Department of Health and Human Services (HHS) – Page 2

Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing

Posted on May 11, 2021 by Tim Starks

Colonial Pipeline didn’t notify the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency of its ransomware incident, and CISA still didn’t have technical details about the attack as of Tuesday morning, the agency’s top official told senators. Acting director Brandon Wales also said he didn’t think Colonial would have reached out to CISA if the FBI hadn’t alerted his agency, he said in testimony before the Homeland Security and Governmental Affairs Committee. That exchange — and others over the course of a hearing that touched on several major recent security incidents — served as yet another reminder that despite the constant drumbeat for improved cybersecurity information sharing between industry and government, it still doesn’t happen fully in even some of the most dire circumstances. “This is potentially the most substantial and damaging attack on U.S. critical infrastructure ever,” said Ohio Sen. Rob Portman, the top Republican on the panel, in […]

The post Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing appeared first on CyberScoop.

Continue reading Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing→

Health insurer Excellus penalized $5.1M by HHS for data breach

Posted on January 19, 2021 by Joe Warminsky

The Department of Health and Human Services says New York health insurer Excellus has agreed to pay a multimillion-dollar penalty after a data breach exposed sensitive information about more than 9 million people between late 2013 and May 2015. The $5.1 million fine is for violations of privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA), according to the department’s Office for Civil Rights (OCR). The incident stemmed from a hack against Excellus’ systems during an era that featured well-publicized attacks on corporations such as Target, Sony and Home Depot. Years later, health data remains a ripe target for cybercriminals, particularly ransomware gangs. U.S. federal agencies warned about an “imminent” ransomware threat in October 2020. The OCR said the breached data included names, addresses, dates of birth, email addresses, Social Security numbers, bank account information, health plan claims and clinical treatment information. “The hackers installed malware […]

The post Health insurer Excellus penalized $5.1M by HHS for data breach appeared first on CyberScoop.

Continue reading Health insurer Excellus penalized $5.1M by HHS for data breach→

Health sector mobilizes defenses following Ryuk ransomware warning

Posted on October 29, 2020 by Sean Lyngaas

A day after U.S. federal agencies warned of an “imminent” ransomware threat to hospitals, it’s an all-hands-on deck mentality for a health sector already strained by the coronavirus pandemic. Private threat briefings are being held for hospital executives, federal officials are appealing for more data on the cybercriminals and hospitals are hardening their computer networks. The defensive measures follow an advisory Wednesday from the FBI and departments of Homeland Security and Health and Human Services that cybercriminals were deploying Ryuk ransomware to disrupt IT networks and extort hospitals. It was a stark warning, even for a health care sector accustomed to pandemic-era cyberattacks: Medical organizations are being singled out by capable crooks. While the federal agencies did not name victim organizations, the announcement coincided with suspected ransomware attacks this week on hospitals in New York, Oregon and Vermont, and perhaps other states. The American Hospital Association, which includes 5,000 health […]

The post Health sector mobilizes defenses following Ryuk ransomware warning appeared first on CyberScoop.

Continue reading Health sector mobilizes defenses following Ryuk ransomware warning→

How the government is keeping hackers from disrupting coronavirus vaccine research

Posted on September 8, 2020 by Shannon Vavra

Six months ago, as professional sports were postponed indefinitely, schools were shuttering, Tom Hanks was the poster boy for COVID-19, and President Donald Trump addressed a nervous nation, people at the highest levels of the U.S. government became laser-focused on one idea: Coronavirus vaccine research needed to be defended from hacking attempts. Soon after the World Health Organization declared a pandemic, the Pentagon’s Defense Digital Service and the National Security Agency got to work on a behind-the-scenes protection mission for “Operation Warp Speed,” the U.S. government program responsible for producing 300 million coronavirus vaccine doses by January 2021. Known as the Security and Assurance portion of Operation Warp Speed, the mission is no small effort. Consisting of people from DDS, NSA, FBI, the Department of Homeland Security and the Department of Health and Human Services, it has been running behind the scenes for months, and is being detailed here for the first time. […]

The post How the government is keeping hackers from disrupting coronavirus vaccine research appeared first on CyberScoop.

Continue reading How the government is keeping hackers from disrupting coronavirus vaccine research→

US cyber officials try to channel Liam Neeson in responding to coronavirus threats

Posted on June 24, 2020 by Sean Lyngaas

In early March, as the novel coronavirus swept through the U.S., the Department of Homeland Security’s cybersecurity wing quietly began an initiative that would single out the critical government and private-sector organizations that needed protection from spies and criminals during the pandemic. The list of essential organizations would include U.S. labs working on a vaccine, pharmaceutical firms researching virus treatments and a constellation of equipment suppliers with global supply chains. The initiative turned into something U.S. officials call Project Taken — a multi-agency effort to protect U.S. vaccine research and other data from hacking and infiltration. “We really need to identify the parts of the United States government and industry that are going to get us through this COVID crisis,” recalled Bryan S. Ware, assistant director at DHS’s Cybersecurity and Infrastructure Security Agency. “And we need to prioritize … our capabilities and our outreach to those entities.” While other parts of the […]

The post US cyber officials try to channel Liam Neeson in responding to coronavirus threats appeared first on CyberScoop.

Continue reading US cyber officials try to channel Liam Neeson in responding to coronavirus threats→

Volunteer cybersecurity pros say they’ve stymied hacks against health care organizations

Posted on April 21, 2020 by Sean Lyngaas

A volunteer group of cybersecurity professionals formed to protect computer networks during the coronavirus pandemic says it has helped dismantle nearly 3,000 malicious internet domains and identified more than a 2,000 software vulnerabilities in health care institutions around the world. “The threats are coming in like a firehose; as fast as we can take things down, there are new [threats] there,” said Marc Rogers, who is an executive with cybersecurity company Okta and one of the founders of the volunteer group. Known as the Cyber Threat Intelligence (CTI) League, the group’s membership has soared from a few dozen since its founding last month to some 1,400 people in 76 countries today. Security specialists from technology giants like Microsoft are members, and the group says it has formed close connections with law enforcement agencies. Their services are in high demand as health care organizations strain to deal with COVID-19, which has killed more […]

The post Volunteer cybersecurity pros say they’ve stymied hacks against health care organizations appeared first on CyberScoop.

Continue reading Volunteer cybersecurity pros say they’ve stymied hacks against health care organizations→

Security pros helped HHS fix a website flaw that exposed visitors to malware

Posted on March 24, 2020 by Sean Lyngaas

As if the Department of Health and Human Services didn’t have enough to deal with during the coronavirus pandemic, it looks like hackers were trying to redirect people trying to visit a department website to a malicious domain designed to steal their data. By sending phishing messages that sent recipients from a Health and Human Services website to a malicious one, scammers tried compromising people with malicious software capable of capturing credit card data and email credentials. The attempted attack coincided with a surge in attention around the department, as Americans seek guidance amid the COVID-19 outbreak. The malicious “redirect,” as the trick is called, no longer exists after a group of volunteer cybersecurity experts worked with HHS to address it. It is unclear how many devices, if any, were compromised as a result of the activity. It was only the latest effort by digital miscreants to capitalize on international concerns about the pandemic. “The believability that it […]

The post Security pros helped HHS fix a website flaw that exposed visitors to malware appeared first on CyberScoop.

Continue reading Security pros helped HHS fix a website flaw that exposed visitors to malware→

All hands on deck: Infosec volunteers to protect medical organizations during COVID-19 crisis

Posted on March 20, 2020 by Sean Lyngaas

Hackers crossed a line last week when they struck the computer network of the Czech Republic’s second largest hospital as it was testing people for the novel coronavirus. Former White House and British intelligence officials condemned the cyberattack. It is the sort of digital depravity that U.S. prosecutors have vowed to crack down on during the COVID-19 pandemic. It was also a tipping point for Ohad Zaidenberg, an Israel-based cyberthreat researcher. “If anyone is sick enough to use this global crisis to conduct cyberattacks, we need to try to stop them,” he said. And so Zaidenberg stepped up his effort to assemble an ad-hoc group of malware hunters to gather data on COVID-19-related hacking. By day, they are cybersecurity professionals at well-known companies in Israel, Europe, and North America. By night, they are sending threat data to health organizations and those in other sectors enlisting in the fight against the pandemic. It’s still a nascent project: there are […]

The post All hands on deck: Infosec volunteers to protect medical organizations during COVID-19 crisis appeared first on CyberScoop.

Continue reading All hands on deck: Infosec volunteers to protect medical organizations during COVID-19 crisis→

HHS dealing with cyber-incident in midst of COVID-19 outreach

Posted on March 16, 2020 by Greg Otto

The Department of Health and Human Services was the target of an attempted cyberattack, a source with knowledge of the matter tells CyberScoop. HHS saw an increase in traffic against its systems as the department continues to respond to the novel coronavirus outbreak. Signs pointed, at most, to a failed distributed denial-of-service attack, a source told CyberScoop. Bloomberg News was first to report on the incident. The attempted attack does not appear to have taken any systems offline. A source told Bloomberg that no data appears to have been stolen. The Department of Homeland Security is looking into the matter, a source told CyberScoop. The National Security Agency referred questions to HHS and DHS. HHS did not return requests for comment. News of the attack comes as the National Security Council tweeted Sunday that rumors spreading online about a nationally-mandated quarantine are false. It is unclear if the tweet is related to the incident at […]

The post HHS dealing with cyber-incident in midst of COVID-19 outreach appeared first on CyberScoop.

Continue reading HHS dealing with cyber-incident in midst of COVID-19 outreach→

Senate investigation finds agencies ‘unprepared’ to protect Americans’ data

Posted on June 25, 2019 by Sean Lyngaas

Federal agencies are “failing to implement basic cybersecurity standards” needed to protect Americans’ personal data and keep the nation’s secrets safe from hackers, a Senate investigation has concluded. The report, which drew on 10 years’ worth of inspector general reports at eight agencies, paints a picture of persistent neglect of standard network defense measures. It comes more than four years after the breach of the Office of Personnel Management, in which alleged Chinese hackers stole sensitive personal data on 22 million current and former federal employees. Lessons from that sweeping compromise of American security clearances still haven’t been heeded, according to the report from the Senate Committee on Homeland Security and Government Affairs’ Permanent Subcommittee on Investigations. “Despite major data breaches like OPM, the federal government remains unprepared to confront the dynamic cyberthreats of today,” laments the report, which covered the departments of Agriculture, Education, Health and Human Services, Homeland […]

The post Senate investigation finds agencies ‘unprepared’ to protect Americans’ data appeared first on CyberScoop.

Continue reading Senate investigation finds agencies ‘unprepared’ to protect Americans’ data→