This week marked the spring equinox, so after a long winter (at least where I live), things are looking up! Except that purveyors of ransomware are not going away, especially when it comes to healthcare and medicine. In the past month, hospitals in Barcelona and Copenhagen have been attacked, and earlier this month, news broke that hundreds of U.S. Congress members and staff were the victims of a "significant data breach” through DC Health Link, the health insurance marketplace for Washington, D.C.
When it comes to healthcare targets, bad actors are having a real go of it, especially cybergangs like Clop and Doppelmeyer. According to the Health Sector Cybersecurity Coordination Center (HC3), warned in its most recent alert, that Clop has claimed responsibility for a mass cyber attack last month against more than 130 organizations – including some in the healthcare industry. Although, it should be noted there is not yet 100 percent proof of the group's claims.
Fortunately there are some bright spots, such as the international police effort where police raided the homes of alleged hackers from the Doppelmeyer gang – a group believed to have carried out a major attack against the UK’s National Health Service in 2017.
In non-healthcare news, earlier this week Ferrari SpA received a demand for ransom following a breach of their systems. Flashback to earlier in the month, the Biden administration unveiled a major new cybersecurity strategy. Plus, communications giant AT&T, reported a data breach impacting 9 million customers following a vendor hack, and noted cybersecurity researcher, Brian Krebs, recently took a gander at how many times communications giant T-Mobile was impacted by cyber attacks last year. The number was not small.
Read on to discover more about the headlines from the last few weeks....
Aching Heart for Leading Device Maker Zoll
Zoll Medical, an emergency medical device provider, has had to notify more than 1 million individuals - including employees, patients and former patients - of a hacking incident that compromised their personal information.
The Massachusetts-based company says the cybersecurity incident affects current and former users of the company's LifeVest device - a wearable cardioverter defibrillator worn by patients at high risk of sudden cardiac death.
Zoll Medical says the incident does not impact the operation or safety of the product or any other Zoll medical device or related software.
Hospital in Brussels Latest Victim in Spate of European Healthcare Cyberattacks
A university hospital in Brussels has become the latest institution targeted in a spate of cyberattacks against European hospitals.
Centre Hospitalier Universitaire (CHU) Saint-Pierre was impacted by hackers in the early hours on March 10. While staff were initially left working with paper records, the hospital managed to disconnect its servers and restart them, said Philippe Leroy, CEO of the CHU. While all of the institution’s IT applications were operational again, “for several hours, so as not to overload the hospital, [emergency dispatchers] diverted ambulances to other hospitals,” Leroy said.
Thousands of Appointments Canceled After Ransomware Hits Major Barcelona Hospital
A ransomware attack on the city of Barcelona’s main hospital forced thousands of appointments to be canceled.
The Hospital Clinic de Barcelona was attacked on March 4 with computers across the institutions’ numerous laboratories, clinics and emergency room shut down. Its website was unavailable on the following Monday. Officials said that 150 non-urgent operations were canceled that day, alongside up to 3,000 patient checkups, including radiotherapy visits, because staff can’t access patients’ clinical records, reported the El País newspaper.
Ferrari Says Ransomware Attack Exposed Customer Data
Italian sports car maker, Ferrari, has received a demand for ransom following a breach of their systems, which may have exposed customer contact details. An investigation has been launched, but there has been no evidence that financial information and details on owned or ordered cars have been compromised. Currently there has been no indication as to when the attack occurred, and it is not likely that Ferrari will pay the ransom.
AT&T Alerts 9 Million Customers of Data Breach After Vendor Hack
In early March, AT&T notified roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked earlier in the year.
"Customer Proprietary Network Information from some wireless accounts was exposed, such as the number of lines on an account or wireless rate plan," AT&T told BleepingComputer.
"The information did not contain credit card information, Social Security Numbers, account passwords or other sensitive personal information. We are notifying affected customers."
Biden Administration Unveils New Cybersecurity Plan
On March 3 ,the Biden Administration released its new National Cybersecurity Strategy to “secure the full benefits of a safe and secure digital ecosystem for all Americans.”
The plan calls for improved sharing of information between the government and private sector about cybersecurity threats, vulnerabilities and risks. It also discusses the importance of coordinating cybersecurity incident response across the federal government and enhancing regulations.
Biden's plan also calls out the need to expand the federal cybersecurity workforce and emphasizes the importance of protecting the country’s critical infrastructure and federal computer systems.
Brian Krebs: Hackers Claim They Breached T-Mobile More Than 100 Times in 2022
It’s not the first time T-Mobile has been featured in our monthly news round up (specifically it was last mentioned in January’s edition) but noted cybersecurity researcher, Brian Krebs, recently took a gander at how many times communications giant T-Mobile was impacted by cyber attacks last year. The number was not small.
In fact, it was three different cybercriminal groups who had claimed access to internal networks at T-Mobile in more than 100 separate incidents throughout 2022.
The conclusions are based on an extensive analysis of Telegram chat logs from three distinct cybercrime groups or actors that have been identified by security researchers as particularly active in and effective at “SIM-swapping,” the ability to temporarily control a phishing target’s mobile phone number.