So no sooner do I get done updating the Mercy Iowa City breach that involved a virus infection of their system, then I see that MedStar Health in Washington also suffered a breach due to virus infection. John Cox of Washington Post reported: A virus infected the computer system of MedStar Health on Monday, forcing…
Category: Malware
Ransomware hits Rockville restaurant and others
Stephanie Gailhard reports that Hard Times Café in Rockville, Maryland and 8 other businesses got hit with ransomware on Sunday. The ransom demand for the restaurant? $10,000 according to owner Bob Howard. But he says he’s not paying.
Mercy Iowa City and Mercy Clinic notify patients after alerted to malware by law enforcement (updated)
Update of March 28: This breach reportedly affected 15,000 patients. Public notice from Mercy Iowa City, dated March 25: Notice to our Patients Regarding a Privacy Incident Mercy Iowa City (“Mercy”) is committed to protecting the security and confidentiality of our patients’ information. Regrettably, this notice concerns an incident involving some of that information. On…
Security education outfit EC-Council dishes out ransomware online
First it was a hospital serving up ransomware to web site visitors. Now the website of the EC-Council, who are responsible for the Ethical Hacker certification, is reportedly serving up the Angler exploit kit to infect PCs. And as we heard with the Norfolk General Hospital, it seems to be difficult to notify them and get a response from the…
When do covered entities need to report ransomware incidents to HHS?
At the PHI Protection Network conference last week, we spent a lot of time discussing the increasing rate of ransomware attacks. I asked a number of people whether they thought that ransomware attacks that (merely) locked up the data with no evidence of exfiltration had to be reported to HHS. I got a variety of…
Ontario hospital website may have infected visitors with ransomware, security firm says
Emily Chung reports: The website of an Ontario hospital may have infected the computers of patients and staff with ransomware planted on the site during a hack attack, the internet security company Malwarebytes warns. Norfolk General Hospital, located in Simcoe, Ont., confirms its website was hacked by cybercriminals, but denies that visitors were ever at risk. […] Jérôme Segura, a senior security researcher with Malwarebytes, reported in a blog…