The number of people affected by a Tennessee cardiac care clinic hack has more than doubled to 411,000 since the healthcare group first reported the incident to regulators in July. Cybercriminal group Karakurt claimed responsibility for the attack, which has so far triggered five class action suits.
Federal authorities are warning healthcare organizations and the public health sector of threats involving NoEscape, a relatively new multi-extortion ransomware-as-a-service group believed to be a successor to the defunct Russian-speaking Avaddon gang.
In the latest weekly update, Ari Redbord, head of legal and government affairs at TRM Labs, joined ISMG editors to discuss: how Hamas is using crypto to finance operations, the latest illicit activities by North Korean actors, and how the trial of FTX's Sam Bankman-Fried could impact the industry.
The violent surprise attack on Israel by Hamas and the region's escalating war spotlights the critical importance of situational awareness, and especially for healthcare organizations that rely on medical or tech products from Israeli technology firms, said Denise Anderson, president of the H-ISAC.
Cloud compromises and supply chain attacks are overshadowing ransomware as the top cyberthreats worrying healthcare sector organizations - but all such incidents are still viewed as significant risks to patient outcomes and safety, said Ryan Witt of Proofpoint, citing new research findings.
A recent attack by a Russian ransomware-as-a-service group that stole the personal information of 2.5 million patients of McLaren Health Care has triggered at least three proposed federal class action lawsuits in recent days, claiming the healthcare company failed to protect patient privacy.
Firms using large language models that power gen AI-powered tools must consider security and privacy aspects such as data access, output monitoring and model security before jumping on the bandwagon, said Troy Leach of Cloud Security Alliance. "Everything is going to be AI as a service," Leach predicted.
Genetics testing firm 23andMe is investigating a data leak of ancestry DNA information for certain customers whose usernames and passwords were previously hacked on other websites. The company suspects a massive credential stuffing attack on individual accounts using recycled passwords and no MFA.
Israeli intelligence is considered one of the best, yet it failed to anticipate a major attack launched by Hamas over the weekend. Harvard professor Chuck Freilich said this oversight has had a profound impact on the Israeli people, "shattering what was very deep faith in the intelligence agencies."
The use of generative AI is being "highly explored" in healthcare and has great promise for a variety of applications, but it needs to be scrutinized closely, said Erik Decker, vice president and CISO of Intermountain Health and a cybersecurity adviser to the federal government.
Being an independent firm under TPG's ownership will allow Forcepoint G2CI to invest in defense-grade cyber tools such as insider threats and content disarm and reconstruction. Separating Forcepoint's government security practice will allow it to focus on secure remote access to classified networks.
Revenue cycle management firm Arietis Health is notifying the patients of 55 healthcare practices across several states that their sensitive information has been potentially compromised in a hack of Progress Software's MOVEit file transfer application. What can entities learn from these breaches?
South Korean national intelligence has sounded alarms about North Korean hackers targeting the country's shipbuilding industry to steal naval military secrets. The agency said the hacks are part of North Korean leader Kim Jong Un's strategy to build larger, more advanced warships.
Ransomware-as-a-service gang Alphv/BlackCat claims to have stolen 6 terabytes of data on 2.5 million patients in a recent attack on Michigan-based McLaren Health Care, which operates 13 hospitals and a network of cancer centers. The incident is part of the group's rash of recent attacks.
An August cyberattack on a national hospital chain may make medical care in underserved areas of Connecticut even harder to obtain now that a would-be buyer said it's having second thoughts about going through with the deal. The Rhysida group claimed responsibility for an attack on Prospect Medical.