HC3 has published another guidance (TLP:WHITE) for the healthcare sector. In this one, they discuss how the same tools used to operate, maintain and secure healthcare systems and networks can also be turned against their own infrastructure. The paper includes: Cobalt Strike PowerShell Mimikatz Sysinternals Anydesk Brute Ratel Access the paper on HHS.
Category: Health Data
Saskatoon gynecology clinic hit with ransomware attack: report
Rory MacLean reports: A ransomware attack on a Saskatoon obstetrics and gynecology clinic left the personal health information of up to 20,000 patients in the hands of malicious hackers, according to the province’s privacy watchdog. In a report issued in September, Privacy Commissioner Ronald Kruzeniski said the attack targeting Saskatoon Obstetric and Gynecologic Consultants resulted…
Some Tufts community members’ health insurance information compromised in vaccine clinic data breach
Emily Thompson reports: Tufts announced in a Thursday evening email to the community that its vaccine clinic provider, Pelmeds, has experienced a data breach involving images of patients’ insurance cards. The number of Tufts community members affected by the breach is still unknown. Tufts has ended its contract with the company and postponed all previously…
WA: Columbia River Mental Health Services discloses long-running breach
Columbia River Mental Health Services in Vancouver, Washington has issued a press release about a breach that went undetected for approximately one year. From their press release: Columbia River Mental Health Services (“CRMHS”) recently became aware of suspicious activity related to certain CRMHS email accounts. CRMHS immediately launched an investigation, with the assistance of third-party…
Hospital That Disclosed Health Data to Foundation Wins Appeal
Christopher Brown reports: A hospital’s disclosure of patient health information to its charitable foundation didn’t violate the Minnesota Health Records Act, a state appellate court ruled. The MHRA permits disclosures of a patient’s health records without the patient’s consent when the disclosure is authorized in federal regulations, the Minnesota Court of Appeals said. Read more at…
HSE hack victims who had personal information stolen have not been told they were targets
Ferghal Blaney reports: Hacking victims who had their personal information stolen during the HSE ransomware attack last year have not been told they were targeted. It’s a legal requirement for the health authority’s IT management to inform them under GDPR rules. The HSE said in a statement that it was taking time to get through all of the…