Below: The justice system has been busy with the latest data breach, and federal agencies are investigating the midterm election threat landscape. But first:
IT Security Incident Hits ‘Large’ Hospital Chain, High Risk Sector
The U.S.’s second-largest nonprofit hospital chain is dealing with a cybersecurity incident that affected facilities across the country this week, forcing ambulances to be diverted, systems to be shut down and patient appointments to be rescheduled. .
CommonSpirit Health has yet to provide details on what happened. According to the chain, there are 140 hospitals in 21 states and he has more than 1,000 care facilities. Facilities in Iowa, Nebraska, Tennessee and Washington were in perpetual turmoil.
One expert called the incident extraordinary for the United States.Cybersecurity risks in the healthcare sector could represent a potential threat to life.
- “This range is probably unprecedented in the healthcare sector.” Brett Callow, a threat analyst at cybersecurity firm Emsisoft told me. CommonSpirit is “absolutely massive,” he said.
CommonSpirit Health released a statement about the incident on Tuesday, went public Monday, and began to receive widespread attention Wednesday.
- “CommonSpirit Health is managing an IT security issue impacting some of our facilities. I have taken it offline,” the original online statement read. “Our facility follows existing protocols for system shutdowns and is taking steps to minimize disruption.”
Revised statement Wednesday left out some of those details.
Chain declined to comment further, but showed signs of a ransomware attack.meanwhile, the hackers encrypt the victim’s system and demand payment to unlock it. Security researcher tweeted Kevin BeaumontHead of Security Operations at Arcadia Group (“IR” stands for “Incident Response”):
Some Ransomware Gangs Abandon Attacks on Hospitals But Callow said ransomware affiliates have shown no such restraint despite using their malware in exchange for profit sharing.
CommonSpirit Health incident impacts include:
- In addition to taking some IT systems and records offline, CommonSpirit Health said it has “rescheduled some patient appointments.”
- The De Moines Register is operated by MercyOne De Moines Medical Center. Diverted the ambulance “for a short time”.
- Multiple CHI Health Facilities in Omaha affectedreported by the Omaha World-Herald.
- CHI Memorial Hospital, Chattanooga, Tennessee Reported issue According to Chattanoogan, it’s the same as the CommonSpirit Health statement.
- St. Michael Medical Center, Washington Delays in important procedures — including a CT scan to check for cerebral hemorrhage — the patient and family told the Kitsap Sun. Elsewhere in the state, the medical worker said The Tacoma News Tribune said, “The disruption severely affected normal functions such as charting, reporting test results, collecting history, and capturing allergy information.”
“Typically, this kind of …attack is occurring in different types of organizations in different critical infrastructure sectors.” Errol WeissChief Security Officer of the Center for Health Information Sharing and Analysis.“But when they hit hospitals and impacted patient care, they created newsworthy events within the community and impacted people’s lives.” It has the potential to give and people will pay attention.”
There have been several reports of cyberattacks on hospitals costing lives.
- lawsuit filed by a woman last year claimed that a 9-month-old child died in a ransomware attack on an Alabama hospital because its equipment was not working.
- In 2020, a German hospital discharged from a ransomware attack discharged a patient who later died. Prosecutors considered filing charges against the hackers, but ultimately concluded that it was not the determining factor.
In perhaps the largest hospital cyber incident outside the United States, Massive WannaCry Ransomware Attack Affects 150 Countries sabotaged the British healthcare systemThe 2017 incident disrupted 80 hospitals, canceled 19,000 appointments, and cost more than $100 million.
According to Weiss, when a major incident impacting the healthcare sector typically occurs, his organization springs into action.
“We have a great network of healthcare organizations that are willing to share information such as indications of compromise and TTPs[tactics, techniques, procedures]from this kind of attack,” he said. “The whole idea is to learn from other organizations what’s going on and use that information so we can better protect that information or see if we’re susceptible to that attack. That’s it.”
The American Hospital Association’s national advisor on cybersecurity and risk was hesitant to comment on CommonSpirit Health, but said it’s important for hospitals to have a plan for when an attack occurs.
“Generally speaking, if a member becomes the victim of a cyberattack that disrupts hospital functions or clinical care, my advice to members is: Lack of access to electronic medical records and other medical care. Downtime procedures should be in place to compensate for “technologies that may become unavailable” John Riggi told me
Otherwise, the health care sector needs help from law enforcement to track down and punish culprits. Riggi said the government at large and the FBI have made concrete commitments to do so.
Former Uber security chief convicted in 2016 data breach
A federal jury on Wednesday found Uber’s former chief security officer, Joe Sullivanguilty of obstructing justice and actively concealing a felony after allowing payment to hackers behind a 2016 ride-sharing service breach.
“The verdict ends a dramatic case that pitted Sullivan, a prominent security expert who was an early cybercrime prosecutor for the U.S. Attorney’s Office in San Francisco, against his former government office. Between hacker prosecutions and prosecutions, Sullivan served as chief security officer at Facebook, Uber, and Cloudflare.” The Post’s Joseph Meng reports.
It also came as a surprise to many security professionals. The judge did not set a date for Sullivan’s sentencing.
No Jail for Seattle Hackers Behind Historic Capital One Data Breach
Former tech worker in Seattle convicted on multiple charges Caused by massive attack on Capital One bank and over 30 other companies executed on wednesday 5 years imprisonment, up to 5 years probation Seattle Timesreports Renata Gerard of
Paige Thompsonused “shaky” handles online, downloaded personal data from over 100 million Capital One users in July 2019, resulting in over $250 million in damages was arrested in She remained imprisoned until November of that year.
U.S. District Court Judge at Sentencing Hearing Robert Rasnik said extra time in jail would be particularly difficult for Thompson due to her mental health issues and transgender status being well documented.
US attorney Nick Brown He said he was “extremely disappointed” by the court’s decision, and his office ordered the court to serve a seven-year sentence against the former Amazon software engineer behind one of the biggest data breaches in U.S. history. He added that he asked, “This is not the figure of justice.” Brown said in a statement.
Thompson previously claimed he never misused the data it obtained.Rather, he was trying to collect a bounty by discovering vulnerabilities in the systems of the companies he hacked. 2020, Capital One agreed to pay $80 million to settle federal banking regulators’ claims that they lacked the necessary security measures to protect customer information.The company later reached $190 million Settlements with Affected Customers.
CEO of election software firm arrested
the authorities arrested Eugene YuFounder of Michigan election software company Konnech, accused of stealing the personal information of hundreds of Los Angeles County poll workers, of Associated Press report.
Prosecutors allege that Konnech stored data on servers in China in violation of requirements to retain information collected under contracts in the United States. The company has denied the allegations.
“We continue to ascertain the details of what we believe to be the wrongful detention of Mr. Yu by Los Angeles County officials,” Conek said in a statement. “The data Konnech may have had on his LA County polling place workers was provided by LA County and could not have been ‘stolen’ as suggested. . ”
Election opponents who surrounded the company rejoicedbut prosecutors said Yu’s actions had no effect on the election results.
Officials ‘believe’ US voting system can thwart malicious cyberattacks
With less than a month until the midterm elections, the FBI and cybersecurity and infrastructure security agencies confident in every attempt manipulate the votes Identified and stopped before large-scale disruption occurs.
“Given the extensive protection and decentralized nature of election infrastructure, the FBI and CISA continue to assess that attempts to manipulate votes at scale would be difficult to carry out undetected. ” The agency said in a joint announcement Wednesday.
agency added itAs far as they know, there has never been a successful hack of a US election that prevented anyone from voting or compromised the integrity of the vote.
While the agency has expressed confidence that the US voting system is safe and secure,a senior government official warned earlier this week that it was and still is. concerted effort American suspicions of the electoral system itself can be seized by foreign adversaries such as China, Russia, and Iran. “In particular, we are concerned that malicious cyber attackers may spread or amplify false or exaggerated claims of compromise to election infrastructure,” he said, according to an FBI official. said in a briefing. voice of americaI’m Jeff Seldin.
- FS-ISAC hold FinCyber Today Summit October 10-12 in Scottsdale, Arizona.
thank you for reading. see you next week.