told the Daily Dot that it is “aware of a potential cybersecurity incident with CommuteAir, and we are investigating in coordination with our federal partners.”
Law enforcement authorities in the United States have noticed the hacker, Crew, before. In 2021, a grand jury Accused He accused the hacker of hacking “dozens of companies and government agencies”. Crimew was also a member of a group of hackers violated Verkada surveillance camera company.
Hackers Infiltrated LAUSD Computers Much Earlier Than Previously Known, District Investigation Finds (Los Angeles Times)
- cable jack And Lauren Zaberyk Join the Cybersecurity and Infrastructure Security Agency as a Senior Technical Advisor and Senior Policy Advisor.
- CIA Deputy Director for Analysis Linda Weisgold He speaks at an event hosted by the National Intelligence and Security Alliance on Tuesday at 9 a.m
Thanks for reading. see you tomorrow.