HIPAA Journal – Hacking Group Targeting Healthcare
Highlights From The HIPAA Journal
From The July 13th Newsletter
A Russian hacking group named Cozy Bear is targeting healthcare organizations that were involved in COVID-19 research.
- The CISA issued a statement in July to raise awareness of the threat.
- The group conducts widespread scanning to identify unpatched vulnerabilities and uses publicly available exploits to gain a foothold in vulnerable systems.
- The patches for CVE-2019-19781, CVE-2019-11510, CVE-2019-13379 and CVE-2019-9670 should be prioritized.
Microsoft has released a patch to correct a 17-year old wormable remote code execution vulnerability in Windows DNS Server.
- This vulnerability, if discovered, could allow a hacker to take over an entire IT infrastructure.
- The flaw is due to how the Windows Domain Name System servers handle requests and affects all Windows servers that have been configured as DNS servers.
Officially 41 successful ransomware attacks on hospitals and healthcare providers in the first half of the year.
- Employees should be provided with regular security awareness training and all vendors that have access to healthcare systems should be audited to make sure they are adhering to best practices.
Recent cyber/ransomware attacks related to the Healthcare industry
- Benefit Recovery Specialists, a billing and collection company based in Texas, experienced an attack where over 274,000 patients were likely affected. The attacker gained unauthorized access for 10 days.
- The Central California Alliance for Health had an unauthorized user gain access to employee email accounts. Over 35,000 members were affected by this attack.
- Ann Hale of Hutton & Hale, D.D.S., Inc. had notified over 8,000 patients that their PHI was potentially accessed due to an authorized user gaining access to their databases and computers systems.