The protected health information of 1,271,642 individuals has been exposed and potentially stolen in two healthcare hacking incidents that were recently been reported to the Department of Health and Human Services’ Office for Civil Rights. PHI of 688,000 Individuals Compromised in Sea Mar Community Health Centers Hack Sea Mar Community Health Centers is a nonprofit… Read More »

13 vulnerabilities have been identified in the Siemens Nucleus RTOS TCP/IP stack that could potentially be exploited remotely by threat actors to achieve arbitrary code execution, conduct a denial-of-service attack, and obtain sensitive information. The vulnerabilities, dubbed NUCLEUS:13, affect the TCP/IP stack and related FTP and TFTP services of the networking component (Nucleus NET) of… Read More »

Southern Ohio Medical Center (SOMC) Diverts in Portsmouth, OH, is recovering from a cyberattack that occurred on the morning of Thursday, November 18, 2021. The attack forced the hospital to go on diversion and direct ambulances to other healthcare facilities. The hospital also had to cancel some appointments and outpatient services. “This morning, an unauthorized… Read More »

The New Jersey Attorney General and has fined two printing firms $130,000 over alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) and the New Jersey Consumer Fraud Act (CFA) which contributed to a breach of the protected health information (PHI) of 55,715 New Jersey residents. Command Marketing Innovations, LLC (CMI) and Strategic… Read More »

The United States Department of Justice (DoJ) has unsealed indictments charging two individuals for their roles in multiple REvil/Sodinokibi ransomware attacks on organizations in the United States. Ukrainian national, Yaroslav Vasinskyi, 22, has been indicted on multiple charges related to the ransomware attacks, including the supply chain attack that saw Kaseya’s Virtual System/Server Administrator (VSA)… Read More »

Owing Mills, MD-based JEV Plastic Surgery & Medical Aesthetics has started notifying 1,620 patients about a security breach that has exposed some of their protected health information. Malware was detected which allowed an unauthorized individual to access systems that contained protected health information. A third-party forensic investigation determined the malware had been installed on April… Read More »

Columbia, MD-based Maxim Healthcare Group has started notifying 65,267 individuals about a historic breach of its email environment and the exposure of their protected health information. Maxim Healthcare Group, which includes Maxim Healthcare Services and Maxim Healthcare Staffing, said it identified suspicious activity in its email environment on or around December 4, 2020. Steps were… Read More »

The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has issued a threat brief for the healthcare industry warning about the use of the Cobalt Strike penetration testing tool by cyber threat actors. Cobalt Strike is a powerful red team tool used by penetration testers when conducting risk and vulnerability assessments, but it can also be… Read More »

Three medium severity vulnerabilities have been identified in Philips MRI products which, if exploited, could allow an unauthorized individual to run software, modify the device configuration, view and updates files, and export data, including protected health information, to an untrusted environment. Aguilar found insufficient access controls which fail to restrict access by unauthorized individuals (CVE-2021-3083),… Read More »

Ransomware attacks have recently been reported by Surecare Specialty Pharmacy, Victory Health Partners, Strategic Benefits Advisors, Blue Shield of California, and Blue Cross of California. PHI of 8,412 Patients Potentially Compromised in Surecare Specialty Pharmacy Ransomware Attack El Paso, TX-based Surecare Specialty Pharmacy has recently announced it was the victim of a sophisticated ransomware attack… Read More »