December 07, 2022 TLP:CLEAR Report: 202212071400 Executive Summary Royal is a human-operated ransomware that was first observed in 2022 and has increased in appearance. It has demanded ransoms up to millions of dollars. Since its appearance, HC3 is aware of attacks against the Healthcare and Public Healthcare (HPH) sector. Due to the historical nature of…
Category: Health Data
Lawsuits come, lawsuits go (settle), Friday edition
Three more recent announcements of lawsuit settlements involving healthcare entities. Two of the following involve ransomware and Massachusetts entities; the third is a phishing attack on an Arkansas entity. North Shore Pain Management and Resolve I.T. North Shore Pain Management has set aside $200,000 to settle a class action lawsuit that claimed the company and…
New Ransom Payment Schemes Target Executives, Telemedicine
Brian Krebs has an interesting write-up about some of the goings-on involving ransomware groups targeting the healthcare sector. Krebs cites Alex Holden of Hold Security, a Milwaukee-based cybersecurity firm. Holden’s team reportedly gained visibility into discussions among members of two different ransom groups: CLOP (a.k.a. “Cl0p” a.k.a. “TA505“), and a newer ransom group known as Venus. Readers…
Fr: Victim of a cyberattack, Trois Cantons ambulances in Peyrehorade alerts its patients
(Machine translation): The Trois Cantons ambulances in Peyrehorade have lost all their files and appointments for the next few weeks. “As if it had crashed”. Tuesday, December 6, around 5:30 p.m., the ambulances of the Three Cantons in Peyrehorade, in the south of the Landes, were the victims of a cyberattack with a ransom demand, indicates…
Medibank Shutting All Branches, Going Offline, In Security Overhaul
Nathan Jolly reports: Medibank will be closing all branches, IT centres, and going completely offline as it completely overhauls its online security. The country’s biggest health insurer will be completely offline from 8.30pm on Friday until Sunday, in a bid to “further strengthen our systems and enhance security protections” after one of the country’s worst…
Acuity Brand press release addresses two hacking incidents from 2020 and 2021
Today’s reminder that a lot of businesses have health plans for their employees. Acuity Brands in Georgia has issued a press release with the results of its investigations into two breaches that they report were unrelated. From their statement: The investigation determined that an unauthorized person obtained access to some of Acuity’s systems on December…