Sergiu Gatlan reports: Malicious DICOM files can be crafted to contain both CT and MRI scan imaging data and potentially dangerous PE executables, a process which can be used by threat actors to hide malware inside seemingly harmless files. Cylera’s Markel Picado Ortiz achieved this by taking advantage of a DICOM format design flaw which…
Category: Commentaries and Analyses
Kaspersky: 70 percent of attacks now target Office vulnerabilities
Catalin Cimpanu reports: Microsoft Office products are today’s top target for hackers, according to attack and exploitation data gathered by Kaspersky Lab. In a presentation at its security conference –the Security Analyst Summit– the company said that around 70 percent of the attacks its products have detected in Q4 2018 are trying to abuse a…
Virobot Ransomware Is A Multi-Tasking Menace
If ransomware is a cybercriminal’s friend, the new ransomware called Virobot, is their best friend – ever. Discovered just last month, Virobot is a one-stop-shop malware that uses ransomware, keylogging, and botnets – a triple threat. Traditionally, ransomware attacks enter through opened phishing emails and clicked attachments. It then it freezes computers and encrypts their…
WA: RS Medical notifies patients because an attacker potentially had access to their information
On April 7, RS Medical disclosed an incident that had the potential to compromise patient information. A copy of the notification from the Vancouver, Washington entity, obtained by DataBreaches.net, indicates that the attacker may not have been particularly interested in patient information, though: The primary purpose of the breach, as determined by internal investigation, was…
MD Anderson Cancer Center Appeals $4.3 Million HIPAA Fine
Marianne Kolbasuk McGee reports: The University of Texas MD Anderson Cancer Center has filed a lawsuit arguing that a $4.3 million HIPAA penalty levied against it last year by the Department of Health and Human Services following three data breaches involving unencrypted devices was unlawful. In the complaint filed Tuesday in a Texas federal court,…
Patients at an Ohio rehab hospital were notified of breach. Was that breach part of a coordinated attack on Ernest Health hospitals?
Lauren Lindstrom reports: An undisclosed number of patients at the Rehabilitation Hospital of Northwest Ohio had their personal data compromised after “unauthorized access” to employee email accounts in October, hospital officials said. Patient data, including names, Social Security numbers, driver’s license information, dates of birth, and health insurance and patient care information, was contained in…