Guru Baran@Cyber Security News
//
The New York Blood Center Enterprises (NYBC), a major provider of blood and blood products, has been targeted by a ransomware attack, severely impacting its IT systems. The incident, which was detected on Sunday, January 26th, forced NYBC to take systems offline as a precautionary measure to contain the threat. Cybersecurity experts were immediately engaged and an investigation was launched in conjunction with law enforcement. While the organization is working to restore services, it has noted that operations will be affected and that it is deploying workaround solutions to minimize the disruption. The attack has raised concerns about potential impacts on critical blood donation and distribution services across the region.
NYBC has emphasized that it remains focused on the health of the communities it serves and is taking all possible steps to restore its IT infrastructure. The organization is working with hospital partners to maintain services, while also expressing gratitude for support from the healthcare community during this time. There is currently no indication whether or not sensitive patient or donor data has been compromised, nor has any information on ransom demands been provided. The attack underscores the increasing vulnerability of healthcare entities to cyberattacks and the potential risks associated with these kinds of malicious activities.
Recommended read:
References :
- Cyber Security News: News about the ransomware attack on the New York Blood Center.
- gbhackers.com: New York Blood Center Targeted by Ransomware, IT Operations Impacted
- Security Boulevard: Ransomware Scum — Out For Blood: NYBCe is Latest Victim
- gbhackers.com: New York Blood Center Targeted by Ransomware, IT Operations Impacted
- securityboulevard.com: Security Boulevard reports on the NYBC ransomware attack and its impact.
- gbhackers.com: Tata Technologies, a leading provider of engineering and IT services, has reported a ransomware attack on its IT infrastructure.
- www.cybersecurity-insiders.com: Tata Technologies, a multinational business that is into the sector of Technology engineering from India has released a press statement that whole of its IT services were suspended as a precautionary measure to mitigate cyber risks associated with the attack.
- bsky.app: The New York Blood Center (NYBC), one of the world's largest independent blood collection and distribution organizations, says a Sunday ransomware attack forced it to reschedule some appointments.
- BleepingComputer:
The New York Blood Center (NYBC), one of the world's largest independent blood collection and distribution organizations, says a Sunday ransomware attack forced it to reschedule some appointments.
- securityaffairs.com: Security Affairs article on the ransomware attack against the New York Blood Center.
- Pyrzout :vm:: Another article covering the NYBC ransomware incident.
- ciso2ciso.com: A ransomware attack forced New York Blood Center to reschedule appointments – Source: securityaffairs.com
- www.scworld.com: New York Blood Center Enterprises, one of the leading independent blood centers across the U.S., had its blood drives and donation center activities deferred following a ransomware attack.
Dissent@DataBreaches.Net
//
ConnectOnCall, a healthcare communication platform, has confirmed a significant data breach affecting over 900,000 individuals. The breach, which occurred in May 2024, compromised sensitive personal and health information of patients and healthcare providers who used the platform. This exposed data includes names, phone numbers, dates of birth, medical record numbers, and details related to health conditions, treatments, and prescriptions. In a limited number of cases, Social Security Numbers were also impacted. The breach involved unauthorized access to the platform between February and May and has prompted an immediate investigation.
ConnectOnCall took the platform offline to secure its systems and has engaged external cybersecurity experts to investigate the incident. Law enforcement has also been notified. The company has begun notifying affected individuals via mail and is offering complimentary identity and credit monitoring services for those whose Social Security Numbers were compromised. ConnectOnCall is urging all users to monitor their personal information and report any suspicious activity, while also working to restore the platform in a more secure environment. The company stated they are unaware of any misuse of the exposed data.
Recommended read:
References :
- gbhackers.com: ConnectOnCall Data Breach, 900,000 Customers Data Exposed
- BleepingComputer: Healthcare software as a service (SaaS) company Phreesia is notifying over 910,000 people that their personal and health data was exposed in a May breach of its subsidiary ConnectOnCall.
- securityaffairs.com: ConnectOnCall data breach impacted over 900,000 individuals
- techcrunch.com: Called your doctor after-hours? ConnectOnCall hackers may have stolen your medical data
- www.bleepingcomputer.com: ConnectOnCall breach exposes health data of over 910,000 patients
- DataBreaches.Net: ConnectOnCall breach exposes health data of over 910,000 patients
- malware.news: ConnectOnCall breach exposes health data of over 910,000 patients
Dissent@DataBreaches.Net
//
UnitedHealth Group has confirmed that a ransomware attack on its subsidiary, Change Healthcare, in February 2024 has impacted approximately 190 million Americans, nearly doubling the initial estimate of 100 million. This makes it the largest healthcare data breach in US history, far surpassing the 2015 Anthem Inc. breach which exposed 78.8 million records. The incident underscores the severe cybersecurity vulnerabilities within the healthcare sector, highlighting the immense risks associated with large healthcare organizations. Change Healthcare, a major player in healthcare technology, processes around 40% of all medical claims annually and handles a vast amount of sensitive patient and medical information.
The breach, attributed to the ALPHV, also known as Black Cat ransomware group, stemmed from compromised credentials on Citrix remote-access software due to a lack of multi-factor authentication. Sensitive data including names, addresses, dates of birth, Social Security numbers, driver’s license numbers, and medical records such as health insurance details, patient diagnoses, test results, and treatment information was stolen. The company reportedly paid $22 million in ransom to prevent further data leaks. While UnitedHealth states they have not found evidence of misuse, the scale of the breach and the sensitive nature of the compromised data remains concerning, especially with the attack resulting in 6TB of exfiltrated data.
Recommended read:
References :
- ciso2ciso.com: UnitedHealth Group’s Massive Data Breach Impacts 190 Million Americans – Source:hackread.com
- techcrunch.com: UnitedHealth says the ransomware attack on its Change Healthcare unit in February 2024 affected ~190M people, nearly double its previous estimate of 100M (Zack Whittaker/TechCrunch)
- Techmeme: UnitedHealth says the ransomware attack on its Change Healthcare unit in February 2024 affected ~190M people, nearly double its previous estimate of 100M (Zack Whittaker/TechCrunch)
- ciso2ciso.com: UnitedHealth Group’s Massive Data Breach Impacts 190 Million Americans
- jbz: â ¢ has confirmed the attack on its Change Healthcare unit last February affected around 190 million people in America — nearly double previous estimates ï £
- hackread.com: UnitedHealth Group has confirmed that a ransomware attack targeted its subsidiary, Change Healthcare, in February 2024, impacting 190 million Americans
- www.techmeme.com: TechCrunch article reporting on UnitedHealth’s confirmation that the ransomware attack affected 190 million people.
- securityonline.info: UnitedHealth Group has confirmed a ransomware attack on its subsidiary, Change Healthcare, in February 2024, impacting approximately 190 million Americans.
- Pyrzout :vm:: Change Healthcare data breach exposed the private data of over half the U.S. – Source: securityaffairs.com
- TechSpot: UnitedHealth updates data breach impact to 190 million people, nearly doubling previous estimate
- securityaffairs.com: Change Healthcare data breach exposed the private data of over half the U.S.
- DataBreaches.Net: UnitedHealth estimates 190M people impacted by Change Healthcare cyberattack
- Zack Whittaker: UnitedHealth has confirmed the ransomware attack and data breach on its Change Healthcare subsidiary in February 2024 now affects around 190 million people — almost double the previous estimate.
- ciso2ciso.com: Change Healthcare data breach exposed the private data of over half the U.S.
- www.bleepingcomputer.com: UnitedHealth has revealed that 190 million Americans had their personal and healthcare data stolen in the Change Healthcare ransomware attack, nearly doubling the previously disclosed figure.
- bsky.app: UnitedHealth has revealed that 190 million Americans had their personal and healthcare data stolen in the Change Healthcare ransomware attack, nearly doubling the previously disclosed figure.
- ciso2ciso.com: Change Healthcare Breach Impact Doubles to 190M People
- BleepingComputer: UnitedHealth has revealed that 190 million Americans had their personal and healthcare data stolen in the Change Healthcare ransomware attack, nearly doubling the previously disclosed figure.
- ciso2ciso.com: New evidence suggests that more than half of the US population was touched by the ransomware attack(s) against UnitedHealth subsidiary Change Healthcare.
Amar Ćemanović@CyberInsider
//
A new ransomware strain called NailaoLocker has been identified targeting European healthcare organizations between June and October 2024. The ransomware is delivered through ShadowPad and PlugX backdoors, after attackers exploit vulnerabilities in VPNs to gain access to targeted networks. These backdoors have been linked to Chinese state-sponsored threat groups, raising concerns about the origin and sophistication of the attacks.
Orange Cyberdefense CERT investigated incidents and observed the threat actor leveraging both ShadowPad and PlugX. The campaign, tracked as Green Nailao, impacted several European organizations, including those in the healthcare sector. While Orange Cyberdefense doesn't attribute this campaign to a known threat group, they assess with medium confidence that the threat actors align with typical Chinese intrusion sets, noting somewhat similar TTPs and payloads publicly mentioned by other DFIR teams.
Recommended read:
References :
- CyberInsider: NailaoLocker Ransomware Uses VPN Flaw to Attack Healthcare Orgs
- DataBreaches.Net: Meet NailaoLocker: a ransomware distributed in Europe by ShadowPad and PlugX backdoors
- securityaffairs.com: NailaoLocker ransomware targets EU healthcare-related entities
- www.bleepingcomputer.com: A previously undocumented ransomware payload named NailaoLocker has been spotted in attacks
targeting European healthcare organizations between June and October 2024.
- cyberinsider.com: NailaoLocker Ransomware Uses VPN Flaw to Attack Healthcare Orgs
- The Hacker News: China-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware
- Virus Bulletin: Meet NailaoLocker, a ransomware distributed in Europe by ShadowPad & PlugX backdoors
- Check Point Blog: Patch Now: Check Point Research Explains Shadow Pad, NailaoLocker, and its Protection
- Talkback Resources: European healthcare organizations targeted by Green Nailao campaign using PlugX, ShadowPad, and NailaoLocker ransomware, exploiting Check Point security flaw for initial access and employing various tactics for malware deployment and data exfiltration, attributed to Chinese-aligned threat actor for potential financial gain.
- blog.checkpoint.com: Check Point Research Explains Shadow Pad, NailaoLocker, and its Protection
A newly identified threat activity cluster leveraged the already-patched Check Point vulnerability CVE-2024-24919 (fixed in May 2024) to deploy ShadowPad. Reports indicate that, in a small number of cases, this initial infection also resulted in the deployment of NailaoLocker ransomware.
- Talkback Resources: Orange Cyberdefense CERT investigated the Green Nailao threat cluster targeting European healthcare organizations using DLL search-order hijacking to deploy ShadowPad and PlugX implants, with observed ransomware deployment and initial access gained through CVE-2024-24919 exploitation on Check Point Security Gateways, indicating potential Chinese intrusion set involvement.
- industrialcyber.co: Green Nailao cyber threat targets European healthcare with advanced tactics, undocumented ransomware
- Industrial Cyber: Industrial Cyber report on Green Nailao cyber threat
- Talkback Resources: Orange Cyberdefense CERT investigated the Green Nailao threat cluster targeting European healthcare organizations using DLL search-order hijacking to deploy ShadowPad and PlugX implants, with observed ransomware deployment and initial access gained through CVE-2024-24919 exploitation on Check Point Security Gateways, indicating potential Chinese intrusion set involvement.
Dissent@DataBreaches.Net
//
Major Australian IVF provider Genea has confirmed a cybersecurity incident where an unauthorized third party accessed its data. The company detected suspicious activity on its network and promptly shut down some systems and servers to investigate the extent of the breach. Genea is working to determine what specific data was compromised and is taking steps to secure its systems. The incident disrupted patient services, including phone lines, the Genea app, and email communications, causing frustration for patients who rely on the clinic's data processing systems for critical blood test data related to their IVF treatment cycles.
This cyber incident has raised concerns about the security of patient data at healthcare providers. Genea has stated that it is "urgently investigating" the incident and will contact any individuals whose personal data has been compromised. The clinic is also working to restore systems and minimize disruptions to services, assuring patients that their privacy and data security are taken very seriously. Genea has multiple clinics across Australia and is working to ensure minimal disruption to patient services.
Recommended read:
References :
- Carly Page: Australian IVF giant Genea has disclosed a cybersecurity incident that disrupted patient services and led to the access of potentially sensitive information
- ciso2ciso.com: Australian IVF Clinic Suffers Data Breach Following Cyber Incident – Source: www.infosecurity-magazine.com
- www.cybersecurity-insiders.com: Genea Australia data breach and Black Basta Ransomware gang data leak Genea IVF Australia, a leading fertility service provider and one of the three largest in the country, has confirmed that it has fallen victim to a significant cyberattack, resulting in a data breach.
- DataBreaches.Net: Major Australian IVF provider Genea suffers ‘cyber incident’
- techcrunch.com: Australian IVF giant Genea has disclosed a cybersecurity incident that disrupted patient services and led to the access of potentially sensitive information
- kirbyidau.com: Incident: Australian IVF provider Genea in cyber incident | iTnews
- www.scworld.com: Cyberattack compromises leading Australian IVF provider's data
- kirbyidau.com: Kirbyidau - Australian IVF provider Genea in cyber incident | iTnews
- Carly Page: Australian IVF provider Genea confirms hackers have leaked sensitive patient data after Termite listed the firm on its dark web site. A court order prohibiting publication of the stolen data reveals that hackers breached Genea's network on January 31 to steal more than 900GB of information
- The420.in: Termite Ransomware Gang Breaches Australian IVF Giant Genea
- bsky.app: The Termite ransomware gang has claimed responsibility for breaching and stealing sensitive healthcare data belonging to Genea patients, one of Australia's largest fertility services providers.
- thecyberexpress.com: Cyberattack on Australia’s Genea: Stolen Patient Data Hits the Dark Web
Swagta Nath@The420.in
//
Australian IVF provider Genea has confirmed a significant cyberattack, with the Termite ransomware gang claiming responsibility for breaching their systems and stealing sensitive patient data. The hackers reportedly accessed Genea's network on January 31st and exfiltrated over 900GB of information. This breach has led to the leaking of patient data on the dark web, raising serious concerns about privacy and the potential misuse of personal health information.
A court order is in place prohibiting the publication of the stolen data, indicating the sensitive nature of the compromised information. The Termite ransomware gang, identified as the perpetrators, are now confirmed to have stolen 700GB of data.
Recommended read:
References :
- Carly Page: Australian IVF provider Genea confirms hackers have leaked sensitive patient data after Termite listed the firm on its dark web site. A court order prohibiting publication of the stolen data reveals that hackers breached Genea's network on January 31 to steal more than 900GB of information
- thecyberexpress.com: Termite ransomware group has allegedly leaked sensitive patient data following the Genea cyberattack, targeting one of Australia’s leading fertility providers.
- The420.in: The Termite ransomware gang has taken responsibility for breaching Genea, one of Australia’s largest fertility service providers, and stealing sensitive patient data.
- bsky.app:
​The Termite ransomware gang has claimed responsibility for breaching and stealing sensitive healthcare data belonging to Genea patients,
one of Australia's largest fertility services providers.
- bsky.app: BleepingComputer article on Genea Breach by Termite Ransomware Gang
- www.cysecurity.news: Australian IVF Giant Genea Suffers Data Breach Following Cyber Incident
- thecyberexpress.com: Article describing the ransomware attack on Genea IVF clinic and the subsequent data leak.
- www.cysecurity.news: Genea Cyberattack: Termite Ransomware Leaks Sensitive Patient Data
@techcrunch.com
//
UK healthcare giant HCRG Care Group, previously known as Virgin Care, is currently investigating an IT security incident after the Medusa ransomware gang claimed responsibility for breaching the company's systems. The attackers allege to have stolen troves of sensitive data, totaling 2.275 TB, and are demanding $2 million (£1.6 million) in ransom. HCRG, which runs child and family health and social services across the UK for the NHS and local authorities, is working with external forensic specialists to investigate the incident.
HCRG has stated that its services are continuing to operate safely, and patients should keep their scheduled appointments. The Medusa crew is threatening to leak the stolen information online if the ransom isn't paid by February 27th. Samples of the allegedly stolen data, which include employees’ personal information, sensitive medical records, financial records, and government identification documents, have been shared by Medusa. HCRG has notified the U.K.’s Information Commissioner’s Office and other relevant regulators about the breach.
Recommended read:
References :
- DataBreaches.Net: HCRG Care Group, a private health and social services provider, has seemingly fallen victim to the Medusa ransomware gang, which is threatening to leak what’s claimed to be stolen internal records unless a substantial ransom is paid.
- The Register: Medusa ransomware gang demands $2M from UK private health services provider 2.3 TB held to ransom as biz formerly known as Virgin Care tells us it's probing IT 'security incident' Exclusive HCRG Care Group, a private health and social services provider, has seemingly fallen victim to the Medusa ransomware gang, which is threatening to leak what's claimed to be stolen internal records unless…
- The Register - Security: HCRG Care Group, a private health and social services provider, has seemingly fallen victim to the Medusa ransomware gang, which is threatening to leak what's claimed to be stolen internal records unless a substantial ransom is paid.
- Carly Page: UK healthcare giant HCRG Care Group has confirmed it’s investigating an IT security incident after the Medusa ransomware gang claimed to have breached the company's systems to steal troves of sensitive data
- techcrunch.com: HCRG Care Group, a private health and social services provider, has seemingly fallen victim to the Medusa ransomware gang, which is threatening to leak what’s claimed to be stolen internal records unless a substantial ransom is paid.
- go.theregister.com: 2.3 TB held to ransom as biz formerly known as Virgin Care tells us it's probing IT 'security incident' Exclusive  HCRG Care Group, a private health and social services provider, has seemingly fallen victim to the Medusa ransomware gang, which is threatening to leak what's claimed to be stolen internal records unless a substantial ransom is paid.…
- Legit Security Blog: Medusa ransomware gang demands $2M from UK private health services provider
@www.maine.gov
//
American Addiction Centers, a substance abuse treatment provider, has confirmed a significant data breach impacting 422,424 individuals. The breach, which occurred in September, involved unauthorized access to internal servers, leading to the exfiltration of sensitive personal information. This incident was initially reported to have affected 410,747 people, but the total number of impacted individuals was later revised upwards. The compromised data includes names, birthdates, phone numbers, email addresses, Social Security numbers, medical record numbers, and health insurance details.
The breach is believed to be linked to the Rhysida ransomware operation, which claimed to have exfiltrated approximately 2.8 TB of data. Following unsuccessful extortion attempts, the ransomware group leaked much of the stolen data. American Addiction Centers has notified affected individuals and offered identity theft protection services through Transunion/CyberScout for 12 months, while also confirming that no payment card or treatment data were impacted in the attack.
Recommended read:
References :
- www.scworld.com: Toll of American Addiction Centers hack surpasses 422K
- thecyberexpress.com: 422,000+ Impacted in American Addiction Centers Cybersecurity Incident
- osint10x.com: Nearly half a million people had data stolen after cyberattack on American Addiction Centers
- therecord.media: A September ransomware attack on American Addiction Centers exposed the sensitive healthcare information of more than 400,000 people
@www.bleepingcomputer.com
//
Hospital Sisters Health System (HSHS) has notified over 882,000 patients about a significant data breach stemming from a cyberattack in August 2023. The breach exposed the personal and health information of these individuals, raising concerns about data security within the healthcare sector. HSHS, established in 1875, operates a network of 15 local hospitals across Illinois and Wisconsin and works with over 2,200 physicians.
The health system discovered the security breach on August 27, 2023, after detecting unauthorized access to its network. Following the discovery, HSHS initiated an investigation to assess the scope and impact of the incident. The notification sent to patients confirmed that the cyberattack led to the compromise of their personal data, emphasizing the importance of vigilance regarding potential misuse of the exposed information.
Recommended read:
References :
- BleepingComputer: Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information.
- securityaffairs.com: The cyberattack on Hospital Sisters Health System in 2023 compromised the personal information of 883,000 individuals.
- www.bleepingcomputer.com: US health system notifies 882,000 patients of August 2023 breach
- BleepingComputer: Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information.
- Anonymous ???????? :af:: Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information.
- BleepingComputer: Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach.
CISO2CISO Editor 2@ciso2ciso.com
//
Community Health Center (CHC), a major healthcare provider in Connecticut, has announced a significant data breach impacting over 1 million patients. The organization, which offers primary care, dental, behavioral health, and specialty services, discovered the breach on January 2nd, 2025, revealing that threat actors had gained unauthorized access to their network in mid-October 2024. This cyberattack has resulted in the exposure of sensitive patient data, including names, birth dates, contact details, diagnoses, treatments, test results, Social Security numbers, and health insurance information. The healthcare provider has begun notifying the affected patients.
The breach was reportedly carried out by a skilled cybercriminal, according to CHC. The notification to patients stated that while the hackers did not delete or lock any data, they were able to steal a significant amount of information. CHC also clarified that the criminal's actions did not impact their daily operations and access to their systems was quickly cut off within hours. CHC has taken action by enhancing its security measures and implementing monitoring software. They also assured patients that there is no evidence to suggest any data has been misused.
Recommended read:
References :
- ciso2ciso.com: Community Health Center data breach impacted over 1 million patients – Source: securityaffairs.com
- BleepingComputer: Community Health Center (CHC), a leading Connecticut healthcare provider, is notifying over 1 million patients that their personal and health information was stolen in an October breach -
- securityaffairs.com: Community Health Center data breach impacted over 1 million patients
- www.bleepingcomputer.com: Community Health Center (CHC), a leading Connecticut healthcare provider, is notifying over 1 million patients that their personal and health information was stolen in an October breach
- ciso2ciso.com: Community Health Center data breach impacted over 1 million patients – Source: securityaffairs.com
- ciso2ciso.com: Hundreds of Thousands Hit by Data Breaches at Healthcare Firms in Colorado, North Carolina – Source: www.securityweek.com
- ciso2ciso.com: Hundreds of Thousands Hit by Data Breaches at Healthcare Firms in Colorado, North Carolina
|
|
FlagThis - #Healthcare