A joint cybersecurity advisory has been issued by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC) warning of ongoing attacks by an Iranian Advanced Persistent Threat (APT) actor on critical infrastructure sectors including the healthcare and public health… Read More »

A new study conducted by Medigate and CrowdStrike has highlighted the extent to which healthcare Internet of Things (IoT) devices are being targeted by threat actors and warns about the worrying state of IoT security in the healthcare industry. The number of IoT devices being used in healthcare has increased significantly in recent years as… Read More »

NorthCare, an Oklahoma City, OK-based mental health clinic, was the victim of a ransomware attack in June 2021 in which patients protected health information may have been compromised. NorthCare identified suspicious network activity on June 1, 2021, when ransomware was used to encrypt files. The investigation into the attack confirmed its network was breached on… Read More »

Lakeshore Bone & Joint Institute, an orthopedic practice in Indiana, has experienced a breach of its Microsoft Office 365 environment, which included emails and attachments that contained the protected health information of certain patients. Unusual activity was detected in an employee email account on July 7, 2021. Steps were immediately taken to prevent further unauthorized… Read More »

A recent survey conducted by the unified asset visibility and security platform provider Armis has explored the state of cybersecurity in healthcare and the security risks that are now faced by healthcare organizations. The survey was conducted by Censuswide on 400 IT professionals at healthcare organizations across the United States, and 2,000 U.S. patients to… Read More »

The protected health information of 1,271,642 individuals has been exposed and potentially stolen in two healthcare hacking incidents that were recently been reported to the Department of Health and Human Services’ Office for Civil Rights. PHI of 688,000 Individuals Compromised in Sea Mar Community Health Centers Hack Sea Mar Community Health Centers is a nonprofit… Read More »

13 vulnerabilities have been identified in the Siemens Nucleus RTOS TCP/IP stack that could potentially be exploited remotely by threat actors to achieve arbitrary code execution, conduct a denial-of-service attack, and obtain sensitive information. The vulnerabilities, dubbed NUCLEUS:13, affect the TCP/IP stack and related FTP and TFTP services of the networking component (Nucleus NET) of… Read More »

Southern Ohio Medical Center (SOMC) Diverts in Portsmouth, OH, is recovering from a cyberattack that occurred on the morning of Thursday, November 18, 2021. The attack forced the hospital to go on diversion and direct ambulances to other healthcare facilities. The hospital also had to cancel some appointments and outpatient services. “This morning, an unauthorized… Read More »

The New Jersey Attorney General and has fined two printing firms $130,000 over alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) and the New Jersey Consumer Fraud Act (CFA) which contributed to a breach of the protected health information (PHI) of 55,715 New Jersey residents. Command Marketing Innovations, LLC (CMI) and Strategic… Read More »

The United States Department of Justice (DoJ) has unsealed indictments charging two individuals for their roles in multiple REvil/Sodinokibi ransomware attacks on organizations in the United States. Ukrainian national, Yaroslav Vasinskyi, 22, has been indicted on multiple charges related to the ransomware attacks, including the supply chain attack that saw Kaseya’s Virtual System/Server Administrator (VSA)… Read More »