November 9, 2022 TLP: Clear Report: 202211091400 Executive Summary HC3 is aware of at least one healthcare entity in the United States falling victim to Venus ransomware recently. The threat actors behind Venus ransomware operations are known to target publicly exposed Remote Desktop Services to encrypt Windows devices. This report provides additional information, indicators of…
Category: Health Data
Manitoba’s healthcare privacy breach numbers ‘truly alarming’
Katrina Clarke reports: Manitoba hospital workers have breached patients’ privacy more than 1,000 times in the last three years — but how many were disciplined and what consequences they faced is unclear. It’s an issue one ethicist calls “alarming,” saying the public deserves to know more about workers snooping into sensitive files. Data obtained by…
Were hospital attacks in Osaka linked to a supply chain attack on lunch service by “Phobos?”
Asahi Shimbun reports (machine translation): The social medical corporation “Seichoukai” (Naka Ward, Sakai City), which operates general hospitals in Osaka Prefecture, announced on the 7th that it had been damaged by a cyber attack caused by ransomware. School lunch delivery services that deliver meals to affiliated hospitals are said to be affected. This school lunch…
Hackers release Australian health insurer’s customer data
While those of us who report on ransomware groups may not be sure whether to refer to the group responsible for a ransomware attack on Medibank as “REvil” or “BlogExx,” the more important story is that the hackers did start leaking data stolen from Medibank. The data, published on the dark web, included screencaps from…
Breached AU health insurer won’t pay ransom to protect customers, warns of more attacks
Simon Sharwood reports: Australian health insurer Medibank – which spent October discovering a security incident was worse than it first thought – has announced it will not pay a ransom to attackers that made off with personal info describing nearly ten million customers. “Based on the extensive advice we have received from cyber crime experts we believe…
International Red Cross proposes digital red cross/crescent emblem to signal protection in cyberspace
From the IRC: Geneva (ICRC) – The International Committee of the Red Cross (ICRC) is seeking the support of states around the world to create a ‘digital red cross/crescent emblem’ that could make it clear to militaries and other hackers that they have entered the computer systems of medical facilities or Red Cross offices. The…