‘Unprecedented’ hospital system breach disrupts healthcare services


Welcome to Cybersecurity 202! Two developments worth noting in the coming days: First, we won’t post on Friday and will be back on Monday. Second, I’m about to take my first real (albeit relatively short) vacation since the pandemic began, so look for some guests who will be driving the ship while I’m away.

Below: The judicial system has been very busy about data breaches lately, and federal agencies are clearing the picture of the midterm election threat. But first:

The IT security incident hits a ‘huge’ hospital chain, a sector where the risks are high

The second-largest US nonprofit hospital chain is dealing with a cybersecurity incident this week that affected facilities across the country, forcing ambulance diversions, system shutdowns, and rescheduling of patient appointments.

CommonSpirit Health has yet to provide specific details about what happened. The chain says it has 140 hospitals and more than 1,000 care sites in 21 states. Facilities in Iowa, Nebraska, Tennessee, and Washington were among those that suffered from the unrest.

One expert described the incident as exceptional for the United States. Cybersecurity risks in the healthcare sector can mean a potential threat to life.

  • “The scale is perhaps unprecedented in relation to the healthcare sector,” Brit Callo, a threat analyst at cybersecurity firm Emsisoft, told me. He said CommonSpirit is “quite huge”.

On Tuesday, CommonSpirit Health published a statement regarding the incident, which went public on Monday and began gaining wider attention on Wednesday.

  • “CommonSpirit Health is managing an IT security issue affecting some of our facilities. As a precautionary step, we have taken certain IT systems offline, which may include Electronic Health Record (EHR) and other systems,” the original online statement said. “Our facilities follow current protocols for system outages and are taking steps to minimize such outages.”

revised statement Wednesday ruled out some of those details.

The chain declined to comment further, but signs point to a ransomware attack, during which hackers encrypt the victim’s systems and demand payment to unlock them. Twitter security researcher Kevin BeaumontArcadia Group Head of Security Operations (“IR” stands for “Incident Response”):

Some ransomware gangs have vowed to attack hospitals At the height of the pandemic, Callow noted, however, that ransomware affiliates using their malware in exchange for handing out a share of the profits showed no such restraint.

Among the consequences of the CommonSpirit Health incident:

  • Besides taking some IT systems and records offline, CommonSpirit Health said “we’ve rescheduled some patient appointments.”
  • The Des Moines Register reported that MercyOne Des Moines Medical Center had Ambulances changed direction “for a short time”.
  • Many CHI Health Facilities in Omaha impressedthe Omaha World Herald reported.
  • CHI Memorial Hospital in Chattanooga, Tenn. Problems have been reported Identical to a CommonSpirit Health statement, according to Chattanoogan.
  • In Washington, St. Michael’s Medical Center Delaying critical actions – Including a CT scan to check for bleeding in the brain – Tell patients and families Kitsap Sun. In other parts of the state, Health care workers said The Tacoma News Tribune reported that “the disturbance had a serious impact on normal functions such as charting, reporting lab results, collecting history, obtaining records of allergy information and more.”

“In general, these types of … attacks occur in all different types of organizations in each of the different critical infrastructure sectors,” Errol WeissHe told me, the chief security officer of the Health Clearinghouse and Analysis Center, in an interview in which he was careful not to talk about CommonSpirit Health specifically. “But when it hits hospitals and it affects patient care, it creates events that are worth reporting within the community, and they start impacting people’s lives and people get noticed.”

There have been two reports that cyberattacks on hospitals have claimed people’s lives.

In perhaps the most extensive cyber incidents in hospitals outside the United States, The massive WannaCry ransomware attack that affected 150 countries crippled the UK health system. The 2017 incident disrupted 80 hospitals, led to 19,000 appointments being canceled and costing more than $100 million.

Typically when there’s a major incident affecting the healthcare sector, Weiss said, his organization gets to work.

“We have an impressive network of healthcare organizations actively sharing information with each other, including compromise indicators and TTPs (tactics, techniques, and procedures) from this type of attack,” he said. “The whole idea is to be able to find out what’s going on from other organizations and use that information to better protect your information, or research to see if you would be affected by this attack.”

The American Hospital Association’s national advisor on cybersecurity and risk — who also made an effort not to comment on CommonSpirit Health — said it was important for hospitals to have a plan in place for when an attack occurred.

“In general, what we advise our members to do, should they experience a cyber attack that disrupts hospital and/or clinical care functions: discontinuation measures should be in place to compensate for the lack of access to electronic health records and other medical technology that may become unavailable,” John Reggie tell me.

Outside of that, the healthcare sector needs help from law enforcement to track down and punish perpetrators, Reggie said something that the government in general and the FBI have adhered to specifically.

Ex-Uber security chief convicted over 2016 breach

A federal jury found on Wednesday that Uber’s former chief security officer, Joe Sullivanguilty of obstruction of justice and concealment of a felony after authorizing payment to the hackers behind a 2016 breach of the ride-sharing service.

The ruling ended a tragic case that pitted Sullivan, the prominent security expert who was the early cybercrime attorney general in the San Francisco District Attorney’s Office, against his former government office. In between the hackers being prosecuted and prosecuted, Sullivan served as chief security officer for Facebook, Uber, and Cloudflare,” Joseph Min reports from the Washington Post.

It also came as a surprise to many security professionals. The judge has not set a date for Sullivan’s ruling.

No prison for Seattle hacker behind historic Capital One data breach

Former tech worker in Seattle He was convicted of several charges It stems from a massive attack on Capital One Bank and more than 30 other companies He was sentenced on Wednesday To the time he served and five years probationary, Seattle TimesRenata Giraldo reports.

Big ThompsonShe was arrested in July 2019 after she downloaded personal data from more than 100 million Capital One users, causing more than $250 million in damages. She remained in prison until November of that year.

At sentencing hearing, US District Court judge Robert Lasnik He said extra time in prison It will be especially difficult to Thompson for her well-documented mental health issues and transgender status.

American lawyer Nick Brown He said he was “extremely disappointed” with the ruling, adding that his office had asked the court to impose a seven-year prison sentence against the former Amazon software engineer behind one of the largest data breaches in US history. “That’s not what justice looks like,” Brown said in a statement.

Thompson has previously argued that she did not misuse the data she obtained.. Instead, it was trying to collect a bounty for discovering vulnerabilities in the systems of the companies it hacked into. In 2020, Capital One agreed to pay $80 million to settle allegations that federal bank regulators lack the security measures they need to protect customer information. The company later reached $190 million Settlement with affected customers.

Election Software Company CEO Arrested

The authorities arrested Eugene Yufounder of Connick, Michigan Election Software, on suspicion of stealing the personal information of hundreds of Los Angeles County poll workers, The News agency Reports.

Prosecutors allege that Konnech stored data on servers in China, in violation of requirements to retain information collected under contract in the United States. The company denied the charges.

“We continue to confirm the details of what we believe to be Mr Yu’s unlawful detention by Los Angeles County authorities,” Konic said in a statement. “Any data of a Los Angeles County poll worker that may have been owned by Konnick has been provided to it by Los Angeles County and therefore cannot be ‘stolen’ as suggested.”

The election deniers who surrounded the company rejoicedHowever, prosecutors said Yu’s actions did not affect the election results.

Senior officials are ‘confident’ that US voting systems can thwart malicious cyberattacks

With less than a month left before the midterm elections, the FBI Cyber ​​Security and Infrastructure Security Agency Are sure that any attempts to manipulate the sounds These will be identified and stopped before any widespread disruptions occur.

“Given the extensive safeguards in place and the distributed nature of the election infrastructure, the FBI and CISA continue to assess that attempts at large-scale vote manipulation would be difficult to conduct undetected.” Agencies said in a joint announcement Wednesday.

Agencies added itTo their knowledge, there has not been a successful hack of any election in the United States that prevented anyone from casting their vote or harmed the integrity of their vote.

While agencies expressed confidence that US voting systems are safe and securesenior government officials warned earlier this week that there are, concerted effort by foreign enemies from countries such as China, Russia, and Iran to seize Americans’ suspicions about the election system itself. “In particular, we are concerned that malicious cyber actors may seek to spread or amplify false or exaggerated claims by compromising election infrastructure,” an FBI official said at a news briefing. The Voice of AmericaJeff Selden.

White House seeks advice on developing cyber workforce (Nextgov)

Russian-speaking hackers hack US government websites offline | CNN Politics (CNN)

Popular censorship circumvention tools face a new siege by China (TechCrunch)

How one group of memes win the war in support of Ukraine (CyberScoop)

Lloyd’s of London is investigating a possible cyber attack (Reuters)

  • FS-ISAC He carries FinCyber ​​Today summit in Scottsdale, Arizona, from October 10 through October 12.

Thanks for reading. See you next week.


Leave a Reply

Your email address will not be published. Required fields are marked *