Analecta Cyber Company Blog: April 2016


Hospital hacks expose security weaknesses

After several hospitals were targeted in the US, specifically in California, Kentucky, and Maryland, it seems that hospitals everywhere are facing a new form of cyber attack known as the crypto-ransomware. This new approach has been executed by hackers as an alternative to their usual way of stealing patient data. This type of attack locks down computer systems in hospital networks and demands bitcoins as a form of ransom. Once they pay the ransom, hackers are supposed to unlock the computers compromised during the attack. The ransom will also give the hospital employees access to their own computers.


Healthcare Data Security and Hackers

Nowadays, attackers are becoming more and more capable of gaining access to numerous computer networks. The trend of digitizing patient information helped the medical industry to hasten processes, especially in treatment. They've also facilitated a more efficient and more effective ways of preventing diseases.


Desert Valley Hospital hit with ransomware attack

Towards the end of the first quarter of 2016, Desert Valley Hospital in Victorville became the latest addition to the list of victims of hacking software. Hospital officials immediately pointed out that no patient or employee information had been compromised.

According to Desert Valley Hospital's spokesman, malware was discovered on their computer network and was directly reported to authorities. He added that the malware disrupted the hospital’s servers. Fortunately, the malware disturbance was properly addressed in time and was already controlled to prevent infecting other computers in their network.


Why your medical information is gold for hackers

It is known in the security industry that personal health information (PHI) has been the target of numerous cybercrimes. It has been the aim of hackers to access and gather this type of information more often in the last couple of years. The main reason behind this is that the information’s value has kept increasing on the black market.


Phishing Attack Hit Metropolitan Jewish Health System

Phishing attacks on medical facilities remain a big threat, especially attempts to access private health information and medical data. A common type of attack uses email to trick healthcare employees into opening infected attachment files. The attackers could also deceive hospital staff  into clicking on links that direct them to malicious websites that download malware, all in an attempt to access sensitive information such as login credential.


Breach of JASACare email system impacts 1,154 patients

The company recently reported to authorities that it was attacked by cybercriminals. The attackers were able to infiltrate the JASACare network and gain access to its email system. During the initial investigation, it was alleged that the hackers' ultimate goal was to access corporate accounts and steal money through fraudulent bank transfers. But as a result of the breach in one of the employee’s email account, sensitive information about patients and employees also may have been accessed.

Most Healthcare Breaches Are Hacks

Healthcare breaches were dominated by hacking in 2015, according to a cloud access security study.
In fact, hacking accounted for 98% of data breaches over the course of the whole year. Furthermore, the report indicates an estimated 1 in every 3 Americans had their personal data compromised just in the previous year.


1,400 Vulnerabilities Found in Popular Drug Cabinet System

The Department of Homeland Security issued an advisory indicating the detection of over 1,400 vulnerabilities inside a popular drug cabinet system. According to the report, most of these vulnerabilities could be remotely exploited with the use of publicly available exploits. What's amusing about the discovery is that a hacker could take advantage of these exploits regardless of his skill level.


Data-capturing virus discovered by Mercy Hospital in Iowa City

Mercy Hospital is a private non-profit Roman Catholic hospital located in Iowa City, Iowa. It is one of only three hospitals in the city, thus serves a major part of the city's population.


Risk Management Survey

In April, Analecta Cyber will be conducting a telephone survey with the local healthcare industry. Analecta, a Maryland small business specializing in cyber security services, wants to better understand how small and medium-sized healthcare practices integrate cyber risk management into their existing HIPAA risk management plans.


Kentucky’s Methodist Hospital latest to face ransomware

Methodist Hospital in western Kentucky is considered to be an average-sized medical institution. A couple of weeks ago, hackers targeted the hospital and infected computers with what seemed to be a version of ransomware.


Compromised email account exposed patient information from Brigham and Women’s and Brigham and Women’s Faulkner Hospitals

Almost a year ago, a phishing incident happened in Brigham and Women’s as well as Brigham and Women’s Faulkner Hospitals. According to reports, it happened in April 2015.Now they are reporting yet another incident. This time it involves and email account of their own employee. Details of how the hacking scheme was executed have not been disclosed. But as a precautionary measure, the hospitals began notifying affected individuals by mailing letters to them. And according to the new report to the Department of Health and Human Services, 1,009 patients were potentially affected.


Virus hits MedStar Health hospital network; denies data theft

MedStar Health is a non-profit healthcare organization that operates 10 hospitals spread across the Washington, DC and Baltimore area. It operates more than 100 outpatient health facilities, hundreds of thousands of patients annually, with more than 31,000 hospital staff, according to its website.


York Hospital reports data breach affecting its employees

York Hospital reported to the FBI an incident involving a breach with hundreds of its employees' personal information. Cyber criminals gain access to its hospital comprised of four campuses in York County and they have gathered data including the Social Security numbers of employees.