Jessica Davis reports: Ninety percent of 10 largest healthcare data breaches reported this year were caused by third-party vendors, much like in 2021. The fallout for many of these cyberattacks resulted in impacts for multiple connected providers, with two of these vendor incidents affecting hundreds of providers. These incidents should serve as a warning to…
Category: Health Data
Cost of HSE cyberattack by Conti rises to €80m, letter shows
Jennifer Bray reports: The cost of the cyberattack on the Health Service Executive has risen to €80 million, according to new information. In a letter to Aontú leader Peadar Tóibín last Friday, HSE chief information officer Fran Thompson said that the costs came to more than €42 million in 2021 and to nearly €39 million…
Ca: Data breach of Ontario’s vaccine booking system affects hundreds of thousands, province says
CBC News reports: Hundreds of thousands of Ontarians’ information may have been compromised in a data breach of the province’s vaccine management system. In a statement Friday, the Ministry of Public and Business Service Delivery said two people were charged in connection with a November 2021 breach of the COVAXX system. […] Beginning Friday, some 360,000…
HC3: Analyst Note: Royal Ransomware
December 07, 2022 TLP:CLEAR Report: 202212071400 Executive Summary Royal is a human-operated ransomware that was first observed in 2022 and has increased in appearance. It has demanded ransoms up to millions of dollars. Since its appearance, HC3 is aware of attacks against the Healthcare and Public Healthcare (HPH) sector. Due to the historical nature of…
Lawsuits come, lawsuits go (settle), Friday edition
Three more recent announcements of lawsuit settlements involving healthcare entities. Two of the following involve ransomware and Massachusetts entities; the third is a phishing attack on an Arkansas entity. North Shore Pain Management and Resolve I.T. North Shore Pain Management has set aside $200,000 to settle a class action lawsuit that claimed the company and…
New Ransom Payment Schemes Target Executives, Telemedicine
Brian Krebs has an interesting write-up about some of the goings-on involving ransomware groups targeting the healthcare sector. Krebs cites Alex Holden of Hold Security, a Milwaukee-based cybersecurity firm. Holden’s team reportedly gained visibility into discussions among members of two different ransom groups: CLOP (a.k.a. “Cl0p” a.k.a. “TA505“), and a newer ransom group known as Venus. Readers…