A joint security advisory has been issued by cybersecurity agencies in the United States, United Kingdom, and Australia, warning about the increased globalized threat of ransomware attacks and the elevated risk of targeted attacks on critical infrastructure entities. The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the National Security Agency… Read More »

Inmediata, a provider of clearinghouse services and business process software, has agreed to settle a class action lawsuit filed by victims of its 2019 security breach that exposed the protected health information of more than 1.56 million individuals. In January 2019, Inmediata discovered a misconfiguration on its website resulted in internal web pages containing electronic… Read More »

Brownwood, Texas-based Cross Timbers Health Clinics, operating under the brand AccelHealth, suffered a ransomware attack on December 15, 2021, which prevented the Federally Qualified Health Center from accessing certain files and folders on its network. AccelHealth engaged third-party forensics specialists to investigate the security breach who determined unauthorized individuals first gained access to its network… Read More »

The German business software provider SAP has released patches to fix a set of critical vulnerabilities that affect SAP applications that use the SAP Internet Communications Manager (ICM). The vulnerabilities were identified by researchers at Onapsis Research Labs, who dubbed the flaws ICMAD (Internet Communications Manager Advanced Desync). All three of the flaws could be… Read More »

The U.S. District Court for the Western District of New York has recommended a class action data breach lawsuit against Practicefirst Medical Management Solutions over a 2020 ransomware attack be dismissed. Practicefirst, an Amherst, New York-based medical management services provider, provides billing, credentialing, bookkeeping, coding, and compliance services to medical practices. On December 30, 2020,… Read More »

Phishing attacks allow threat actors to obtain credentials, but multi-factor authentication (MFA) makes it harder for phishing attacks to succeed. With MFA enabled, in addition to a username and password, another method of authentication is required before account access is granted. Microsoft has previously said multi-factor authentication blocks 99.9% of automated account compromise attacks; however,… Read More »

The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has released a report providing insights into the May 2021 Conti ransomware attack on the Health Service Executive (HSE) in Ireland, and advice for the healthcare and public health (HPH) sector to help prepare, respond, and recover from ransomware attacks. The report provides information on the vulnerabilities… Read More »

The Federal Bureau of Investigation (FBI) has released indicators of compromise (IoCs) and details of the tactics, techniques, and procedures (TTPs) associated with Lockbit 2.0 ransomware. Lockbit is a ransomware-as-a-service (RaaS) operation that has been active since September 2019. In the summer of 2021, a new version of the ransomware – Lockbit 2.0 – was… Read More »

Suncoast Skin Solutions, a network of 22 surgical, medical, and cosmetic dermatological care clinics in Florida, has recently started notifying 57,730 patients about a ransomware attack that was discovered on July 14, 2021. Suncoast said when the cyberattack was detected, prompt action was taken to prevent the encryption of all of its systems and a… Read More »

Taylor Regional Hospital in Campbellsville, KY has suffered a cyberattack that has resulted in its IT and phone systems being taken offline. The cyberattack was reported by the hospital on January 24, 2021, and the hospital is still experiencing outages with certain computer systems and phone lines. Temporary phone lines have been set up to… Read More »