Ransomware attack hits US hospitals, a Canadian insurer is sideswiped by MOVEit hacks, and more.
Welcome to Cyber Security Today. It’s Monday, August 7th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Today is a civic holiday in much of Canada, so if you’re listening I hope you’re having a great long weekend.
I’ve been away for a week, so this podcast is probably longer than usual.
The FBI is investigating a ransomware attack against a U.S. healthcare company with 16 hospitals and even more clinics in four states. The attack on Prospect Medical Holdings on Thursday forced the cancellation of some elective surgeries and the closing of some emergency departments.
According to BlackBerry’s recent quarterly threat intelligence report, the healthcare and financial services sectors were the most targeted industries among its customers in the second quarter.
Separately, researchers at Rapid7 released a report saying the network-connected infusion pumps discarded by hospitals and being sold on eBay have a lot of information in memory that’s useful to crooks willing to spend a few hundred dollars for hacking equipment. What could they get? Device Wi-Fi passwords and Active Directory passwords. The lesson: Before discarding network-connected devices hospitals should turn them over to IT departments to make sure all data is purged.
While I’m on the subject, if you have a home or business printer that connects by Wi-Fi make sure its settings are wiped before discarding the devices. Canon says data stored in the memory of some of its inkjet printers might not be deleted by a factory reset. The trick for these Canon printers is to reset the settings, enable the wireless network, and then reset settings again.
Another Canadian company has been sideswiped by the theft of data from organizations using the MOVEit file transfer utility. The news site Noovo reports that a Quebec-based insurance company called Beneva is telling some of its customers their data was copied when the MOVEit server of accounting firm EY was hacked. Beneva told the news site that less than one per cent of its 3.5 million Canadian customers were were affected. That would be about 30,000 people.
Another recent third-party MOVEit victim was the state of Oregon’s Health Plan, which uses the services of a medical provider Performance Health Technology. PH Tech said last week it was victimized. Right after that Oregon Health Plan said the information of 1.7 million residents was part of that hack.
Also admitting last week it was a third-party victim was U.S. government contractor called Serco. The personal information of over 10,000 people was stolen when the MOVEit server of its benefits administrator, a company called CBIZ, was hacked.
The Clop ransomware gang discovered and exploited the MOVEit vulnerability. According to the most recent numbers compiled by researchers at Emsisoft, 597 organizations around the world that use MOVEit have been victimized.
More on the MOVEit attacks: Bleeping Computer reports that the Clop ransomware gang is using peer-to-peer torrents sites to leak stolen MOVEit data as a way to pressure victim firms into paying up. It had been leaking through a Tor site, but for those trying to download the data to see if it’s genuine the process is slow. A torrent site offers faster speed.
Thirteen years of data of students who attended public schools, colleges and universities in Colorado before 2021 was stolen in a June ransomware attack. That’s according to Colorado’s Department of Higher Education. In addition, data on some teachers and people who enrolled in adult education programs between 2013 and 2017 were also copied.
Ivanti has discovered another vulnerability in its Endpoint Manager Mobile (EPMM) application, formerly known as MobileIron Core. That’s the third in less than two weeks. Network administrators with this application in their environments need to be on their toes.
Poor password practices were involved in over 60 per cent of compromises of Google services in the first quarter. That’s according to Google’s August Threat Horizons report. Issues included applications with leaked, weak or no passwords. In addition, 19 per cent of compromises also involved misconfiguration of apps. Listeners, these are successful attacks that could have easily been prevented.
Georgia’s Cambridge College says personal data including names and Social Security numbers of over 30,000 people was compromised in data breach earlier this year.
Lazarus Naturals, a U.S. seller of hemp-based oils and products, says data of 40,000 customers was stolen after its e-commerce website was hacked.
American retirement plan consulting firm Loren Stark says data on over 51,000 clients was stolen in a data breach last October. It is notifying people now because the investigation wrapped up in June.
Finally, Microsoft has fixed a hole in its Power Platform, used to create Power Apps. The vulnerability could have allowed an attacker to get unauthorized access through Azure to cloud applications. The problem was discovered by researchers at Tenable.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon