Today, CISA released the Mitigation Guide: Healthcare and Public Health (HPH) Sector as a supplemental companion to the HPH Cyber Risk Summary, published July 19, 2023. This guide provides defensive mitigation strategy recommendations and best practices to combat pervasive cyber threats affecting this critical infrastructure sector. It also identifies known vulnerabilities for organizations to assess their…
Category: Health Data
Alleged Extortioner of Psychotherapy Patients Faces Trial
Brian Krebs reports: Prosecutors in Finland this week commenced their criminal trial against Julius Kivimäki, a 26-year-old Finnish man charged with extorting a once popular and now-bankrupt online psychotherapy practice and thousands of its patients. In a 2,200-page report, Finnish authorities laid out how they connected the extortion spree to Kivimäki, a notorious hacker who was convicted…
CMS Notifies Additional Individuals Potentially Impacted by MOVEit Data Breach
As part of an ongoing investigation into the May 2023 data breach of Progress Software’s MOVEit Transfer software on the corporate network of Maximus Federal Services, Inc. (Maximus Federal Services), a contractor to the Medicare program, the Center for Medicare & Medicaid Services (CMS) has learned of additional individuals whose personally identifiable information (PII) may…
NoEscape gang adds two more medical entities to their leak site
The NoEscape ransomware gang claims to have attacked two more medical entities. The first one is Southeastern Orthopaedic Specialists, P.A. in North Carolina. According to the threat actors, the network was locked on October 25, and 3 GB of files were exfiltrated. From the expanded listing (not shown here), it also appears that Southeastern…
Cyber incident shuts down Otsego Memorial Hospital computers
Mardi Link reports: Munson Healthcare officials are investigating a cyber incident at Otsego Memorial Hospital in Gaylord, that in October prompted a shutdown of the hospital’s computer system. Munson Healthcare acquired Otsego Memorial in 2018 and a Munson spokesperson said the shutdown was limited to Gaylord only, and officials have no reason to believe patient…
New York Plans Cyber Rules for Hospitals
James Rundle reports: New York regulators Monday plan to issue cybersecurity regulations for hospitals, after a series of attacks crippled operations at medical facilities. Under draft rules reviewed by The Wall Street Journal, New York will require general hospitals to develop and test incident response plans, assess their cybersecurity risks and install security technologies such…